aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorSteven Hardy <shardy@redhat.com>2016-08-03 13:37:53 +0100
committerSteven Hardy <shardy@redhat.com>2016-08-05 17:03:22 +0100
commitc563d34fd93a197d2eff20c55343f5edb2681597 (patch)
tree13d548bcd8f3d8c11e3797b0ececa1d587ea2775 /manifests
parentfa5bbd7e0df37d7b288f56cb67efbfc7b485ab52 (diff)
Remove keystone PKI cert generation
We don't currently offer any parameter interface to enable PKI certs, and these have all been deprecated by keystone, so remove them. Change-Id: I8232262b928c91dcde7bea2f23fa2a7c2660719e
Diffstat (limited to 'manifests')
-rw-r--r--manifests/profile/base/keystone.pp28
-rw-r--r--manifests/profile/pacemaker/keystone.pp3
2 files changed, 0 insertions, 31 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 9617c11..bba98f8 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -67,34 +67,6 @@ class tripleo::profile::base::keystone (
include ::keystone::endpoint
}
- #TODO: need a cleanup-keystone-tokens.sh solution here
- file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
- ensure => 'directory',
- owner => 'keystone',
- group => 'keystone',
- require => Package['keystone'],
- }
- file { '/etc/keystone/ssl/certs/signing_cert.pem':
- content => hiera('keystone_signing_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service[$::apache::params::service_name],
- require => File['/etc/keystone/ssl/certs'],
- }
- file { '/etc/keystone/ssl/private/signing_key.pem':
- content => hiera('keystone_signing_key'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service[$::apache::params::service_name],
- require => File['/etc/keystone/ssl/private'],
- }
- file { '/etc/keystone/ssl/certs/ca.pem':
- content => hiera('keystone_ca_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service[$::apache::params::service_name],
- require => File['/etc/keystone/ssl/certs'],
- }
}
if $step >= 5 and $manage_db_purge {
diff --git a/manifests/profile/pacemaker/keystone.pp b/manifests/profile/pacemaker/keystone.pp
index 1cd5178..f48193a 100644
--- a/manifests/profile/pacemaker/keystone.pp
+++ b/manifests/profile/pacemaker/keystone.pp
@@ -77,9 +77,6 @@ class tripleo::profile::pacemaker::keystone (
require => [Pacemaker::Resource::Ocf['rabbitmq'],
Pacemaker::Resource::Ocf['openstack-core']],
}
- File['/etc/keystone/ssl/certs/ca.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name]
- File['/etc/keystone/ssl/private/signing_key.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name]
- File['/etc/keystone/ssl/certs/signing_cert.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name]
}
}