Browse Source

Fix the default values for ca_file and cert_file

Before this change, the values were set to haproxy defaults,
however, these should not be used. The keystone endpoint
should be verified by the system's default CA certificates,
which are mounted into the neutron_api container.

Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a
Closes-Bug: #1883741
Resolves: rhbz#1844592
(cherry picked from commit 9befc58257)
changes/20/737720/1
Grzegorz Grasza 2 weeks ago
parent
commit
b9a5dae604
1 changed files with 2 additions and 6 deletions
  1. +2
    -6
      manifests/network/contrail/neutron_plugin.pp

+ 2
- 6
manifests/network/contrail/neutron_plugin.pp View File

@@ -114,8 +114,8 @@ class tripleo::network::contrail::neutron_plugin (
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
$auth_protocol = hiera('contrail::auth_protocol'),
$ca_file = hiera('tripleo::haproxy::service_certificate',false),
$cert_file = hiera('tripleo::haproxy::service_certificate',false),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
$purge_config = false,
$package_ensure = 'present',
) {
@@ -177,10 +177,6 @@ class tripleo::network::contrail::neutron_plugin (
purge => $purge_config,
}

exec { 'add neutron user to haproxy group':
command => '/usr/sbin/usermod -a -G haproxy neutron',
}

$auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
if $auth_protocol == 'https' {
neutron_plugin_opencontrail {


Loading…
Cancel
Save