openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Only request neutron certificate from neutron dhcp service"

Browse Source
This commit is contained in:
Zuul 2019-02-19 10:31:35 +00:00 committed by Gerrit Code Review
commit d35fa30721
2 changed files with 22 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
deployment/neutron/neutron-dhcp-container-puppet.yaml
View File

@ -162,10 +162,6 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
- if:
- internal_tls_enabled
- tripleo::certmonger::neutron::postsave_cmd: "true" # TODO: restart the container here
- {}
- tripleo::profile::base::neutron::dhcp_agent_wrappers::enable_dnsmasq_wrapper: {get_param: NeutronEnableDnsmasqDockerWrapper}
tripleo::profile::base::neutron::dhcp_agent_wrappers::dnsmasq_process_wrapper: '/var/lib/neutron/dnsmasq_wrapper'
tripleo::profile::base::neutron::dhcp_agent_wrappers::dnsmasq_image: {get_param: DockerNeutronDHCPImage}
@ -202,6 +198,21 @@ outputs:
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
generate_service_certificates: true
tripleo::profile::base::neutron::certificate_specs:
service_certificate: '/etc/pki/tls/certs/neutron.crt'
service_key: '/etc/pki/tls/private/neutron.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
principal:
str_replace:
template: "neutron/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
postsave_cmd: "/usr/bin/certmonger-neutron-dhcpd-refresh.sh"
- {}
- if:
- dhcp_ovs_intergation_bridge_unset
@ -332,7 +343,13 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
if:
- internal_tls_enabled
-
- service: neutron
network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
type: node
- null
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}

30
puppet/services/neutron-base.yaml
View File

@ -105,9 +105,6 @@ parameters:
type: string
default: 'messagingv2'
description: Driver or drivers to handle sending notifications.
EnableInternalTLS:
type: boolean
default: false
RpcPort:
default: 5672
description: The network port for messaging backend
@ -136,7 +133,6 @@ parameters:
conditions:
dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
service_debug_unset: {equals : [{get_param: NeutronDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
global_physnet_mtu_unset: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]}
outputs:
@ -179,29 +175,3 @@ outputs:
- dhcp_agents_zero
- {}
- tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
- if:
- internal_tls_enabled
- generate_service_certificates: true
tripleo::profile::base::neutron::certificate_specs:
service_certificate: '/etc/pki/tls/certs/neutron.crt'
service_key: '/etc/pki/tls/private/neutron.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
principal:
str_replace:
template: "neutron/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
postsave_cmd: "/usr/bin/certmonger-neutron-dhcpd-refresh.sh"
- null
metadata_settings:
if:
- internal_tls_enabled
-
- service: neutron
network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
type: node
- null