{"id":742,"sha1":"5601f1898eaf2fcb7c9ac82f2c25e81c140c8f71","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Enable/Disable barbican configurations\nzun_barbican_enabled: \"{{ (groups['barbican_all'] is defined) and (groups['barbican_all'] | length > 0) }}\"\n# Enable/Disable designate configurations\nzun_designate_enabled: \"{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}\"\n# Notification topics for designate.\nzun_notifications_designate: notifications_designate\n# Enable/Disable ceilometer configurations\nzun_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\n## Verbosity Options\ndebug: false\n\n# python venv executable\nzun_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\nzun_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nzun_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (zun_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\nzun_package_state: \"{{ package_state | default('latest') }}\"\n\nzun_git_repo: https://opendev.org/openstack/zun\nzun_git_install_branch: master\n\nzun_kuryr_git_repo: https://opendev.org/openstack/kuryr-libnetwork\nzun_kuryr_git_install_branch: master\n\n# This is only required until kuryr-libnetwork depends upon a version of kuryr-lib\n# which includes https://review.opendev.org/c/openstack/kuryr/+/764908\nzun_kuryr_lib_git_repo: https://opendev.org/openstack/kuryr\nzun_kuryr_lib_git_install_branch: master\n\nzun_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\nzun_git_constraints:\n - \"--constraint {{ zun_upper_constraints_url }}\"\n\nzun_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\nzun_venv_tag: \"{{ venv_tag | default('untagged') }}\"\nzun_bin: \"/openstack/venvs/zun-{{ zun_venv_tag }}/bin\"\n\nzun_fatal_deprecations: false\n\n## Zun user information\nzun_system_user_name: zun\nzun_system_group_name: zun\nzun_system_shell: /bin/false\nzun_system_comment: zun system user\nzun_system_home_folder: \"/var/lib/{{ zun_system_user_name }}\"\nzun_system_slice_name: zun\nzun_log_dir: \"/var/log/zun\"\n\nzun_lock_dir: \"{{ openstack_lock_dir | default('/run/lock') }}\"\n\n## Kuryr user information\nzun_kuryr_system_user_name: root\nzun_kuryr_system_group_name: root\nzun_kuryr_system_shell: /bin/false\nzun_kuryr_system_comment: kuryr system user\nzun_kuryr_system_home_folder: \"/var/lib/{{ zun_kuryr_system_user_name }}\"\nzun_kuryr_log_dir: \"/var/log/kuryr\"\n\n## Docker setup information\nzun_docker_package_version: \"{{ _zun_docker_package_version }}\"\nzun_architecture_mapping:\n x86_64: amd64\n ppc64le: ppc64el\n s390x: s390x\n armv7l: armhf\n aarch64: arm64\nzun_containerd_package_version: \"{{ _zun_containerd_package_version }}\"\nzun_kata_package_version: \"3.16.0\"\nzun_kata_package_source: >-\n https://github.com/kata-containers/kata-containers/releases/download/{{ zun_kata_package_version }}/kata-static-{{ zun_kata_package_version }}-{{\n zun_architecture_mapping.get(ansible_facts['architecture']) }}.tar.xz\nzun_kata_package_checksum_mapping:\n x86_64: sha256:56cb69a7bb6d3364e92155e06283972e71654a88c70816a55f891f209a8f74db\n ppc64le: sha256:858a95491a6764b95e5540423935e14b39b335287ef7d861a90b046f644d7d8e\n s390x: sha256:b866b73f4af6b7418febb87c0c5d7af825f9e91066c3629dea3196b3b85b0192\n aarch64: sha256:161875f74282015a5f4d86ca9d06f4e47626402eddaf5cccd288a5a3e82d87e0\nzun_kata_enabled: \"True\"\n\n# Set a list of users that are permitted to execute the docker binary.\nzun_docker_users:\n - \"{{ zun_system_user_name }}\"\n - \"{{ zun_kuryr_system_user_name }}\"\n\n# Set the docker api version. The default is false, which will result in no\n# option being set in config for api servers. On compute hosts the docker api\n# version will be used as determined by the client version information.\nzun_docker_api_version: false\n\n# Set the address for Docker to bind to. Used by the wsproxy console forwarder\nzun_docker_bind_host: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nzun_docker_bind_port: 2375\n\n# Should Docker image cache data be periodically cleaned up?\nzun_docker_prune_images: false\n\n# Time period for which to clean up old Docker data. The options are hour, day,\n# month, or year. (string value)\nzun_docker_prune_frequency: hour\n\n## Manually specified zun UID/GID\n# Deployers can specify a UID for the zun user as well as the GID for the\n# zun group if needed. This is commonly used in environments where shared\n# storage is used, such as NFS or GlusterFS, and zun UID/GID values must be\n# in sync between multiple servers.