Merge pull request #797 from yadneshk/fix_ceilometer_ipmi_tls

Fix certificate paths for ceilometer ipmi
openstack-k8s-operators · Oct 31, 2024 · 6f2a086 · 6f2a086
2 parents c9bd6f6 + 0a60bcf
commit 6f2a086
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 13 deletions.
diff --git a/roles/edpm_telemetry_power_monitoring/defaults/main.yml b/roles/edpm_telemetry_power_monitoring/defaults/main.yml
@@ -17,9 +17,9 @@
 
 # All variables intended for modification should be placed in this file.
 # Service name this role manages
-edpm_telemetry_service_name: telemetry_power_monitoring
+edpm_telemetry_service_name: telemetry-power-monitoring
 # Directory in the ansibleEE container
-edpm_telemetry_config_src: "/var/lib/openstack/configs/telemetry-power-monitoring"
+edpm_telemetry_config_src: "/var/lib/openstack/configs/{{ edpm_telemetry_service_name }}"
 # Directory in the compute node
 edpm_telemetry_config_dest: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}"
 # Image to use for Ceilometer Ipmi

diff --git a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml
@@ -88,16 +88,6 @@
     remote_src: "{{ telemetry_test | default('false') }}"
   loop: "{{ configs }}"
 
-- name: Add the config templates
-  ansible.builtin.template:
-    src: "{{ item }}"
-    dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
-    mode: 0644
-  with_fileglob:
-    - ../templates/*.j2
-  vars:
-    ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}"
-
 - name: Check that tls.crt exists
   ansible.builtin.stat:
     path: "{{ edpm_telemetry_certs }}/tls.crt"
@@ -108,6 +98,17 @@
     path: "{{ edpm_telemetry_certs }}/tls.key"
   register: tls_key_stat
 
+- name: Render container config templates
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+    mode: 0644
+  with_fileglob:
+    - ../templates/*.j2
+  vars:
+    ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}"
+    tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}"
+
 - name: Configure tls if present
   when:
     - tls_crt_stat.stat.exists and tls_key_stat.stat.exists

diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2
@@ -3,6 +3,7 @@
     "user": "ceilometer",
     "restart": "always",
     "command": "kolla_start",
+    "security_opt": "label:type:ceilometer_polling_t",
     "privileged": "true",
     "net": "host",
     "environment": {
@@ -18,7 +19,6 @@
     "volumes": [
         "{{ edpm_telemetry_config_dest }}:/var/lib/openstack/config/:z",
         "{{ edpm_telemetry_config_dest }}/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:z",
-        "/run/libvirt:/run/libvirt:shared,ro",
         "/etc/hosts:/etc/hosts:ro",
         "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro",
         "/etc/localtime:/etc/localtime:ro",