Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt

The two services use the same parameter for the location of the CA cert. This causes problems when trying to deploy both services on the same machine, for example in standalone mode. Change-Id: Ie67bac28ac6097cba810b51496493584be0edcc8
2019-10-29 15:37:09 +00:00 · 2019-10-29 15:37:09 +00:00 · de14bc555c
parent 794da25b07
commit de14bc555c
2 changed files with 6 additions and 5 deletions
--- a/deployment/nova/nova-vnc-proxy-container-puppet.yaml
+++ b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
@ -50,7 +50,7 @@ parameters:
    description: If set to true and if EnableInternalTLS is enabled, it will
                 enable TLS transaport for libvirt VNC and configure the
                 relevant keys for libvirt.
-  InternalTLSVncCAFile:
+  InternalTLSVncProxyCAFile:
    default: '/etc/pki/CA/certs/vnc.crt'
    type: string
    description: Specifies the CA cert to use for VNC TLS.
@ -61,7 +61,7 @@ parameters:
                 This file will be symlinked to the default CA path,
                 which is /etc/pki/libvirt-vnc/ca-cert.pem.
                 This parameter should be used if the default (which comes from
-                 the InternalTLSVncCAFile parameter) is not desired. The current
+                 the InternalTLSVncProxyCAFile parameter) is not desired. The current
                 default reflects TripleO's default CA, which is FreeIPA.
                 It will only be used if internal TLS is enabled.
  StackUpdateType:
@ -162,7 +162,7 @@ outputs:
                tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
                  if:
                    - libvirt_vnc_specific_ca_unset
-                    - get_param: InternalTLSVncCAFile
+                    - get_param: InternalTLSVncProxyCAFile
                    - get_param: LibvirtVncCACert
                tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
                libvirt_vnc_certificates_specs:
@ -170,7 +170,7 @@ outputs:
                    cacertfile:
                      if:
                        - libvirt_vnc_specific_ca_unset
-                        - get_param: InternalTLSVncCAFile
+                        - get_param: InternalTLSVncProxyCAFile
                        - null
                    service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
                    service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@ -262,7 +262,7 @@ outputs:
                            CACERT:
                              if:
                                - libvirt_vnc_specific_ca_unset
-                                - get_param: InternalTLSVncCAFile
+                                - get_param: InternalTLSVncProxyCAFile
                                - get_param: LibvirtVncCACert
                      - /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
                      - /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@ -117,6 +117,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
    'KeystoneAdminErrorLoggingSource': ['default'],
    'KeystoneMainAcccessLoggingSource': ['default'],
    'KeystoneMainErrorLoggingSource': ['default'],
+    'LibvirtVncCACert': ['description'],
    'NeutronApiLoggingSource': ['default'],
    'NeutronDhcpAgentLoggingSource': ['default'],
    'NeutronL3AgentLoggingSource': ['default'],