\n#\n# WARNING: Changing these values on an existing deployment can lead to\n# failures, errors, and instability.\n#\n# zun_system_user_uid = \n# zun_system_group_gid = \n\n## Database info\nzun_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\nzun_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default((zun_db_setup_host == 'localhost') | ternary(\n ansible_playbook_python, ansible_facts['python']['executable']))\n }}\nzun_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\nzun_galera_user: zun\nzun_galera_database: zun\nzun_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\nzun_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\nzun_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\nzun_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n# Toggle whether zun connects via an encrypted connection\nzun_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\n# The path where to store the database server CA certificate\nzun_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\nzun_galera_port: \"{{ galera_port | default('3306') }}\"\n\n## RabbitMQ info\n\n## Configuration for RPC communications\nzun_rpc_thread_pool_size: 64\nzun_rpc_conn_pool_size: 30\nzun_rpc_response_timeout: 60\n\n## Oslo Messaging info\n\n# RPC\nzun_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\nzun_oslomsg_rpc_setup_host: \"{{ (zun_oslomsg_rpc_host_group in groups) | ternary(groups[zun_oslomsg_rpc_host_group][0], 'localhost') }}\"\nzun_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\nzun_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\nzun_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\nzun_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\nzun_oslomsg_rpc_userid: zun\n# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues\n# are not used - vhost name will be prefixed with leading `/`.\nzun_oslomsg_rpc_vhost:\n - name: /zun\n state: \"{{ zun_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: zun\n state: \"{{ zun_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\nzun_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\nzun_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\nzun_oslomsg_rpc_policies: []\n\n# Notify\nzun_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(zun_ceilometer_enabled or zun_designate_enabled) }}\"\nzun_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\nzun_oslomsg_notify_setup_host: \"{{ (zun_oslomsg_notify_host_group in groups) | ternary(groups[zun_oslomsg_notify_host_group][0], 'localhost') }}\"\nzun_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\nzun_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\nzun_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\nzun_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\nzun_oslomsg_notify_userid: \"{{ zun_oslomsg_rpc_userid }}\"\nzun_oslomsg_notify_password: \"{{ zun_oslomsg_rpc_password }}\"\nzun_oslomsg_notify_vhost: \"{{ zun_oslomsg_rpc_vhost }}\"\nzun_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\nzun_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\nzun_oslomsg_notify_policies: []\n\n## RabbitMQ integration\nzun_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\nzun_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(zun_oslomsg_rabbit_quorum_queues) }}\"\nzun_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(zun_oslomsg_rabbit_stream_fanout) }}\"\nzun_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(zun_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\nzun_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(zun_oslomsg_rabbit_quorum_queues) }}\"\nzun_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\nzun_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\n\n# If this is not set, then the playbook will try to guess it.