diff --git a/manifests/neutron.pp b/manifests/neutron.pp index e49516887..e2146924b 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -54,37 +54,14 @@ class openstack_integration::neutron ( if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'neutron': notify => Service['neutron-server'], - require => Package['neutron'], + require => Anchor['neutron::install::end'], } Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |> if $driver == 'ovn' { - ['ovnnb', 'ovnsb'].each |$ovndb| { - ["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| { - file { "/etc/neutron/${ovn_ssl_file}": - ensure => present, - owner => 'neutron', - mode => '0600', - source => "/etc/openvswitch/${ovn_ssl_file}", - require => [ - Anchor['neutron::install::end'], - Vswitch::Pki::Cert[$ovndb] - ], - notify => Anchor['neutron::service::begin'], - } - } - } - - file { '/etc/neutron/switchcacert.pem': - ensure => present, - owner => 'neutron', - mode => '0600', - source => '/var/lib/openvswitch/pki/switchca/cacert.pem', - require => [ - Anchor['neutron::install::end'], - Class['vswitch::pki::Cacert'], - ], + openstack_integration::ovn::ssl_key { 'neutron': notify => Anchor['neutron::service::begin'], + require => Anchor['neutron::install::end'], } } } diff --git a/manifests/octavia.pp b/manifests/octavia.pp index d4761ca0c..99b6ada12 100644 --- a/manifests/octavia.pp +++ b/manifests/octavia.pp @@ -24,37 +24,14 @@ class openstack_integration::octavia ( if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'octavia': notify => Service['httpd'], - require => Package['octavia'], + require => Anchor['octavia::install::end'], } Exec['update-ca-certificates'] ~> Service['httpd'] if $provider_driver == 'ovn' { - ['ovnnb', 'ovnsb'].each |$ovndb| { - ["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| { - file { "/etc/octavia/${ovn_ssl_file}": - ensure => present, - owner => 'octavia', - mode => '0600', - source => "/etc/openvswitch/${ovn_ssl_file}", - require => [ - Anchor['octavia::install::end'], - Vswitch::Pki::Cert[$ovndb] - ], - notify => Anchor['octavia::service::begin'], - } - } - } - - file { '/etc/octavia/switchcacert.pem': - ensure => present, - owner => 'octavia', - mode => '0600', - source => '/var/lib/openvswitch/pki/switchca/cacert.pem', - require => [ - Anchor['octavia::install::end'], - Class['vswitch::pki::Cacert'], - ], + openstack_integration::ovn::ssl_key { 'octavia': notify => Anchor['octavia::service::begin'], + require => Anchor['octavia::install::end'], } } } diff --git a/manifests/ovn/ssl_key.pp b/manifests/ovn/ssl_key.pp new file mode 100644 index 000000000..9537f4dda --- /dev/null +++ b/manifests/ovn/ssl_key.pp @@ -0,0 +1,28 @@ +# +# [*key_owner*] +# (optional) Owner of SSL private key +# Defaults to $name. +# +define openstack_integration::ovn::ssl_key( + $key_owner = $name, +){ + ['ovnnb', 'ovnsb'].each |$ovndb| { + ["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| { + file { "/etc/${key_owner}/${ovn_ssl_file}": + ensure => present, + owner => $key_owner, + mode => '0600', + source => "/etc/openvswitch/${ovn_ssl_file}", + require => Vswitch::Pki::Cert[$ovndb] + } + } + } + + file { "/etc/${key_owner}/switchcacert.pem": + ensure => present, + owner => $key_owner, + mode => '0600', + source => '/var/lib/openvswitch/pki/switchca/cacert.pem', + require => Class['vswitch::pki::Cacert'], + } +}