Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt

The two services use the same parameter for the location of the CA cert. This causes problems when trying to deploy both services on the same machine, for example in standalone mode. Closes-Bug: 1887376 Change-Id: Ie67bac28ac6097cba810b51496493584be0edcc8 (cherry picked from commit de14bc555c)
2019-10-29 15:37:09 +00:00 · 2019-10-29 15:37:09 +00:00 · 5087bc9c12
parent 6f2e4b6848
commit 5087bc9c12
2 changed files with 6 additions and 5 deletions
--- a/deployment/nova/nova-vnc-proxy-container-puppet.yaml
+++ b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
@ -50,7 +50,7 @@ parameters:
    description: If set to true and if EnableInternalTLS is enabled, it will
                 enable TLS transaport for libvirt VNC and configure the
                 relevant keys for libvirt.
-  InternalTLSVncCAFile:
+  InternalTLSVncProxyCAFile:
    default: '/etc/pki/CA/certs/vnc.crt'
    type: string
    description: Specifies the CA cert to use for VNC TLS.
@ -61,7 +61,7 @@ parameters:
                 This file will be symlinked to the default CA path,
                 which is /etc/pki/libvirt-vnc/ca-cert.pem.
                 This parameter should be used if the default (which comes from
-                 the InternalTLSVncCAFile parameter) is not desired. The current
+                 the InternalTLSVncProxyCAFile parameter) is not desired. The current
                 default reflects TripleO's default CA, which is FreeIPA.
                 It will only be used if internal TLS is enabled.
  StackUpdateType:
@ -162,7 +162,7 @@ outputs:
                tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
                  if:
                    - libvirt_vnc_specific_ca_unset
-                    - get_param: InternalTLSVncCAFile
+                    - get_param: InternalTLSVncProxyCAFile
                    - get_param: LibvirtVncCACert
                tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
                libvirt_vnc_certificates_specs:
@ -170,7 +170,7 @@ outputs:
                    cacertfile:
                      if:
                        - libvirt_vnc_specific_ca_unset
-                        - get_param: InternalTLSVncCAFile
+                        - get_param: InternalTLSVncProxyCAFile
                        - null
                    service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
                    service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@ -262,7 +262,7 @@ outputs:
                            CACERT:
                              if:
                                - libvirt_vnc_specific_ca_unset
-                                - get_param: InternalTLSVncCAFile
+                                - get_param: InternalTLSVncProxyCAFile
                                - get_param: LibvirtVncCACert
                      - /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
                      - /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@ -117,6 +117,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
    'KeystoneAdminErrorLoggingSource': ['default'],
    'KeystoneMainAcccessLoggingSource': ['default'],
    'KeystoneMainErrorLoggingSource': ['default'],
    'LibvirtVncCACert': ['description'],
    'NeutronApiLoggingSource': ['default'],
    'NeutronDhcpAgentLoggingSource': ['default'],
    'NeutronL3AgentLoggingSource': ['default'],