openstack/puppet-tripleo
Code Issues Proposed changes

Fix the default values for ca_file and cert_file

Browse Source 
Before this change, the values were set to haproxy defaults,
however, these should not be used. The keystone endpoint
should be verified by the system's default CA certificates,
which are mounted into the neutron_api container.

Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a
Closes-Bug: #1883741
Resolves: rhbz#1844592
(cherry picked from commit 9befc582571757cfd2bfd45f491617af3d563af8)
This commit is contained in:
Grzegorz Grasza 2020-06-16 18:03:03 +02:00
parent b8568c4bc3
commit c76b60b4ab
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/network/contrail/neutron_plugin.pp
View File

@ -114,8 +114,8 @@ class tripleo::network::contrail::neutron_plugin (
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
$auth_protocol = hiera('contrail::auth_protocol'),
$ca_file = hiera('tripleo::haproxy::service_certificate',false),
$cert_file = hiera('tripleo::haproxy::service_certificate',false),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
$purge_config = false,
$package_ensure = 'present',
) {
@ -177,10 +177,6 @@ class tripleo::network::contrail::neutron_plugin (
purge => $purge_config,
}
exec { 'add neutron user to haproxy group':
command => '/usr/sbin/usermod -a -G haproxy neutron',
}
$auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
if $auth_protocol == 'https' {
neutron_plugin_opencontrail {