Use common implementation for ovn certs
... instead of maintaining the similar logics in neutron and octavia. Change-Id: I0006dcbe116b018b8e9c2d5f6851086b7de143fe
This commit is contained in:
Takashi Kajinami
parent
9121aaeed7
commit
1bda1d37ce
|
|
@ -54,37 +54,14 @@ class openstack_integration::neutron (
|
|||
if $::openstack_integration::config::ssl {
|
||||
openstack_integration::ssl_key { 'neutron':
|
||||
notify => Service['neutron-server'],
|
||||
require => Package['neutron'],
|
||||
require => Anchor['neutron::install::end'],
|
||||
}
|
||||
Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |>
|
||||
|
||||
if $driver == 'ovn' {
|
||||
['ovnnb', 'ovnsb'].each |$ovndb| {
|
||||
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
|
||||
file { "/etc/neutron/${ovn_ssl_file}":
|
||||
ensure => present,
|
||||
owner => 'neutron',
|
||||
mode => '0600',
|
||||
source => "/etc/openvswitch/${ovn_ssl_file}",
|
||||
require => [
|
||||
Anchor['neutron::install::end'],
|
||||
Vswitch::Pki::Cert[$ovndb]
|
||||
],
|
||||
notify => Anchor['neutron::service::begin'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { '/etc/neutron/switchcacert.pem':
|
||||
ensure => present,
|
||||
owner => 'neutron',
|
||||
mode => '0600',
|
||||
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
|
||||
require => [
|
||||
Anchor['neutron::install::end'],
|
||||
Class['vswitch::pki::Cacert'],
|
||||
],
|
||||
openstack_integration::ovn::ssl_key { 'neutron':
|
||||
notify => Anchor['neutron::service::begin'],
|
||||
require => Anchor['neutron::install::end'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,37 +24,14 @@ class openstack_integration::octavia (
|
|||
if $::openstack_integration::config::ssl {
|
||||
openstack_integration::ssl_key { 'octavia':
|
||||
notify => Service['httpd'],
|
||||
require => Package['octavia'],
|
||||
require => Anchor['octavia::install::end'],
|
||||
}
|
||||
Exec['update-ca-certificates'] ~> Service['httpd']
|
||||
|
||||
if $provider_driver == 'ovn' {
|
||||
['ovnnb', 'ovnsb'].each |$ovndb| {
|
||||
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
|
||||
file { "/etc/octavia/${ovn_ssl_file}":
|
||||
ensure => present,
|
||||
owner => 'octavia',
|
||||
mode => '0600',
|
||||
source => "/etc/openvswitch/${ovn_ssl_file}",
|
||||
require => [
|
||||
Anchor['octavia::install::end'],
|
||||
Vswitch::Pki::Cert[$ovndb]
|
||||
],
|
||||
notify => Anchor['octavia::service::begin'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { '/etc/octavia/switchcacert.pem':
|
||||
ensure => present,
|
||||
owner => 'octavia',
|
||||
mode => '0600',
|
||||
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
|
||||
require => [
|
||||
Anchor['octavia::install::end'],
|
||||
Class['vswitch::pki::Cacert'],
|
||||
],
|
||||
openstack_integration::ovn::ssl_key { 'octavia':
|
||||
notify => Anchor['octavia::service::begin'],
|
||||
require => Anchor['octavia::install::end'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
#
|
||||
# [*key_owner*]
|
||||
# (optional) Owner of SSL private key
|
||||
# Defaults to $name.
|
||||
#
|
||||
define openstack_integration::ovn::ssl_key(
|
||||
$key_owner = $name,
|
||||
){
|
||||
['ovnnb', 'ovnsb'].each |$ovndb| {
|
||||
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
|
||||
file { "/etc/${key_owner}/${ovn_ssl_file}":
|
||||
ensure => present,
|
||||
owner => $key_owner,
|
||||
mode => '0600',
|
||||
source => "/etc/openvswitch/${ovn_ssl_file}",
|
||||
require => Vswitch::Pki::Cert[$ovndb]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { "/etc/${key_owner}/switchcacert.pem":
|
||||
ensure => present,
|
||||
owner => $key_owner,
|
||||
mode => '0600',
|
||||
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
|
||||
require => Class['vswitch::pki::Cacert'],
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue