Merge pull request #633 from karelyatin/OSPRH-6499

[edpm_neutron_ovn] Add certs to container if tls enabled
openstack-k8s-operators · Apr 23, 2024 · ad5d088 · ad5d088
2 parents d5c4983 + 2975f47
commit ad5d088
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/roles/edpm_neutron_ovn/defaults/main.yml b/roles/edpm_neutron_ovn/defaults/main.yml
@@ -19,6 +19,14 @@ edpm_neutron_ovn_common_volumes:
   - /var/log/containers/neutron:/var/log/neutron:z
   - /var/lib/kolla/config_files/ovn_agent.json:/var/lib/kolla/config_files/config.json:ro
 
+edpm_neutron_ovn_tls_enabled: "{{ edpm_tls_certs_enabled | default(False) }}"
+edpm_neutron_ovn_tls_ca_src_dir: "/var/lib/openstack/cacerts/{{ edpm_service_name | default('neutron-ovn') }}"
+edpm_neutron_ovn_tls_volumes:
+  - "/var/lib/openstack/certs/{{ edpm_service_name | default('neutron-ovn') }}/ca.crt:/etc/pki/tls/certs/ovndbca.crt:ro,z"
+  - "/var/lib/openstack/certs/{{ edpm_service_name | default('neutron-ovn') }}/tls.crt:/etc/pki/tls/certs/ovndb.crt:ro,z"
+  - "/var/lib/openstack/certs/{{ edpm_service_name | default('neutron-ovn') }}/tls.key:/etc/pki/tls/private/ovndb.key:ro,Z"
+  - "{{ edpm_neutron_ovn_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z"
+
 # Neutron conf
 # DEFAULT
 edpm_neutron_ovn_agent_DEFAULT_host: '{{ ansible_facts["nodename"] }}'  # also in missing vars

diff --git a/roles/edpm_neutron_ovn/meta/argument_specs.yml b/roles/edpm_neutron_ovn/meta/argument_specs.yml
@@ -88,6 +88,11 @@ argument_specs:
           - /var/lib/kolla/config_files/ovn_agent.json:/var/lib/kolla/config_files/config.json:ro
         description: Volume mounts for Neutron OVN agent
         type: list
+      edpm_neutron_ovn_tls_enabled:
+        default: false
+        description: >
+          Should TLS certs and cacerts be configured for neutron ovn agent
+        type: bool
       edpm_neutron_ovn_agent_config_src:
         default: "/var/lib/openstack/configs/neutron-ovn"
         description: |

diff --git a/roles/edpm_neutron_ovn/templates/ovn_agent.yaml.j2 b/roles/edpm_neutron_ovn/templates/ovn_agent.yaml.j2
@@ -11,6 +11,11 @@ volumes:
   {%- set edpm_neutron_ovn_volumes =
           edpm_neutron_ovn_volumes +
           edpm_neutron_ovn_common_volumes %}
+{%- if edpm_neutron_ovn_tls_enabled | bool %}
+{%- set edpm_neutron_ovn_volumes =
+        edpm_neutron_ovn_volumes +
+        edpm_neutron_ovn_tls_volumes %}
+{%- endif -%}
   {{ edpm_neutron_ovn_volumes }}
 environment:
   KOLLA_CONFIG_STRATEGY: COPY_ALWAYS