Deprovision dccertmon from subclouds

In [1], the dccertmon service was provisioned in SM for both system
controllers and subclouds when it should only run in the former.
Therefore, this commit updates SM entries to remove the service
provision for subclouds.

Test plan:
1. PASS: Build an ISO with the changes and install a DC system with
   active subclouds successfully.
2. PASS: Verify that dccertmon is provisioned in the system controller
   but deprovisioned in all subclouds.
3. PASS: Deploy an AIO-SX successfully and verify dccertmon is not
   provisioned.
4. PASS: Deploy a subcloud, manage it, verify that the dc-cert status is
   updated to in-sync after a while and the subcloud does not present
   any alarms.
5. PASS: Delete the secret for the adminep-ca-certificate of a managed
   subcloud and verify that it is updated both on the system controller
   and the subcloud.
6. PASS: Rehome a subcloud and verify tests 4 and 5 are successfull.

Closes-Bug: 2106823

[1]. https://review.opendev.org/c/starlingx/stx-puppet/+/941208

Change-Id: I2d108948d8df33c23f4e6fc3f7de8d8a52f57e56
Signed-off-by: Raphael <Raphael.Lima@windriver.com>

puppet-manifests/src/modules/platform/manifests/kubernetes.pp

@@ -1655,11 +1655,6 @@ class platform::kubernetes::master::rootca::trustnewca::runtime
   inherits ::platform::kubernetes::params {
   include ::platform::params
 
-  $cloud_role = (
-    $::platform::params::distributed_cloud_role == 'systemcontroller' or
-    $::platform::params::distributed_cloud_role == 'subcloud'
-  )
-
   # Copy the new root CA cert in place
   exec { 'put_new_ca_cert_in_place':
     command => "/bin/cp ${rootca_certfile_new} ${rootca_certfile}",
@@ -1687,10 +1682,10 @@ class platform::kubernetes::master::rootca::trustnewca::runtime
   -> exec { 'restart_cert_mon':
     command => 'sm-restart-safe service cert-mon',
   }
-  # Restart dccert-mon since it uses admin.conf
-  -> exec { 'restart_dc_cert_mon':
+  # Restart dccertmon since it uses admin.conf
+  -> exec { 'restart_dccertmon':
     command => 'sm-restart-safe service dccertmon',
-    onlyif  => $cloud_role,
+    onlyif  => $::platform::params::distributed_cloud_role == 'systemcontroller',
   }
   # Restart kube-apiserver to pick up the new cert
   -> exec { 'restart_apiserver':

puppet-manifests/src/modules/platform/manifests/sm.pp

@@ -733,15 +733,6 @@ class platform::sm
       -> exec { 'Provision DCAgent-API (service-group-member dcagent-api)':
         command => 'sm-provision service-group-member distributed-cloud-services dcagent-api',
       }
-      -> exec { 'Provision DCCertmon (service-group-member dccertmon)':
-        command => 'sm-provision service-group-member distributed-cloud-services dccertmon',
-      }
-      -> exec { 'Provision DCCertmon in SM (service dccertmon)':
-        command => 'sm-provision service dccertmon',
-      }
-      -> exec { 'Configure OpenStack - DCCertmon':
-        command => "sm-configure service_instance dccertmon dccertmon \"\"",
-      }
       # Deprovision Horizon when running as a subcloud
       exec { 'Deprovision OpenStack - Horizon (service-group-member)':
         command => 'sm-deprovision service-group-member web-services horizon',