Fix the default values for ca_file and cert_file

Before this change, the values were set to haproxy defaults, however, these should not be used. The keystone endpoint should be verified by the system's default CA certificates, which are mounted into the neutron_api container. Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a Closes-Bug: #1883741 Resolves: rhbz#1844592
2020-06-16 18:03:03 +02:00 · 2020-06-16 18:03:03 +02:00 · 9befc58257
commit 9befc58257
parent 436bfaa158
1 changed files with 2 additions and 6 deletions
--- a/manifests/network/contrail/neutron_plugin.pp
+++ b/manifests/network/contrail/neutron_plugin.pp
@ -114,8 +114,8 @@ class tripleo::network::contrail::neutron_plugin (
  $auth_host              = hiera('contrail::auth_host'),
  $auth_port              = hiera('contrail::auth_port'),
  $auth_protocol          = hiera('contrail::auth_protocol'),
-  $ca_file                = hiera('tripleo::haproxy::service_certificate',false),
-  $cert_file              = hiera('tripleo::haproxy::service_certificate',false),
+  $ca_file                = hiera('contrail::service_certificate',false),
+  $cert_file              = hiera('contrail::service_certificate',false),
  $purge_config           = false,
  $package_ensure         = 'present',
 ) {
@ -177,10 +177,6 @@ class tripleo::network::contrail::neutron_plugin (
    purge => $purge_config,
  }

-  exec { 'add neutron user to haproxy group':
-    command => '/usr/sbin/usermod -a -G haproxy neutron',
-  }
-
  $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
  if $auth_protocol == 'https' {
    neutron_plugin_opencontrail {