openstack
/
puppet-tripleo
Code Issues Proposed changes

Remove certificate request bits from service profiles 

This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.

Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
This commit is contained in:
Juan Antonio Osorio Robles 2017-03-13 14:56:01 +02:00
parent 2102a610c1
commit d9916ce773
18 changed files with 0 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
manifests/profile/base/aodh/api.pp
View File

@ -39,14 +39,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -57,17 +49,12 @@ class tripleo::profile::base::aodh::api (
$aodh_network = hiera('aodh_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
) {
include ::tripleo::profile::base::aodh
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$aodh_network {
fail('aodh_api_network is not set in the hieradata.')
}

13
manifests/profile/base/barbican/api.pp
View File

@ -43,14 +43,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -105,7 +97,6 @@ class tripleo::profile::base::barbican::api (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
$oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
$oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
@ -126,10 +117,6 @@ class tripleo::profile::base::barbican::api (
}
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$barbican_network {
fail('barbican_api_network is not set in the hieradata.')
}

13
manifests/profile/base/ceilometer/api.pp
View File

@ -39,14 +39,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -56,16 +48,11 @@ class tripleo::profile::base::ceilometer::api (
$ceilometer_network = hiera('ceilometer_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
) {
include ::tripleo::profile::base::ceilometer
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$ceilometer_network {
fail('ceilometer_api_network is not set in the hieradata.')
}

13
manifests/profile/base/cinder/api.pp
View File

@ -43,14 +43,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -61,7 +53,6 @@ class tripleo::profile::base::cinder::api (
$certificates_specs = hiera('apache_certificates_specs', {}),
$cinder_api_network = hiera('cinder_api_network', undef),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@ -73,10 +64,6 @@ class tripleo::profile::base::cinder::api (
include ::tripleo::profile::base::cinder
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$cinder_api_network {
fail('cinder_api_network is not set in the hieradata.')
}

10
manifests/profile/base/database/mysql.pp
View File

@ -47,12 +47,6 @@
# limit for the mysql service.
# Defaults to false
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# MySQL. This could be as many as specified by the $certificates_specs
# variable.
# Defaults to hiera('generate_service_certificate', false).
#
# [*manage_resources*]
# (Optional) Whether or not manage root user, root my.cnf, and service.
# Defaults to true
@ -82,7 +76,6 @@ class tripleo::profile::base::database::mysql (
$certificate_specs = {},
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_dropin_file_limit = false,
$generate_service_certificates = hiera('generate_service_certificates', false),
$manage_resources = true,
$mysql_server_options = {},
$mysql_max_connections = hiera('mysql_max_connections', undef),
@ -100,9 +93,6 @@ class tripleo::profile::base::database::mysql (
validate_hash($certificate_specs)
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resource('class', 'tripleo::certmonger::mysql', $certificate_specs)
}
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
} else {

13
manifests/profile/base/glance/api.pp
View File

@ -38,14 +38,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*glance_backend*]
# (Optional) Glance backend(s) to use.
# Defaults to downcase(hiera('glance_backend', 'swift'))
@ -91,7 +83,6 @@ class tripleo::profile::base::glance::api (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$glance_backend = downcase(hiera('glance_backend', 'swift')),
$glance_network = hiera('glance_api_network', undef),
$glance_nfs_enabled = false,
@ -102,10 +93,6 @@ class tripleo::profile::base::glance::api (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 9292,
) {
if $enable_internal_tls and $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {

13
manifests/profile/base/gnocchi/api.pp
View File

@ -38,14 +38,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*gnocchi_backend*]
# (Optional) Gnocchi backend string file, swift or rbd
# Defaults to swift
@ -64,7 +56,6 @@ class tripleo::profile::base::gnocchi::api (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')),
$gnocchi_network = hiera('gnocchi_api_network', undef),
$step = hiera('step'),
@ -78,10 +69,6 @@ class tripleo::profile::base::gnocchi::api (
include ::tripleo::profile::base::gnocchi
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$gnocchi_network {
fail('gnocchi_api_network is not set in the hieradata.')
}

16
manifests/profile/base/haproxy.pp
View File

@ -36,14 +36,6 @@
# (Optional) Whether or not loadbalancer is enabled.
# Defaults to hiera('enable_load_balancer', true).
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -52,18 +44,10 @@
class tripleo::profile::base::haproxy (
$certificates_specs = {},
$enable_load_balancer = hiera('enable_load_balancer', true),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
) {
if $step >= 1 {
if $enable_load_balancer {
if str2bool($generate_service_certificates) {
ensure_resources('tripleo::certmonger::haproxy', $certificates_specs)
# The haproxy fronends (or listen resources) depend on the certificate
# existing and need to be refreshed if it changed.
Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
}
class {'::tripleo::haproxy':
internal_certificates_specs => $certificates_specs,
}

13
manifests/profile/base/heat/api.pp
View File

@ -34,14 +34,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*heat_api_network*]
# (Optional) The network name where the heat API endpoint is listening on.
# This is set by t-h-t.
@ -55,17 +47,12 @@
class tripleo::profile::base::heat::api (
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$heat_api_network = hiera('heat_api_network', undef),
$step = hiera('step'),
) {
include ::tripleo::profile::base::heat
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$heat_api_network {
fail('heat_api_network is not set in the hieradata.')
}

13
manifests/profile/base/heat/api_cfn.pp
View File

@ -34,14 +34,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*heat_api_cfn_network*]
# (Optional) The network name where the heat cfn endpoint is listening on.
# This is set by t-h-t.
@ -55,17 +47,12 @@
class tripleo::profile::base::heat::api_cfn (
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
$step = hiera('step'),
) {
include ::tripleo::profile::base::heat
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$heat_api_cfn_network {
fail('heat_api_cfn_network is not set in the hieradata.')
}

