Turn off the etcd TLS workaround used with novajoin
[1] introduced a workaround that was required when TLS-everywhere was implemented with novajoin. The workaround is no longer required because novajoin is deprecated in favor of the tripleo-ipa ansible module. The workaround is disabled by changing the EnableEtcdInternalTLS parameter's default value changes from False to True. [1] Iec0d02f8f51067098dd58beb4fe57a7fd5ab5651 Change-Id: Ic41738392fbbe9239b927e26c0b2ed3b7abe3a09
This commit is contained in:
parent
9fd709019f
commit
9949a8efeb
|
@ -72,7 +72,7 @@ parameters:
|
||||||
for cinder's lock manager, even when the rest of the internal
|
for cinder's lock manager, even when the rest of the internal
|
||||||
API network is using TLS.
|
API network is using TLS.
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: true
|
||||||
CephConfigPath:
|
CephConfigPath:
|
||||||
type: string
|
type: string
|
||||||
default: "/var/lib/tripleo-config/ceph"
|
default: "/var/lib/tripleo-config/ceph"
|
||||||
|
|
|
@ -175,7 +175,7 @@ parameters:
|
||||||
for cinder's lock manager, even when the rest of the internal
|
for cinder's lock manager, even when the rest of the internal
|
||||||
API network is using TLS.
|
API network is using TLS.
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: true
|
||||||
CephConfigPath:
|
CephConfigPath:
|
||||||
type: string
|
type: string
|
||||||
default: "/var/lib/tripleo-config/ceph"
|
default: "/var/lib/tripleo-config/ceph"
|
||||||
|
|
|
@ -51,7 +51,7 @@ parameters:
|
||||||
for cinder's lock manager, even when the rest of the internal
|
for cinder's lock manager, even when the rest of the internal
|
||||||
API network is using TLS.
|
API network is using TLS.
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: true
|
||||||
InternalTLSCAFile:
|
InternalTLSCAFile:
|
||||||
default: '/etc/ipa/ca.crt'
|
default: '/etc/ipa/ca.crt'
|
||||||
type: string
|
type: string
|
||||||
|
@ -72,6 +72,16 @@ parameters:
|
||||||
description: Override the private key size used when creating the
|
description: Override the private key size used when creating the
|
||||||
certificate for this service
|
certificate for this service
|
||||||
|
|
||||||
|
parameter_groups:
|
||||||
|
- label: deprecated
|
||||||
|
description: |
|
||||||
|
The following parameters are deprecated and will be removed. They should not
|
||||||
|
be relied on for new deployments. If you have concerns regarding deprecated
|
||||||
|
parameters, please contact the TripleO development team on IRC or the
|
||||||
|
OpenStack mailing list.
|
||||||
|
parameters:
|
||||||
|
- EnableEtcdInternalTLS
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
internal_tls_enabled:
|
internal_tls_enabled:
|
||||||
and:
|
and:
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The `EnableEtcdInternalTLS` parameter's default value changes from false
|
||||||
|
to true. The change is related to the fact that novajoin is deprecated,
|
||||||
|
and the functionality associated with the `EnableEtcdInternalTLS` parameter
|
||||||
|
is not required when TLS is deployed using the tripleo-ansible ansible
|
||||||
|
module.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The `EnableEtcdInternalTLS` parameter is deprecated. It was added to support
|
||||||
|
a workaround that is necessary when novajoin is used to deploy TLS, but
|
||||||
|
novajoin itself is deprecated. The workaround is not necessary when TLS
|
||||||
|
is deployed using the tripleo-ansible ansible module.
|
Loading…
Reference in New Issue