Browse Source

Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt

The two services use the same parameter for the location of the
CA cert.  This causes problems when trying to deploy both services
on the same machine, for example in standalone mode.

Closes-Bug: 1887376
Change-Id: Ie67bac28ac6097cba810b51496493584be0edcc8
(cherry picked from commit de14bc555cbff1321f077ebca83c54126e5cb53f)
changes/79/740679/3
Ade Lee 9 months ago
committed by Ronelle Landy
parent
commit
5087bc9c12
2 changed files with 6 additions and 5 deletions
  1. +5
    -5
      deployment/nova/nova-vnc-proxy-container-puppet.yaml
  2. +1
    -0
      tools/yaml-validate.py

+ 5
- 5
deployment/nova/nova-vnc-proxy-container-puppet.yaml View File

@@ -50,7 +50,7 @@ parameters:
description: If set to true and if EnableInternalTLS is enabled, it will
enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt.
InternalTLSVncCAFile:
InternalTLSVncProxyCAFile:
default: '/etc/pki/CA/certs/vnc.crt'
type: string
description: Specifies the CA cert to use for VNC TLS.
@@ -61,7 +61,7 @@ parameters:
This file will be symlinked to the default CA path,
which is /etc/pki/libvirt-vnc/ca-cert.pem.
This parameter should be used if the default (which comes from
the InternalTLSVncCAFile parameter) is not desired. The current
the InternalTLSVncProxyCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled.
StackUpdateType:
@@ -162,7 +162,7 @@ outputs:
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- get_param: InternalTLSVncProxyCAFile
- get_param: LibvirtVncCACert
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
libvirt_vnc_certificates_specs:
@@ -170,7 +170,7 @@ outputs:
cacertfile:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- get_param: InternalTLSVncProxyCAFile
- null
service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@@ -262,7 +262,7 @@ outputs:
CACERT:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- get_param: InternalTLSVncProxyCAFile
- get_param: LibvirtVncCACert
- /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
- /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro


+ 1
- 0
tools/yaml-validate.py View File

@@ -117,6 +117,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
'KeystoneAdminErrorLoggingSource': ['default'],
'KeystoneMainAcccessLoggingSource': ['default'],
'KeystoneMainErrorLoggingSource': ['default'],
'LibvirtVncCACert': ['description'],
'NeutronApiLoggingSource': ['default'],
'NeutronDhcpAgentLoggingSource': ['default'],
'NeutronL3AgentLoggingSource': ['default'],


Loading…
Cancel
Save