13
manifests/profile/base/heat/api_cloudwatch.pp
View File

@ -34,14 +34,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*heat_api_cloudwatch_network*]
# (Optional) The network name where the heat cloudwatch endpoint is listening
# on. This is set by t-h-t.
@ -55,17 +47,12 @@
class tripleo::profile::base::heat::api_cloudwatch (
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
$step = hiera('step'),
) {
include ::tripleo::profile::base::heat
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$heat_api_cloudwatch_network {
fail('heat_api_cloudwatch_network is not set in the hieradata.')
}

13
manifests/profile/base/keystone.pp
View File

@ -43,14 +43,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*heat_admin_domain*]
# domain name for heat admin
# Defaults to undef
@ -130,7 +122,6 @@ class tripleo::profile::base::keystone (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$heat_admin_domain = undef,
$heat_admin_email = undef,
$heat_admin_password = undef,
@ -163,10 +154,6 @@ class tripleo::profile::base::keystone (
}
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$public_endpoint_network {
fail('keystone_public_api_network is not set in the hieradata.')
}

13
manifests/profile/base/neutron/server.pp
View File

@ -43,14 +43,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*l3_ha_override*]
# (Optional) Override the calculated value for neutron::server::l3_ha
# by default this is calculated to enable when DVR is not enabled
@ -95,7 +87,6 @@ class tripleo::profile::base::neutron::server (
$certificates_specs = hiera('apache_certificates_specs', {}),
$dvr_enabled = hiera('neutron::server::router_distributed', false),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$l3_ha_override = '',
$l3_nodes = hiera('neutron_l3_short_node_names', []),
$neutron_network = hiera('neutron_api_network', undef),
@ -104,10 +95,6 @@ class tripleo::profile::base::neutron::server (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 9696,
) {
if $enable_internal_tls and $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {

13
manifests/profile/base/nova/api.pp
View File

@ -36,14 +36,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*nova_api_network*]
# (Optional) The network name where the nova API endpoint is listening on.
# This is set by t-h-t.
@ -63,7 +55,6 @@ class tripleo::profile::base::nova::api (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$nova_api_network = hiera('nova_api_network', undef),
$nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false),
$step = hiera('step'),
@ -93,10 +84,6 @@ class tripleo::profile::base::nova::api (
# https://bugs.launchpad.net/nova/+bug/1661360
if $nova_api_wsgi_enabled {
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$nova_api_network {
fail('nova_api_network is not set in the hieradata.')
}

13
manifests/profile/base/nova/placement.pp
View File

@ -36,14 +36,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*nova_placement_network*]
# (Optional) The network name where the nova placement endpoint is listening on.
# This is set by t-h-t.
@ -58,7 +50,6 @@ class tripleo::profile::base::nova::placement (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$nova_placement_network = hiera('nova_placement_network', undef),
$step = hiera('step'),
) {
@ -72,10 +63,6 @@ class tripleo::profile::base::nova::placement (
include ::tripleo::profile::base::nova::authtoken
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$nova_placement_network {
fail('nova_placement_network is not set in the hieradata.')
}

13
manifests/profile/base/panko/api.pp
View File

@ -38,14 +38,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# HAProxy. This could be as many as specified by the $certificates_specs
# variable.
# Note that this doesn't configure the certificates in haproxy, it merely
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
# [*panko_network*]
# (Optional) The network name where the panko endpoint is listening on.
# This is set by t-h-t.
@ -60,7 +52,6 @@ class tripleo::profile::base::panko::api (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$panko_network = hiera('panko_api_network', undef),
$step = hiera('step'),
) {
@ -73,10 +64,6 @@ class tripleo::profile::base::panko::api (
include ::tripleo::profile::base::panko
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
}
if !$panko_network {
fail('panko_api_network is not set in the hieradata.')
}

10
manifests/profile/base/rabbitmq.pp
View File

@ -42,12 +42,6 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# MySQL. This could be as many as specified by the $certificates_specs
# variable.
# Defaults to hiera('generate_service_certificate', false).
#
# [*inet_dist_interface*]
# (Optional) Address to bind the inter-cluster interface
# to. It is the inet_dist_use_interface option in the kernel variables
@ -87,7 +81,6 @@ class tripleo::profile::base::rabbitmq (
$config_variables = hiera('rabbitmq_config_variables'),
$enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t
$environment = hiera('rabbitmq_environment'),
$generate_service_certificates = hiera('generate_service_certificates', false),
$inet_dist_interface = hiera('rabbitmq::interface', undef),
$ipv6 = str2bool(hiera('rabbit_ipv6', false)),
$kernel_variables = hiera('rabbitmq_kernel_variables'),
@ -98,9 +91,6 @@ class tripleo::profile::base::rabbitmq (
$step = hiera('step'),
) {
if $enable_internal_tls {
if $generate_service_certificates {
ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs)
}
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
} else {

4
spec/classes/tripleo_profile_base_nova_placement_spec.rb
View File

@ -49,7 +49,6 @@ eos
let(:params) { {
:step => 1,
:enable_internal_tls => true,
:generate_service_certificates => true,
:nova_placement_network => 'bar',
:certificates_specs => {
'httpd-bar' => {
@ -63,7 +62,6 @@ eos
it {
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_tripleo__certmonger__httpd('httpd-bar')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::wsgi::apache_placement')
}
@ -87,7 +85,6 @@ eos
let(:params) { {
:step => 3,
:enable_internal_tls => true,
:generate_service_certificates => false,
:nova_placement_network => 'bar',
:certificates_specs => {
'httpd-bar' => {
@ -102,7 +99,6 @@ eos
it {
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_tripleo__certmonger__httpd('foo')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::wsgi::apache_placement').with(
:ssl_cert => '/foo.pem',