Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt
The two services use the same parameter for the location of the
CA cert. This causes problems when trying to deploy both services
on the same machine, for example in standalone mode.
Closes-Bug: 1887376
Change-Id: Ie67bac28ac6097cba810b51496493584be0edcc8
(cherry picked from commit de14bc555c
)
This commit is contained in:
parent
6f2e4b6848
commit
5087bc9c12
@ -50,7 +50,7 @@ parameters:
|
||||
description: If set to true and if EnableInternalTLS is enabled, it will
|
||||
enable TLS transaport for libvirt VNC and configure the
|
||||
relevant keys for libvirt.
|
||||
InternalTLSVncCAFile:
|
||||
InternalTLSVncProxyCAFile:
|
||||
default: '/etc/pki/CA/certs/vnc.crt'
|
||||
type: string
|
||||
description: Specifies the CA cert to use for VNC TLS.
|
||||
@ -61,7 +61,7 @@ parameters:
|
||||
This file will be symlinked to the default CA path,
|
||||
which is /etc/pki/libvirt-vnc/ca-cert.pem.
|
||||
This parameter should be used if the default (which comes from
|
||||
the InternalTLSVncCAFile parameter) is not desired. The current
|
||||
the InternalTLSVncProxyCAFile parameter) is not desired. The current
|
||||
default reflects TripleO's default CA, which is FreeIPA.
|
||||
It will only be used if internal TLS is enabled.
|
||||
StackUpdateType:
|
||||
@ -162,7 +162,7 @@ outputs:
|
||||
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
|
||||
if:
|
||||
- libvirt_vnc_specific_ca_unset
|
||||
- get_param: InternalTLSVncCAFile
|
||||
- get_param: InternalTLSVncProxyCAFile
|
||||
- get_param: LibvirtVncCACert
|
||||
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
|
||||
libvirt_vnc_certificates_specs:
|
||||
@ -170,7 +170,7 @@ outputs:
|
||||
cacertfile:
|
||||
if:
|
||||
- libvirt_vnc_specific_ca_unset
|
||||
- get_param: InternalTLSVncCAFile
|
||||
- get_param: InternalTLSVncProxyCAFile
|
||||
- null
|
||||
service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
|
||||
service_key: '/etc/pki/libvirt-vnc/client-key.pem'
|
||||
@ -262,7 +262,7 @@ outputs:
|
||||
CACERT:
|
||||
if:
|
||||
- libvirt_vnc_specific_ca_unset
|
||||
- get_param: InternalTLSVncCAFile
|
||||
- get_param: InternalTLSVncProxyCAFile
|
||||
- get_param: LibvirtVncCACert
|
||||
- /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
|
||||
- /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
|
||||
|
@ -117,6 +117,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
|
||||
'KeystoneAdminErrorLoggingSource': ['default'],
|
||||
'KeystoneMainAcccessLoggingSource': ['default'],
|
||||
'KeystoneMainErrorLoggingSource': ['default'],
|
||||
'LibvirtVncCACert': ['description'],
|
||||
'NeutronApiLoggingSource': ['default'],
|
||||
'NeutronDhcpAgentLoggingSource': ['default'],
|
||||
'NeutronL3AgentLoggingSource': ['default'],
|
||||
|
Loading…
Reference in New Issue
Block a user