Fix the default values for ca_file and cert_file

Before this change, the values were set to haproxy defaults,
however, these should not be used. The keystone endpoint
should be verified by the system's default CA certificates,
which are mounted into the neutron_api container.

Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a
Closes-Bug: #1883741
Resolves: rhbz#1844592
(cherry picked from commit 9befc58257)
This commit is contained in:
Grzegorz Grasza 2020-06-16 18:03:03 +02:00
parent b8568c4bc3
commit c76b60b4ab

View File

@ -114,8 +114,8 @@ class tripleo::network::contrail::neutron_plugin (
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
$auth_protocol = hiera('contrail::auth_protocol'),
$ca_file = hiera('tripleo::haproxy::service_certificate',false),
$cert_file = hiera('tripleo::haproxy::service_certificate',false),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
$purge_config = false,
$package_ensure = 'present',
) {
@ -177,10 +177,6 @@ class tripleo::network::contrail::neutron_plugin (
purge => $purge_config,
}
exec { 'add neutron user to haproxy group':
command => '/usr/sbin/usermod -a -G haproxy neutron',
}
$auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
if $auth_protocol == 'https' {
neutron_plugin_opencontrail {