Merge "Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt"

This commit is contained in:
Zuul 2019-11-13 02:32:57 +00:00 committed by Gerrit Code Review
commit d87784dd82
2 changed files with 6 additions and 5 deletions

View File

@ -50,7 +50,7 @@ parameters:
description: If set to true and if EnableInternalTLS is enabled, it will description: If set to true and if EnableInternalTLS is enabled, it will
enable TLS transaport for libvirt VNC and configure the enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt. relevant keys for libvirt.
InternalTLSVncCAFile: InternalTLSVncProxyCAFile:
default: '/etc/pki/CA/certs/vnc.crt' default: '/etc/pki/CA/certs/vnc.crt'
type: string type: string
description: Specifies the CA cert to use for VNC TLS. description: Specifies the CA cert to use for VNC TLS.
@ -61,7 +61,7 @@ parameters:
This file will be symlinked to the default CA path, This file will be symlinked to the default CA path,
which is /etc/pki/libvirt-vnc/ca-cert.pem. which is /etc/pki/libvirt-vnc/ca-cert.pem.
This parameter should be used if the default (which comes from This parameter should be used if the default (which comes from
the InternalTLSVncCAFile parameter) is not desired. The current the InternalTLSVncProxyCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA. default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled. It will only be used if internal TLS is enabled.
StackUpdateType: StackUpdateType:
@ -162,7 +162,7 @@ outputs:
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem: tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
if: if:
- libvirt_vnc_specific_ca_unset - libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile - get_param: InternalTLSVncProxyCAFile
- get_param: LibvirtVncCACert - get_param: LibvirtVncCACert
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc' tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
libvirt_vnc_certificates_specs: libvirt_vnc_certificates_specs:
@ -170,7 +170,7 @@ outputs:
cacertfile: cacertfile:
if: if:
- libvirt_vnc_specific_ca_unset - libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile - get_param: InternalTLSVncProxyCAFile
- null - null
service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem' service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
service_key: '/etc/pki/libvirt-vnc/client-key.pem' service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@ -262,7 +262,7 @@ outputs:
CACERT: CACERT:
if: if:
- libvirt_vnc_specific_ca_unset - libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile - get_param: InternalTLSVncProxyCAFile
- get_param: LibvirtVncCACert - get_param: LibvirtVncCACert
- /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro - /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
- /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro - /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro

View File

@ -116,6 +116,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
'KeystoneAdminErrorLoggingSource': ['default'], 'KeystoneAdminErrorLoggingSource': ['default'],
'KeystoneMainAcccessLoggingSource': ['default'], 'KeystoneMainAcccessLoggingSource': ['default'],
'KeystoneMainErrorLoggingSource': ['default'], 'KeystoneMainErrorLoggingSource': ['default'],
'LibvirtVncCACert': ['description'],
'NeutronApiLoggingSource': ['default'], 'NeutronApiLoggingSource': ['default'],
'NeutronDhcpAgentLoggingSource': ['default'], 'NeutronDhcpAgentLoggingSource': ['default'],
'NeutronL3AgentLoggingSource': ['default'], 'NeutronL3AgentLoggingSource': ['default'],