From 4a45e6c758dcc4752d309904ea515c6cf700ec5e Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 27 Aug 2024 16:00:04 +0100
Subject: [PATCH 1/2] ci-multinode: Add Kolla Ansible TLS config to globals.yml

Previously we provided an additional file, globals-tls-config.yml, which
would be appended to globals.yml at an appropriate point during
multinode deployment. This could result in a merge conflict, which
cannot be resolved by an automated process such as a GitHub Actions
workflow.

This change adds the TLS config to globals.yml conditionally, based on
whether internal TLS is enabled.

We are not removing globals-tls-config.yml for now, since it is used in
the terraform-kayobe-multinode repo as a proxy for internal TLS support.
The file has already been removed in the Antelope branch.
---
 .../environments/ci-multinode/kolla/globals.yml      | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/etc/kayobe/environments/ci-multinode/kolla/globals.yml b/etc/kayobe/environments/ci-multinode/kolla/globals.yml
index 0f9dfe6f01..4462a45b5d 100644
--- a/etc/kayobe/environments/ci-multinode/kolla/globals.yml
+++ b/etc/kayobe/environments/ci-multinode/kolla/globals.yml
@@ -44,3 +44,15 @@ designate_ns_record:
 designate_backend: "bind9"
 designate_recursion: "yes"
 designate_forwarders_addresses: "1.1.1.1; 8.8.8.8"
+
+{% if kolla_enable_tls_internal | bool %}
+############################################################################
+# Internal and backend TLS configuration
+
+# Copy the self-signed CA into the kolla containers
+kolla_copy_ca_into_containers: "yes"
+openstack_cacert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if os_distribution == 'rocky' else '/etc/ssl/certs/ca-certificates.crt' }}"
+kolla_enable_tls_backend: "yes"
+rabbitmq_enable_tls: "yes"
+
+{% endif %}

From efa672900bc06d2199647291605a74ff79d77098 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 4 Sep 2024 14:16:01 +0100
Subject: [PATCH 2/2] Disable yamllint in ci-multinode globals.yml

It is a jinja template.
---
 etc/kayobe/environments/ci-multinode/kolla/globals.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/kayobe/environments/ci-multinode/kolla/globals.yml b/etc/kayobe/environments/ci-multinode/kolla/globals.yml
index 4462a45b5d..b4b6db2605 100644
--- a/etc/kayobe/environments/ci-multinode/kolla/globals.yml
+++ b/etc/kayobe/environments/ci-multinode/kolla/globals.yml
@@ -1,3 +1,4 @@
+# yamllint disable-file
 ---
 # Most development environments will use nested virtualisation, and we can't
 # guarantee that nested KVM support is available. Use QEMU as a lowest common