Correct internal tracing server cert name

We have instructed zuul to connect to tracing.opendev.org, but
we are generating a certificate using opendev-ca with
S=tracing01.opendev.org.  Update the certificate with the correct
subject.

This also corrects the opendev-ca role which assumed that the cert
filename would always be inventory_hostname.

Change-Id: I9b6b0534f058d386e01910bb7efc30312f3d72ad
changes/54/859654/2
James E. Blair 2 months ago
parent 7689c561f2
commit 8492420407
  1. 1
      playbooks/roles/jaeger/tasks/main.yaml
  2. 6
      playbooks/roles/opendev-ca/tasks/main.yaml

@ -37,6 +37,7 @@
name: opendev-ca
vars:
opendev_ca_name: jaeger
opendev_ca_server: "tracing.opendev.org"
opendev_ca_cert_dir: /var/jaeger/tls
opendev_ca_cert_dir_owner: "{{ jaeger_user }}"
opendev_ca_cert_dir_group: "{{ jaeger_group }}"

@ -35,15 +35,15 @@
- name: Copy TLS cert into place
copy:
src: "{{ opendev_ca_root }}/certs/{{ inventory_hostname }}.pem"
src: "{{ opendev_ca_root }}/certs/{{ opendev_ca_server }}.pem"
dest: "{{ opendev_ca_cert_dir }}/certs/cert.pem"
- name: Copy TLS key into place
copy:
src: "{{ opendev_ca_root }}/keys/{{ inventory_hostname }}key.pem"
src: "{{ opendev_ca_root }}/keys/{{ opendev_ca_server }}key.pem"
dest: "{{ opendev_ca_cert_dir }}/keys/key.pem"
- name: Copy TLS keystore into place
copy:
src: "{{ opendev_ca_root }}/keystores/{{ inventory_hostname }}.pem"
src: "{{ opendev_ca_root }}/keystores/{{ opendev_ca_server }}.pem"
dest: "{{ opendev_ca_cert_dir }}/keys/keystore.pem"

Loading…
Cancel
Save