Skip unnecessary TLS cert creation on container startup

Kolla is generating a self-signed cert on container startup which we do not use. This will burn considerable resources and time for every container start. If we have mounted a custom ssl.conf skip the step.
openstack-k8s-operators · Jan 31, 2024 · 9461ac6 · 9461ac6
1 parent cda9458
commit 9461ac6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/container-images/kolla/base/httpd_setup.sh b/container-images/kolla/base/httpd_setup.sh
@@ -14,7 +14,8 @@ if [[ "$(whoami)" == 'root' ]]; then
     # on startup:
     #   SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
     # Work around this by generating certificates manually.
-    if [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
+    if grep -q -E '^SSLCertificateFile \/etc\/pki\/tls\/certs\/localhost\.crt$' /etc/httpd/conf.d/ssl.conf && \
+      [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
         /usr/libexec/httpd-ssl-gencerts
     fi
 fi