Revert rolling certificate updates for HA services

Currently galera and ovn require a coordinated restart across
the controller node when certmonger determines the certificate
for a node has expired and it needs to regenerate it.

But right now, when the tripleo certmonger puppet module is
called to assert to state of the certificates, it ends up
regenerating new certificate unconditionally. So the galera and
ovn get restarted on stack update, even when there is no need to.

To mitigate these unecessary restarts, disable the post-action
for now until we fix the behaviour of tripleo's certmonger puppet
module. This has the side effect that services won't get restarted
automatically if no stack update takes place until the certificate
expiration date is reached.

Related-Bug: #1906505

Change-Id: I17f1364932e43b8487515084e41b525e186888db

deployment/database/mysql-pacemaker-puppet.yaml

@@ -173,8 +173,6 @@ outputs:
             if:
             - internal_tls_enabled
             -
-              tripleo::certmonger::mysql::postsave_cmd:
-                /usr/bin/certmonger-ha-resource-refresh.sh mysql galera galera-bundle Master
               tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
                 get_param: InternalTLSCAFile
             - {}

deployment/ovn/ovn-dbs-pacemaker-puppet.yaml

@@ -170,8 +170,6 @@ outputs:
           - if:
             - internal_tls_enabled
             - generate_service_certificates: true
-              tripleo::certmonger::ovn_dbs::postsave_cmd:
-                /usr/bin/certmonger-ha-resource-refresh.sh ovn_dbs ovndb_servers ovn-dbs-bundle Slave Master
               tripleo::profile::pacemaker::ovn_dbs_bundle::ca_file:
                 get_param: InternalTLSCAFile
               tripleo::profile::base::neutron::agents::ovn::protocol: 'ssl'