Turn off the etcd TLS workaround used with novajoin

[1] introduced a workaround that was required when TLS-everywhere was
implemented with novajoin. The workaround is no longer required because
novajoin is deprecated in favor of the tripleo-ipa ansible module. The
workaround is disabled by changing the EnableEtcdInternalTLS parameter's
default value changes from False to True.

[1] Iec0d02f8f51067098dd58beb4fe57a7fd5ab5651

Change-Id: Ic41738392fbbe9239b927e26c0b2ed3b7abe3a09
This commit is contained in:
Alan Bishop 2021-01-08 11:43:16 -08:00
parent 9fd709019f
commit 9949a8efeb
4 changed files with 27 additions and 3 deletions

View File

@ -72,7 +72,7 @@ parameters:
for cinder's lock manager, even when the rest of the internal
API network is using TLS.
type: boolean
default: false
default: true
CephConfigPath:
type: string
default: "/var/lib/tripleo-config/ceph"

View File

@ -175,7 +175,7 @@ parameters:
for cinder's lock manager, even when the rest of the internal
API network is using TLS.
type: boolean
default: false
default: true
CephConfigPath:
type: string
default: "/var/lib/tripleo-config/ceph"

View File

@ -51,7 +51,7 @@ parameters:
for cinder's lock manager, even when the rest of the internal
API network is using TLS.
type: boolean
default: false
default: true
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
@ -72,6 +72,16 @@ parameters:
description: Override the private key size used when creating the
certificate for this service
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- EnableEtcdInternalTLS
conditions:
internal_tls_enabled:
and:

View File

@ -0,0 +1,14 @@
---
upgrade:
- |
The `EnableEtcdInternalTLS` parameter's default value changes from false
to true. The change is related to the fact that novajoin is deprecated,
and the functionality associated with the `EnableEtcdInternalTLS` parameter
is not required when TLS is deployed using the tripleo-ansible ansible
module.
deprecations:
- |
The `EnableEtcdInternalTLS` parameter is deprecated. It was added to support
a workaround that is necessary when novajoin is used to deploy TLS, but
novajoin itself is deprecated. The workaround is not necessary when TLS
is deployed using the tripleo-ansible ansible module.