From 0a60bcfc3292b38f115ae70acc987f62177d4559 Mon Sep 17 00:00:00 2001 From: Yadnesh Kulkarni Date: Wed, 30 Oct 2024 09:33:08 -0400 Subject: [PATCH] Fix certificate paths for ceilometer ipmi --- .../defaults/main.yml | 4 ++-- .../tasks/configure.yml | 21 ++++++++++--------- .../templates/ceilometer_agent_ipmi.json.j2 | 2 +- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/roles/edpm_telemetry_power_monitoring/defaults/main.yml b/roles/edpm_telemetry_power_monitoring/defaults/main.yml index 02245fe08..5964a45ac 100644 --- a/roles/edpm_telemetry_power_monitoring/defaults/main.yml +++ b/roles/edpm_telemetry_power_monitoring/defaults/main.yml @@ -17,9 +17,9 @@ # All variables intended for modification should be placed in this file. # Service name this role manages -edpm_telemetry_service_name: telemetry_power_monitoring +edpm_telemetry_service_name: telemetry-power-monitoring # Directory in the ansibleEE container -edpm_telemetry_config_src: "/var/lib/openstack/configs/telemetry-power-monitoring" +edpm_telemetry_config_src: "/var/lib/openstack/configs/{{ edpm_telemetry_service_name }}" # Directory in the compute node edpm_telemetry_config_dest: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" # Image to use for Ceilometer Ipmi diff --git a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml index 7d18a6c20..8c273cc6d 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml @@ -88,16 +88,6 @@ remote_src: "{{ telemetry_test | default('false') }}" loop: "{{ configs }}" -- name: Add the config templates - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - mode: 0644 - with_fileglob: - - ../templates/*.j2 - vars: - ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - - name: Check that tls.crt exists ansible.builtin.stat: path: "{{ edpm_telemetry_certs }}/tls.crt" @@ -108,6 +98,17 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat +- name: Render container config templates + ansible.builtin.template: + src: "{{ item }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" + mode: 0644 + with_fileglob: + - ../templates/*.j2 + vars: + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" + - name: Configure tls if present when: - tls_crt_stat.stat.exists and tls_key_stat.stat.exists diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 index cff22c637..8aec7b0df 100644 --- a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 +++ b/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 @@ -3,6 +3,7 @@ "user": "ceilometer", "restart": "always", "command": "kolla_start", + "security_opt": "label:type:ceilometer_polling_t", "privileged": "true", "net": "host", "environment": { @@ -18,7 +19,6 @@ "volumes": [ "{{ edpm_telemetry_config_dest }}:/var/lib/openstack/config/:z", "{{ edpm_telemetry_config_dest }}/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:z", - "/run/libvirt:/run/libvirt:shared,ro", "/etc/hosts:/etc/hosts:ro", "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", "/etc/localtime:/etc/localtime:ro",