\n# zun_virt_type: kvm\n\n## Zun Auth\nzun_service_region: \"{{ service_region | default('RegionOne') }}\"\nzun_service_project_name: \"service\"\nzun_service_project_domain_id: default\nzun_service_user_domain_id: default\nzun_service_user_name: \"zun\"\nzun_service_role_names:\n - admin\n - service\nzun_service_token_roles:\n - service\nzun_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\n\n## Zun Auth for kuryr\nzun_kuryr_service_username: kuryr\n\n## Keystone authentication middleware\nzun_keystone_auth_plugin: password\n\n## Zun WebSocket Proxy\nzun_wsproxy_proto: \"{{ (openstack_service_publicuri_proto | default('http') == 'https') | ternary('wss', 'ws') }}\"\nzun_wsproxy_port: 6784\nzun_wsproxy_host: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nzun_wsproxy_base_uri: \"{{ zun_wsproxy_proto }}://{{ external_lb_vip_address }}:{{ zun_wsproxy_port }}\"\n\n## Zun v1\nzun_service_name: zun\nzun_service_type: container\nzun_service_proto: http\nzun_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(zun_service_proto) }}\"\nzun_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(zun_service_proto) }}\"\nzun_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(zun_service_proto) }}\"\nzun_service_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nzun_service_port: 9517\nzun_kuryr_service_address: 127.0.0.1\nzun_kuryr_service_port: 23750\nzun_service_description: \"Zun Compute Service\"\nzun_service_publicuri: \"{{ zun_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ zun_service_port }}\"\nzun_service_publicurl: \"{{ zun_service_publicuri }}\"\nzun_service_adminuri: \"{{ zun_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ zun_service_port }}\"\nzun_service_adminurl: \"{{ zun_service_adminuri }}\"\nzun_service_internaluri: \"{{ zun_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ zun_service_port }}\"\nzun_service_internalurl: \"{{ zun_service_internaluri }}\"\nzun_service_endpoint_type: internalURL\n\n## General Zun configuration\n# Select between the 'runc' or 'kata' runtime\nzun_container_runtime: runc\n\n# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to\n# compute the number of api workers to use.\n# zun_osapi_compute_workers: 16\n\n# If ``zun_conductor_workers`` is unset the system will use half the number of available VCPUS to\n# compute the number of api workers to use.\n# zun_conductor_workers: 16\n\n# If ``zun_metadata_workers`` is unset the system will use half the number of available VCPUS to\n# compute the number of api workers to use.\n# zun_metadata_workers: 16\n\n## Cap the maximun number of threads / workers when a user value is unspecified.\nzun_api_threads_max: 16\nzun_api_threads: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, zun_api_threads_max] | min }}\n\nzun_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\nzun_scheduler_default_filters: >-\n AvailabilityZoneFilter,\n ComputeFilter\nzun_scheduler_available_filters: zun.scheduler.filters.all_filters\nzun_scheduler_driver: filter_scheduler\n\n## uWSGI setup\nzun_wsgi_threads: 1\nzun_wsgi_processes_max: 16\nzun_wsgi_processes: \"{{ [[ansible_facts['processor_vcpus'] | default(1), 1] | max * 2, zun_wsgi_processes_max] | min }}\"\n\n## Service Name-Group Mapping\nzun_services:\n kuryr-libnetwork:\n group: zun_compute\n service_name: kuryr-libnetwork\n condition: \"{{ inventory_hostname in groups['zun_compute'] }}\"\n init_config_overrides: \"{{ zun_kuryr_init_defaults | combine(zun_kuryr_init_overrides, recursive=True) }}\"\n start_order: 3\n wsgi_app: true\n wsgi: kuryr_libnetwork.server:app\n uwsgi_bind_address: \"{{ zun_kuryr_service_address }}\"\n uwsgi_port: \"{{ zun_kuryr_service_port }}\"\n uwsgi_overrides: \"{{ zun_kuryr_uwsgi_conf_overrides }}\"\n uwsgi_uid: \"{{ zun_kuryr_system_user_name }}\"\n uwsgi_guid: \"{{ zun_kuryr_system_group_name }}\"\n zun-api:\n group: zun_api\n service_name: zun-api\n init_config_overrides: \"{{ zun_api_init_overrides }}\"\n start_order: 1\n wsgi_app: true\n wsgi: \"zun.wsgi.api:application\"\n uwsgi_bind_address: \"{{ zun_service_address }}\"\n uwsgi_port: \"{{ zun_service_port }}\"\n uwsgi_overrides: \"{{ zun_uwsgi_conf_overrides }}\"\n uwsgi_uid: \"{{ zun_system_user_name }}\"\n uwsgi_guid: \"{{ zun_system_group_name }}\"\n uwsgi_tls: \"{{ zun_backend_ssl | ternary(zun_uwsgi_tls, {}) }}\"\n zun-compute:\n group: zun_compute\n service_name: zun-compute\n init_config_overrides: \"{{ zun_compute_init_overrides }}\"\n start_order: 5\n execstarts: \"{{ zun_bin }}/zun-compute --config-dir /etc/zun\"\n zun-wsproxy:\n group: zun_api\n service_name: zun-wsproxy\n init_config_overrides: \"{{ zun_wsproxy_init_overrides }}\"\n start_order: 2\n