Skip to content

Commit 31a3eed

Browse files
seunghun1eeseunghun1ee
committed
Encrypt ProxySQL cert and key if exist
ProxySQL cert is set to use internal TLS cert[1] which needs an encryption. [1] https://opendev.org/openstack/kolla-ansible/src/branch/stable/2025.1/ansible/roles/certificates/tasks/generate.yml#L169-L183
1 parent 071badb commit 31a3eed

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

ansible/files/multinode.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,11 @@ function generate_overcloud_certs() {
173173
run_kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/openbao-generate-internal-tls.yml
174174
encrypt_file $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/certificates/haproxy-internal.pem
175175

176+
# If ProxySQL certificate and key are generated, encrypt them
177+
for proxysql_item in $(ls -1 $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/certificates/proxysql-*); do
178+
encrypt_file $proxysql_item
179+
done
180+
176181
# Generate backend tls certificates
177182
run_kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/openbao-generate-backend-tls.yml
178183
for cert in $(ls -1 $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/certificates/*-key.pem); do

0 commit comments

Comments
 (0)