openstack-k8s-operators · cjeanner · Oct 27, 2023
@@ -14,5 +14,5 @@ This role doesn't need privilege escalation.
 * `cifmw_edpm_prepare_oc_delay`: (Integer) Delay, in seconds, between failed oc call retries. Defaults to `30`.
 * `cifmw_edpm_prepare_update_os_containers`: (Boolean) Updates the openstack services containers env variable. Defaults to `false`.
 * `cifmw_edpm_prepare_timeout`: (Integer) Time, in minutes to wait for the deployment to be ready. Defaults to `30`.
-* `cifmw_edpm_prepare_verify_tls`: (Boolean) In case of TLS enabled for OpenStack endpoint, validates against the CA. Defaults to `true`.
+* `cifmw_edpm_prepare_verify_tls`: (Boolean) In case of TLS enabled for OpenStack endpoint, validates against the CA. Defaults to `false`.
 * `cifmw_edpm_prepare_skip_patch_ansible_runner`: (Boolean) Intentionally skips setting ansible runner image to `latest` from quay.io. Defaults to `False`.
@@ -25,5 +25,5 @@ cifmw_edpm_prepare_dry_run: false
 cifmw_edpm_prepare_skip_crc_storage_creation: false
 cifmw_edpm_prepare_update_os_containers: false
 cifmw_edpm_prepare_timeout: 30
-cifmw_edpm_prepare_verify_tls: true
+cifmw_edpm_prepare_verify_tls: false
 cifmw_edpm_prepare_skip_patch_ansible_runner: false
@@ -229,7 +229,11 @@
         KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
         PATH: "{{ cifmw_path }}"
       ansible.builtin.command:
-        cmd: 'oc get secret combined-ca-bundle -n openstack -o "jsonpath={.data.tls-ca-bundle\.pem}" --ignore-not-found'
+        cmd: >-
+          oc get secret combined-ca-bundle
+          -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
+          -o "jsonpath={.data.tls-ca-bundle\.pem}"
+          --ignore-not-found
       register: ca_bundle_data
 
     - name: Get CA bundle
@@ -252,6 +256,7 @@
       ansible.builtin.include_role:
         role: install_ca
 
+
 - name: Wait for keystone to be ready
   tags:
     - control-plane

@@ -11,4 +11,4 @@ That is provided by `openshift_login` role.
 * `cifmw_os_net_setup_config`: See an example in ci_framework/roles/os_net_setup/defaults/main.yml
 * `cifmw_os_net_setup_osp_calls_retries`: (Integer) Number of attempts to retry an OSP action if it fails. Defaults to `10`.
 * `cifmw_os_net_setup_osp_calls_delay`: (Integer) Delay, in seconds, between failed OSP call retries. Defaults to `5`.
-* `cifmw_os_net_setup_verify_tls`: (Boolean) In case of TLS enabled for OpenStack endpoint, validates against the CA. Defaults to `true`.
+* `cifmw_os_net_setup_verify_tls`: (Boolean) In case of TLS enabled for OpenStack endpoint, validates against the CA. Defaults to `false`.
@@ -15,4 +15,4 @@ cifmw_os_net_setup_config:
         allocation_pool_end: 192.168.122.240
         gateway_ip: 192.168.122.1
         enable_dhcp: false
-cifmw_os_net_setup_verify_tls: true
+cifmw_os_net_setup_verify_tls: false
@@ -1,3 +1,5 @@
 cifmw_tempest_tempestconf_profile_default:
   overrides:
     identity.v3_endpoint_type: public
+    identity.disable_ssl_certificate_validation: true
+    dashboard.disable_ssl_certificate_validation: true