From 5087bc9c12fb2eda23db6c06cec82bbc7fb997a1 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 29 Oct 2019 15:37:09 +0000
Subject: [PATCH] Use distinct params for ca cert in nova-vnc-proxy and
 nova-libvirt

The two services use the same parameter for the location of the
CA cert.  This causes problems when trying to deploy both services
on the same machine, for example in standalone mode.

Closes-Bug: 1887376
Change-Id: Ie67bac28ac6097cba810b51496493584be0edcc8
(cherry picked from commit de14bc555cbff1321f077ebca83c54126e5cb53f)
---
 deployment/nova/nova-vnc-proxy-container-puppet.yaml | 10 +++++-----
 tools/yaml-validate.py                               |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/deployment/nova/nova-vnc-proxy-container-puppet.yaml b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
index 42a2bfe34d..29efdab5f8 100644
--- a/deployment/nova/nova-vnc-proxy-container-puppet.yaml
+++ b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
@@ -50,7 +50,7 @@ parameters:
     description: If set to true and if EnableInternalTLS is enabled, it will
                  enable TLS transaport for libvirt VNC and configure the
                  relevant keys for libvirt.
-  InternalTLSVncCAFile:
+  InternalTLSVncProxyCAFile:
     default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
@@ -61,7 +61,7 @@ parameters:
                  This file will be symlinked to the default CA path,
                  which is /etc/pki/libvirt-vnc/ca-cert.pem.
                  This parameter should be used if the default (which comes from
-                 the InternalTLSVncCAFile parameter) is not desired. The current
+                 the InternalTLSVncProxyCAFile parameter) is not desired. The current
                  default reflects TripleO's default CA, which is FreeIPA.
                  It will only be used if internal TLS is enabled.
   StackUpdateType:
@@ -162,7 +162,7 @@ outputs:
                 tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
                   if:
                     - libvirt_vnc_specific_ca_unset
-                    - get_param: InternalTLSVncCAFile
+                    - get_param: InternalTLSVncProxyCAFile
                     - get_param: LibvirtVncCACert
                 tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
                 libvirt_vnc_certificates_specs:
@@ -170,7 +170,7 @@ outputs:
                     cacertfile:
                       if:
                         - libvirt_vnc_specific_ca_unset
-                        - get_param: InternalTLSVncCAFile
+                        - get_param: InternalTLSVncProxyCAFile
                         - null
                     service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
                     service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@@ -262,7 +262,7 @@ outputs:
                             CACERT:
                               if:
                                 - libvirt_vnc_specific_ca_unset
-                                - get_param: InternalTLSVncCAFile
+                                - get_param: InternalTLSVncProxyCAFile
                                 - get_param: LibvirtVncCACert
                       - /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
                       - /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index ad6eb02772..44629e82aa 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -117,6 +117,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
     'KeystoneAdminErrorLoggingSource': ['default'],
     'KeystoneMainAcccessLoggingSource': ['default'],
     'KeystoneMainErrorLoggingSource': ['default'],
+    'LibvirtVncCACert': ['description'],
     'NeutronApiLoggingSource': ['default'],
     'NeutronDhcpAgentLoggingSource': ['default'],
     'NeutronL3AgentLoggingSource': ['default'],