Fix kibana deployment with openstack_cacert unset

When deploying Kibana with the default configuration of openstack_cacert being unset, it fails due to an invalid configuration. The error message is both unfriendly and useful: "message":"child \"elasticsearch\" fails because [child \"ssl\" fails because [child \"certificateAuthorities\" fails because [single value of \"certificateAuthorities\" fails because [\"certificateAuthorities\" must be a string]]]]"} This is because we set elasticsearch.ssl.certificateAuthorities even when there is no CA cert configured. This change fixes the issue by only setting elasticsearch.ssl.certificateAuthorities when a CA cert is configured. Change-Id: I5954751451b7c931e8a9d79c713a2798522d8b81 Closes-Bug: #1864180

Fix kibana deployment with openstack_cacert unset
6bae6da3 · Mark Goddard · fa49143f · 6bae6da3 · 6bae6da3
Commit 6bae6da3 authored 5 years ago by Mark Goddard
--- a/ansible/roles/kibana/templates/kibana.yml.j2
+++ b/ansible/roles/kibana/templates/kibana.yml.j2
@@ -6,4 +6,6 @@ elasticsearch.url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_addre
 elasticsearch.requestTimeout: {{ kibana_elasticsearch_request_timeout }}
 elasticsearch.shardTimeout: {{ kibana_elasticsearch_shard_timeout }}
 elasticsearch.ssl.verificationMode: "{{ 'full' if kibana_elasticsearch_ssl_verify | bool else 'none' }}"
+{% if openstack_cacert | length > 0 %}
 elasticsearch.ssl.certificateAuthorities: {{ openstack_cacert }}
+{% endif %}
--- a/releasenotes/notes/kibana-no-cacert-1994d03bc915dfc0.yaml
+++ b/releasenotes/notes/kibana-no-cacert-1994d03bc915dfc0.yaml
+---
+fixes:
+  - |
+    Fixes an issue with Kibana deployment when ``openstack_cacert`` is unset.
+    See `bug 1864180 <https://bugs.launchpad.net/kolla-ansible/+bug/1864180>`_
+    for details.