execstarts: \"{{ zun_bin }}/zun-wsproxy --config-dir /etc/zun\"\n zun-docker-cleanup:\n group: zun_compute\n service_name: zun-docker-cleanup\n init_config_overrides: \"{{ zun_docker_cleanup_init_overrides }}\"\n start_order: 6\n execstarts: \"{{ zun_bin }}/zun-docker-cleanup\"\n timer:\n state: started\n options:\n OnBootSec: 30min\n OnCalendar: \"{{ (zun_docker_prune_frequency == 'day') | ternary('daily', zun_docker_prune_frequency + 'ly') }}\"\n Persistent: true\n docker:\n group: zun_compute\n service_name: docker\n init_config_overrides: {}\n start_order: 4\n systemd_overrides_only: true\n systemd_overrides: \"{{ zun_docker_init_defaults | combine(zun_docker_init_overrides, recursive=True) }}\"\n\n# Common pip packages\nzun_pip_packages:\n - \"git+{{ zun_git_repo }}@{{ zun_git_install_branch }}#egg=zun\"\n - \"git+{{ zun_kuryr_lib_git_repo }}@{{ zun_kuryr_lib_git_install_branch }}#egg=kuryr-lib\"\n - \"git+{{ zun_kuryr_git_repo }}@{{ zun_kuryr_git_install_branch }}#egg=kuryr-libnetwork\"\n - oslo_rootwrap\n - osprofiler\n - python-memcached\n - pymemcache\n - python-zunclient\n - pymysql\n - systemd-python\n\nzun_memcached_servers: \"{{ memcached_servers }}\"\n\n## Default service options used within all systemd unit files.\nzun_service_defaults: {}\n\n## Tunable overrides for services\nzun_zun_conf_overrides: {}\nzun_rootwrap_conf_overrides: {}\nzun_kuryr_conf_overrides: {}\nzun_docker_config_overrides: {}\nzun_kuryr_config_overrides: {}\nzun_uwsgi_conf_overrides: {}\nzun_kuryr_uwsgi_conf_overrides:\n uwsgi:\n pyargv: --config-file /etc/kuryr/kuryr.conf\nzun_uwsgi_tls:\n crt: \"{{ zun_ssl_cert }}\"\n key: \"{{ zun_ssl_key }}\"\n\n## Default zun+kuryr options used within the systemd unit file.\nzun_kuryr_init_defaults:\n Unit:\n Before: docker.service\n After: network-online.target\n Wants: network-online.target\n Service:\n CapabilityBoundingSet: CAP_NET_ADMIN\n AmbientCapabilities: CAP_NET_ADMIN\n Group: \"{{ zun_kuryr_system_group_name }}\"\n User: \"{{ zun_kuryr_system_user_name }}\"\n\n## Default zun+docker options used within the systemd unit file.\nzun_docker_init_defaults:\n Service:\n ExecStart:\n - \"\"\n - \"/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://{{ zun_docker_bind_host }}:{{ zun_docker_bind_port }} -H unix:///var/run/docker.sock{% if zun_kata_enabled %} --add-runtime kata=/opt/kata/bin/kata-runtime{% endif %}\" # noqa: yaml[line-length]\n\n## Tunable overrides for service unit files.\nzun_api_paste_ini_overrides: {}\nzun_api_init_overrides: {}\nzun_wsproxy_init_overrides: {}\nzun_compute_init_overrides: {}\nzun_kuryr_init_overrides: {}\nzun_docker_init_overrides: {}\nzun_docker_cleanup_init_overrides: {}\nzun_policy_overrides: {}\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\nzun_backend_ssl: \"{{ openstack_service_backend_ssl | default(False) }}\"\n\n# Storage location for SSL certificate authority\nzun_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\nzun_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# zun server certificate\nzun_pki_keys_path: \"{{ zun_pki_dir ~ '/certs/private/' }}\"\nzun_pki_certs_path: \"{{ zun_pki_dir ~ '/certs/certs/' }}\"\nzun_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\nzun_pki_regen_cert: \"\"\nzun_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\nzun_pki_certificates:\n - name: \"zun_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ zun_pki_san }}\"\n signed_by: \"{{ zun_pki_intermediate_cert_name }}\"\n\n# zun destination files for SSL certificates\nzun_ssl_cert: /etc/zun/zun.pem\nzun_ssl_key: /etc/zun/zun.key\n\n# Installation details for SSL certificates\nzun_pki_install_certificates:\n - src: \"{{ zun_user_ssl_cert | default(zun_pki_certs_path ~ 'zun_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ zun_ssl_cert }}\"\n owner: \"{{ zun_system_user_name }}\"\n group: \"{{ zun_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ zun_user_ssl_key | default(zun_pki_keys_path ~ 'zun_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ zun_ssl_key }}\"\n owner: \"{{ zun_system_user_name }}\"\n group: \"{{ zun_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# zun_user_ssl_cert: \n# zun_user_ssl_key: \n","created":"2025-12-08T13:57:23.895640Z","updated":"2025-12-08T13:57:23.895653Z","path":"/etc/ansible/roles/os_zun/defaults/main.yml"}