db292165c5
Keys are generated in astute prehook and saved in master node for further use. In current implementation only one key for haproxy is generated and then it will be used for all public OpenStack URLs. If self-signed certificates are created then new astute prehook task added will copy those certificates to apropriate nodes. Also this change adds new ssl modular task that checks if user uploaded certificate exists and saves it from yaml to local node filesystem. Implements: blueprint ssl-endpoints Depends-On: I2261dcfb55743b0fb31f4cbe42e7793176c8e1c0 Change-Id: Ifcd9194b51129ea262363196a9963a96cc5760bb
23 lines
565 B
Puppet
23 lines
565 B
Puppet
notice('MODULAR: ssl_keys_saving.pp')
|
|
|
|
$public_ssl_hash = hiera_hash('public_ssl')
|
|
$pub_certificate_content = $public_ssl_hash['cert_data']['content']
|
|
$base_path = "/etc/pki/tls/certs"
|
|
$pki_path = [ "/etc/pki", "/etc/pki/tls" ]
|
|
$astute_base_path = "/var/lib/astute/haproxy"
|
|
|
|
File {
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
}
|
|
|
|
file { [ $pki_path, $base_path, $astute_base_path ]:
|
|
ensure => directory,
|
|
}
|
|
|
|
file { ["$base_path/public_haproxy.pem", "$astute_base_path/public_haproxy.pem"]:
|
|
ensure => present,
|
|
content => $pub_certificate_content,
|
|
}
|