Fix the mounting issues for the TLS everywhere deployment

This patch adds the CRL directory to the haproxy in case of TLS
everywhere deployment, it also removes the duplicated CA file
from the haproxy and rabbitmq containers.

Depends-On: I836ab1a23c8aea35c0cea54d0765c7313a4b9038
Closes-Bug: #1860638
Closes-Bug: #1860641

Change-Id: I7d18befc51a4afb404b39ebdd8b1ccab4dfdf744

deployment/haproxy/haproxy-container-puppet.yaml

@@ -104,6 +104,10 @@ parameters:
     type: string
     description: Specifies the default CRL PEM file to use for revocation if
                  TLS is used for services in the internal network.
+  InternalTLSCRLPEMDir:
+    default: '/etc/pki/CA/crl/'
+    type: string
+    description: The directory of the CRL PEM file to be mounted.
 
 conditions:
   puppet_debug_enabled: {get_param: ConfigDebug}
@@ -218,6 +222,11 @@ outputs:
                   - - {get_param: InternalTLSCAFile}
                     - {get_param: InternalTLSCAFile}
                     - 'ro,shared'
+              - list_join:
+                  - ':'
+                  - - {get_param: InternalTLSCRLPEMDir}
+                    - {get_param: InternalTLSCRLPEMDir}
+                    - 'ro,shared'
             - null
       kolla_config:
         /var/lib/kolla/config_files/haproxy.json:
@@ -279,8 +288,8 @@ outputs:
                       - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro,shared
                       - list_join:
                           - ':'
-                          - - {get_param: InternalTLSCAFile}
-                            - {get_param: InternalTLSCAFile}
+                          - - {get_param: InternalTLSCRLPEMDir}
+                            - {get_param: InternalTLSCRLPEMDir}
                             - 'ro'
                     - null
               environment:

deployment/rabbitmq/rabbitmq-container-puppet.yaml

@@ -43,11 +43,6 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
-  InternalTLSCAFile:
-    default: '/etc/ipa/ca.crt'
-    type: string
-    description: Specifies the default CA cert to use if TLS is used for
-                 services in the internal network.
   RabbitUserName:
     default: guest
     description: The username for RabbitMQ

deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml

@@ -43,11 +43,6 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
-  InternalTLSCAFile:
-    default: '/etc/ipa/ca.crt'
-    type: string
-    description: Specifies the default CA cert to use if TLS is used for
-                 services in the internal network.
   NotifyPort:
     default: 5672
     description: The network port for messaging Notify backend
@@ -261,11 +256,6 @@ outputs:
                 - if:
                   - internal_tls_enabled
                   -
-                    - list_join:
-                      - ':'
-                      - - {get_param: InternalTLSCAFile}
-                        - {get_param: InternalTLSCAFile}
-                        - 'ro'
                     - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
                     - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
                   - null

deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml

@@ -43,11 +43,6 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
-  InternalTLSCAFile:
-    default: '/etc/ipa/ca.crt'
-    type: string
-    description: Specifies the default CA cert to use if TLS is used for
-                 services in the internal network.
   RpcPort:
     default: 5672
     description: The network port for messaging backend