From 56e724ad53a7c541431b8f783d9b3bce3c8f5d4c Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle@redhat.com>
Date: Wed, 18 May 2022 17:41:22 -0400
Subject: [PATCH] Fix setting volumes for internal tls

Move the configuration of the internal tls volumes into the common
tripleo_container_standalone role. The logic for adding the volumes when
internal TLS is used is now in a single location.

Updates the tripleo_keystone role to make use of the new variables from
tripleo_container_standalone.

Related-Bug: #1973863
Change-Id: I84c8c15e9e5adbc3798edf0e4ca7717527d0de47
Signed-off-by: James Slagle <jslagle@redhat.com>
---
 .../defaults/main.yml                         | 23 +++++++++++++++++--
 .../roles/tripleo_keystone/defaults/main.yml  | 12 +++-------
 .../templates/keystone.yaml.j2                | 12 +---------
 .../templates/keystone_cron.yaml.j2           | 13 +----------
 .../templates/keystone_db_sync.yaml.j2        | 13 +----------
 5 files changed, 27 insertions(+), 46 deletions(-)

diff --git a/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml
index 822853bba..529d4f97a 100644
--- a/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml
@@ -29,9 +29,9 @@ tripleo_container_standalone_kolla_config_dir: /var/lib/kolla/config_files
 # Directory for container startup configs
 tripleo_container_standalone_container_startup_config_dir: /var/lib/tripleo-config/container-startup-config
 # Hash with keys of container name and value of YAML kolla config file.
-tripleo_container_standalone_kolla_config_files : {}
+tripleo_container_standalone_kolla_config_files: {}
 # Hash with keys of container name and value of YAML container definition
-tripleo_container_standalone_container_defs : {}
+tripleo_container_standalone_container_defs: {}
 
 # List of common volumes that can be included in the template of a container
 # definition to include the most common volumes.
@@ -48,3 +48,22 @@ tripleo_container_standalone_common_volumes:
   - /dev/log:/dev/log
   # required for bootstrap_host_exec
   - /etc/puppet:/etc/puppet:ro
+
+# List of volumes included when internal tls is enabled
+tripleo_container_standalone_internal_tls_volumes:
+  - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+  - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+
+# Internal TLS vars. These vars are not prefixed with the role name as they are
+# intended to be set from other services/roles.
+tripleo_enable_internal_tls: false
+tripleo_internal_tls_ca_file: /etc/ipa/ca.crt
+
+tripleo_container_standalone_volumes: "{{
+    tripleo_enable_internal_tls |
+      ternary(
+        tripleo_container_standalone_common_volumes +
+          tripleo_container_standalone_internal_tls_volumes +
+          [tripleo_internal_tls_ca_file ~ ':' ~ tripleo_internal_tls_ca_file ~ ':ro'],
+        tripleo_container_standalone_common_volumes)
+  }}"
diff --git a/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml b/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml
index 76b99b94a..9eb3488ee 100644
--- a/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml
@@ -25,15 +25,9 @@ tripleo_keystone_hide_sensitive_logs: true
 tripleo_keystone_image: ""
 
 tripleo_keystone_volumes:
-    - /etc/openldap:/etc/openldap:ro
-    - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
-    - /var/lib/config-data/puppet-generated/keystone:/var/lib/kolla/config_files/src:ro
-
-tripleo_keystone_enable_internal_tls: false
-tripleo_keystone_internal_tls_ca_file: /etc/ipa/ca.crt
-tripleo_keystone_internal_tls_volumes: "{{ ternary(tripleo_keystone_enable_internal_tls,
-                                                   ['/etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro'],
-                                                   ['/etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro']) }}"
+  - /etc/openldap:/etc/openldap:ro
+  - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+  - /var/lib/config-data/puppet-generated/keystone:/var/lib/kolla/config_files/src:ro
 
 tripleo_keystone_logging_volumes:
   - /var/log/containers/keystone:/var/log/keystone:z
diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2
index 755d7f370..9550fe6bc 100644
--- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2
+++ b/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2
@@ -6,16 +6,6 @@ restart: always
 healthcheck:
   test: /openstack/healthcheck
 volumes:
-  {% set keystone_volumes = [] %}
-  {%- set keystone_volumes =
-        keystone_volumes +
-        tripleo_keystone_volumes +
-        tripleo_keystone_logging_volumes +
-        tripleo_keystone_internal_tls_volumes -%}
-  {%- if tripleo_keystone_enable_internal_tls -%}
-  {%-   set keystone_volumes =
-          keystone_volumes + tripleo_keystone_internal_tls_ca_file -%}
-  {%- endif -%}
-  {{ tripleo_container_standalone_common_volumes | default([]) + keystone_volumes }}
+  {{ tripleo_container_standalone_volumes | default([]) + tripleo_keystone_volumes + tripleo_keystone_logging_volumes }}
 environment:
   KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2
index a367efeed..76d206fd4 100644
--- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2
+++ b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2
@@ -8,17 +8,6 @@ healthcheck:
   test: '/usr/share/openstack-tripleo-common/healthcheck/cron keystone'
 command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
 volumes:
-  {% set keystone_volumes = [] %}
-  {%- set keystone_volumes =
-        keystone_volumes +
-        tripleo_keystone_common_volumes +
-        tripleo_keystone_volumes +
-        tripleo_keystone_logging_volumes +
-        tripleo_keystone_internal_tls_volumes -%}
-  {%- if tripleo_keystone_enable_internal_tls -%}
-  {%-   set keystone_volumes =
-          keystone_volumes + tripleo_keystone_internal_tls_ca_file -%}
-  {%- endif -%}
-  {{ keystone_volumes }}
+  {{ tripleo_container_standalone_volumes | default([]) + tripleo_keystone_volumes + tripleo_keystone_logging_volumes }}
 environment:
   KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2
index 572f06bed..ec0a411b2 100644
--- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2
+++ b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2
@@ -4,17 +4,6 @@ user: root
 privileged: false
 detach: false
 volumes:
-  {% set keystone_volumes = [] %}
-  {%- set keystone_volumes =
-        keystone_volumes +
-        tripleo_keystone_common_volumes +
-        tripleo_keystone_volumes +
-        tripleo_keystone_logging_volumes +
-        tripleo_keystone_internal_tls_volumes -%}
-  {%- if tripleo_keystone_enable_internal_tls -%}
-  {%-   set keystone_volumes =
-          keystone_volumes + tripleo_keystone_internal_tls_ca_file -%}
-  {%- endif -%}
-  {{ keystone_volumes }}
+  {{ tripleo_container_standalone_volumes | default([]) + tripleo_keystone_volumes + tripleo_keystone_logging_volumes }}
 environment: {{ tripleo_keystone_db_sync_environment | combine(tripleo_keystone_logging_environment | default({}, true)) }}
 command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']