From 903824c9bf4d3ddcd5664c1c1c12fb2f9f6db8fb Mon Sep 17 00:00:00 2001 From: Hemanth Nakkina Date: Wed, 3 Jun 2026 18:56:29 +0530 Subject: [PATCH] fix(loadbalancer): integrate openstack-port-cni to keystone for ca certs openstack-port-cni daemon is not able to communicate with keystone in a TLS based deployment since OS_CACERT is not received from certificate distributor keystone. This is due to missing integration between keystone and openstack-port-cni over send-ca-cert/receive-ca-cert relation. Add the integration in terraform plan for openstack-port-cni Related-Fix: https://bugs.launchpad.net/snap-openstack/+bug/2155113 Signed-off-by: Hemanth Nakkina --- .../loadbalancer/etc/deploy-cni/main.tf | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/sunbeam-python/sunbeam/features/loadbalancer/etc/deploy-cni/main.tf b/sunbeam-python/sunbeam/features/loadbalancer/etc/deploy-cni/main.tf index 3bccae855..006393b0c 100644 --- a/sunbeam-python/sunbeam/features/loadbalancer/etc/deploy-cni/main.tf +++ b/sunbeam-python/sunbeam/features/loadbalancer/etc/deploy-cni/main.tf @@ -20,8 +20,8 @@ data "juju_model" "openstack" { } resource "juju_application" "multus" { - name = "multus" - trust = true + name = "multus" + trust = true model_uuid = data.juju_model.openstack.uuid charm { @@ -39,8 +39,8 @@ resource "juju_application" "multus" { } resource "juju_application" "openstack-port-cni" { - name = "openstack-port-cni" - trust = true + name = "openstack-port-cni" + trust = true model_uuid = data.juju_model.openstack.uuid charm { @@ -65,3 +65,17 @@ resource "juju_integration" "port-cni-keystone" { endpoint = "identity-credentials" } } + +resource "juju_integration" "port-cni-keystone-cacert" { + model_uuid = data.juju_model.openstack.uuid + + application { + name = juju_application.openstack-port-cni.name + endpoint = "receive-ca-cert" + } + + application { + name = "keystone" + endpoint = "send-ca-cert" + } +}