Use barbican for certificates storage

Octavia can do SSL termination only in case when barbican is available. We should be able to add required configuration section only when barbican is also present in inventory Change-Id: Ie319fd02cdd60f8a8ac65f0508e9075f40839ae9 (cherry picked from commit 78d204afb8)
2020-12-25 18:09:29 +02:00 · 2020-12-25 18:09:29 +02:00 · 3d0ca7da88
parent 1a5e9d67f9
commit 3d0ca7da88
2 changed files with 7 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -58,6 +58,9 @@ octavia_clients_endpoint: internalURL

 octavia_auth_strategy: keystone

+## Barbican certificates
+octavia_barbican_enabled: false
+
 ## Cinder Volume
 octavia_cinder_enabled: False

--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@ -66,14 +66,15 @@ memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}

 [certificates]
-# cert_generator = local_cert_generator
-
-# For local certificate signing (development only):
 ca_certificate = /etc/octavia/certs/ca.pem
 ca_private_key = /etc/octavia/certs/ca_key.pem
 ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
 signing_digest = {{ octavia_signing_digest }}
+{% if octavia_barbican_enabled %}
+cert_manager = barbican_cert_manager
 endpoint_type = {{ octavia_clients_endpoint }}
+region_name = {{ keystone_service_region }}
+{% endif %}

 [haproxy_amphora]
 {% if octavia_haproxy_amphora_template is defined %}