Make adding internal TLS config to globals.yml idempotent

markgoddard · markgoddard · commit 66e35d8ac24a · 2024-08-27T16:36:59.000+01:00
Previously the internal TLS config in globals-tls-config.yml was always
appended to Kolla Ansible's globals.yml. This could result in duplicated
variables.

This change only appends the config when it is not already present in
globals.yml.

This also makes it possible to add the internal TLS config permanently
within globals.yml, behind a conditional.
diff --git a/ansible/files/multinode.sh b/ansible/files/multinode.sh
@@ -155,7 +155,12 @@ function generate_overcloud_certs() {
   # NOTE: Previously it was necessary to first deploy HAProxy with TLS disabled.
   if [[ -f $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/globals-tls-config.yml ]]; then
     sed -i 's/# kolla_enable_tls_internal: true/kolla_enable_tls_internal: true/g' $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla.yml
-    cat $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/globals-tls-config.yml >> $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/globals.yml
+    # This condition provides some level of idempotency, as well as supporting
+    # the case where the content of globals-tls-config.yml has been added to
+    # globals.yml within a conditional check for internal TLS.
+    if ! grep kolla_copy_ca_into_containers $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/globals-tls-config.yml &>/dev/null; then
+      cat $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/globals-tls-config.yml >> $KAYOBE_CONFIG_PATH/environments/$KAYOBE_ENVIRONMENT/kolla/globals.yml
+    fi
   fi
 }
 
