diff options
| author |   Steven Hardy <shardy@redhat.com> | 2016-08-03 13:37:53 +0100 |
|---|---|---|
| committer | Steven Hardy <shardy@redhat.com> | 2016-08-05 17:03:22 +0100 |
| commit | c563d34fd93a197d2eff20c55343f5edb2681597 (patch) | |
| tree | 13d548bcd8f3d8c11e3797b0ececa1d587ea2775 /manifests | |
| parent | fa5bbd7e0df37d7b288f56cb67efbfc7b485ab52 (diff) | |
Remove keystone PKI cert generation
We don't currently offer any parameter interface to enable
PKI certs, and these have all been deprecated by keystone, so
remove them.
Change-Id: I8232262b928c91dcde7bea2f23fa2a7c2660719e
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/profile/base/keystone.pp | 28 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/keystone.pp | 3 |
2 files changed, 0 insertions, 31 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 9617c11..bba98f8 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -67,34 +67,6 @@ class tripleo::profile::base::keystone ( include ::keystone::endpoint } - #TODO: need a cleanup-keystone-tokens.sh solution here - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } } if $step >= 5 and $manage_db_purge { diff --git a/manifests/profile/pacemaker/keystone.pp b/manifests/profile/pacemaker/keystone.pp index 1cd5178..f48193a 100644 --- a/manifests/profile/pacemaker/keystone.pp +++ b/manifests/profile/pacemaker/keystone.pp @@ -77,9 +77,6 @@ class tripleo::profile::pacemaker::keystone ( require => [Pacemaker::Resource::Ocf['rabbitmq'], Pacemaker::Resource::Ocf['openstack-core']], } - File['/etc/keystone/ssl/certs/ca.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name] - File['/etc/keystone/ssl/private/signing_key.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name] - File['/etc/keystone/ssl/certs/signing_cert.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name] } } |