Only request neutron certificate from neutron dhcp service
The certificate request for the "neutron" certificate was set in the
neutron base template. This had the secondary effect of causing every
node that has a neutron service to try to request the certificate.
This fixes that issue by moving those bits to where the certificate is
actually used (which is only by the dhcp agent).
Change-Id: I10ade8a4b5ec30872210c633d35273309ae20377
Closes-Bug: #1816465
(cherry picked from commit 44245d19dd
)
This commit is contained in:
parent
8e1fc18a3c
commit
97eb154e91
|
@ -98,10 +98,6 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- get_attr: [NeutronLogging, config_settings]
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::neutron::postsave_cmd: "true" # TODO: restart the container here
|
||||
- {}
|
||||
- tripleo::profile::base::neutron::dhcp_agent_wrappers::enable_dnsmasq_wrapper: {get_param: NeutronEnableDnsmasqDockerWrapper}
|
||||
tripleo::profile::base::neutron::dhcp_agent_wrappers::dnsmasq_process_wrapper: '/var/lib/neutron/dnsmasq_wrapper'
|
||||
tripleo::profile::base::neutron::dhcp_agent_wrappers::dnsmasq_image: {get_param: DockerNeutronDHCPImage}
|
||||
|
@ -230,7 +226,13 @@ outputs:
|
|||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: neutron
|
||||
network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
|
|
|
@ -95,9 +95,6 @@ parameters:
|
|||
description: Driver or drivers to handle sending notifications.
|
||||
constraints:
|
||||
- allowed_values: [ 'messagingv2', 'noop' ]
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
|
@ -126,7 +123,6 @@ parameters:
|
|||
conditions:
|
||||
dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
|
||||
service_debug_unset: {equals : [{get_param: NeutronDebug}, '']}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -164,29 +160,3 @@ outputs:
|
|||
- dhcp_agents_zero
|
||||
- {}
|
||||
- tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::profile::base::neutron::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/neutron.crt'
|
||||
service_key: '/etc/pki/tls/private/neutron.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "neutron/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-neutron-dhcpd-refresh.sh"
|
||||
- null
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: neutron
|
||||
network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
type: node
|
||||
- null
|
||||
|
|
|
@ -139,6 +139,21 @@ outputs:
|
|||
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
|
||||
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
|
||||
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
|
||||
generate_service_certificates: true
|
||||
tripleo::profile::base::neutron::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/neutron.crt'
|
||||
service_key: '/etc/pki/tls/private/neutron.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "neutron/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-neutron-dhcpd-refresh.sh"
|
||||
- {}
|
||||
- if:
|
||||
- dhcp_ovs_intergation_bridge_unset
|
||||
|
|
Loading…
Reference in New Issue