Merge "Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt"

2019-11-13 02:32:57 +00:00 · 2019-11-13 02:32:57 +00:00 · d87784dd82
commit d87784dd82
parent 1f1d1ce7ba de14bc555c
2 changed files with 6 additions and 5 deletions
--- a/deployment/nova/nova-vnc-proxy-container-puppet.yaml
+++ b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
@ -50,7 +50,7 @@ parameters:
    description: If set to true and if EnableInternalTLS is enabled, it will
                 enable TLS transaport for libvirt VNC and configure the
                 relevant keys for libvirt.
-  InternalTLSVncCAFile:
+  InternalTLSVncProxyCAFile:
    default: '/etc/pki/CA/certs/vnc.crt'
    type: string
    description: Specifies the CA cert to use for VNC TLS.
@ -61,7 +61,7 @@ parameters:
                 This file will be symlinked to the default CA path,
                 which is /etc/pki/libvirt-vnc/ca-cert.pem.
                 This parameter should be used if the default (which comes from
-                 the InternalTLSVncCAFile parameter) is not desired. The current
+                 the InternalTLSVncProxyCAFile parameter) is not desired. The current
                 default reflects TripleO's default CA, which is FreeIPA.
                 It will only be used if internal TLS is enabled.
  StackUpdateType:
@ -162,7 +162,7 @@ outputs:
                tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
                  if:
                    - libvirt_vnc_specific_ca_unset
-                    - get_param: InternalTLSVncCAFile
+                    - get_param: InternalTLSVncProxyCAFile
                    - get_param: LibvirtVncCACert
                tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
                libvirt_vnc_certificates_specs:
@ -170,7 +170,7 @@ outputs:
                    cacertfile:
                      if:
                        - libvirt_vnc_specific_ca_unset
-                        - get_param: InternalTLSVncCAFile
+                        - get_param: InternalTLSVncProxyCAFile
                        - null
                    service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
                    service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@ -262,7 +262,7 @@ outputs:
                            CACERT:
                              if:
                                - libvirt_vnc_specific_ca_unset
-                                - get_param: InternalTLSVncCAFile
+                                - get_param: InternalTLSVncProxyCAFile
                                - get_param: LibvirtVncCACert
                      - /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
                      - /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@ -116,6 +116,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
    'KeystoneAdminErrorLoggingSource': ['default'],
    'KeystoneMainAcccessLoggingSource': ['default'],
    'KeystoneMainErrorLoggingSource': ['default'],
+    'LibvirtVncCACert': ['description'],
    'NeutronApiLoggingSource': ['default'],
    'NeutronDhcpAgentLoggingSource': ['default'],
    'NeutronL3AgentLoggingSource': ['default'],