From c76b60b4ab090aa2bbb8c28fbec299aa6ec8a6ae Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Tue, 16 Jun 2020 18:03:03 +0200 Subject: [PATCH] Fix the default values for ca_file and cert_file Before this change, the values were set to haproxy defaults, however, these should not be used. The keystone endpoint should be verified by the system's default CA certificates, which are mounted into the neutron_api container. Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a Closes-Bug: #1883741 Resolves: rhbz#1844592 (cherry picked from commit 9befc582571757cfd2bfd45f491617af3d563af8) --- manifests/network/contrail/neutron_plugin.pp | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp index 2bf98b281..1e88eb9a1 100644 --- a/manifests/network/contrail/neutron_plugin.pp +++ b/manifests/network/contrail/neutron_plugin.pp @@ -114,8 +114,8 @@ class tripleo::network::contrail::neutron_plugin ( $auth_host = hiera('contrail::auth_host'), $auth_port = hiera('contrail::auth_port'), $auth_protocol = hiera('contrail::auth_protocol'), - $ca_file = hiera('tripleo::haproxy::service_certificate',false), - $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), $purge_config = false, $package_ensure = 'present', ) { @@ -177,10 +177,6 @@ class tripleo::network::contrail::neutron_plugin ( purge => $purge_config, } - exec { 'add neutron user to haproxy group': - command => '/usr/sbin/usermod -a -G haproxy neutron', - } - $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) if $auth_protocol == 'https' { neutron_plugin_opencontrail {