Use common implementation for ovn certs
... instead of maintaining the similar logics in neutron and octavia. Change-Id: I0006dcbe116b018b8e9c2d5f6851086b7de143fe
This commit is contained in:
parent
9121aaeed7
commit
1bda1d37ce
@ -54,37 +54,14 @@ class openstack_integration::neutron (
|
|||||||
if $::openstack_integration::config::ssl {
|
if $::openstack_integration::config::ssl {
|
||||||
openstack_integration::ssl_key { 'neutron':
|
openstack_integration::ssl_key { 'neutron':
|
||||||
notify => Service['neutron-server'],
|
notify => Service['neutron-server'],
|
||||||
require => Package['neutron'],
|
require => Anchor['neutron::install::end'],
|
||||||
}
|
}
|
||||||
Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |>
|
Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |>
|
||||||
|
|
||||||
if $driver == 'ovn' {
|
if $driver == 'ovn' {
|
||||||
['ovnnb', 'ovnsb'].each |$ovndb| {
|
openstack_integration::ovn::ssl_key { 'neutron':
|
||||||
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
|
|
||||||
file { "/etc/neutron/${ovn_ssl_file}":
|
|
||||||
ensure => present,
|
|
||||||
owner => 'neutron',
|
|
||||||
mode => '0600',
|
|
||||||
source => "/etc/openvswitch/${ovn_ssl_file}",
|
|
||||||
require => [
|
|
||||||
Anchor['neutron::install::end'],
|
|
||||||
Vswitch::Pki::Cert[$ovndb]
|
|
||||||
],
|
|
||||||
notify => Anchor['neutron::service::begin'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/neutron/switchcacert.pem':
|
|
||||||
ensure => present,
|
|
||||||
owner => 'neutron',
|
|
||||||
mode => '0600',
|
|
||||||
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
|
|
||||||
require => [
|
|
||||||
Anchor['neutron::install::end'],
|
|
||||||
Class['vswitch::pki::Cacert'],
|
|
||||||
],
|
|
||||||
notify => Anchor['neutron::service::begin'],
|
notify => Anchor['neutron::service::begin'],
|
||||||
|
require => Anchor['neutron::install::end'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -24,37 +24,14 @@ class openstack_integration::octavia (
|
|||||||
if $::openstack_integration::config::ssl {
|
if $::openstack_integration::config::ssl {
|
||||||
openstack_integration::ssl_key { 'octavia':
|
openstack_integration::ssl_key { 'octavia':
|
||||||
notify => Service['httpd'],
|
notify => Service['httpd'],
|
||||||
require => Package['octavia'],
|
require => Anchor['octavia::install::end'],
|
||||||
}
|
}
|
||||||
Exec['update-ca-certificates'] ~> Service['httpd']
|
Exec['update-ca-certificates'] ~> Service['httpd']
|
||||||
|
|
||||||
if $provider_driver == 'ovn' {
|
if $provider_driver == 'ovn' {
|
||||||
['ovnnb', 'ovnsb'].each |$ovndb| {
|
openstack_integration::ovn::ssl_key { 'octavia':
|
||||||
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
|
|
||||||
file { "/etc/octavia/${ovn_ssl_file}":
|
|
||||||
ensure => present,
|
|
||||||
owner => 'octavia',
|
|
||||||
mode => '0600',
|
|
||||||
source => "/etc/openvswitch/${ovn_ssl_file}",
|
|
||||||
require => [
|
|
||||||
Anchor['octavia::install::end'],
|
|
||||||
Vswitch::Pki::Cert[$ovndb]
|
|
||||||
],
|
|
||||||
notify => Anchor['octavia::service::begin'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/octavia/switchcacert.pem':
|
|
||||||
ensure => present,
|
|
||||||
owner => 'octavia',
|
|
||||||
mode => '0600',
|
|
||||||
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
|
|
||||||
require => [
|
|
||||||
Anchor['octavia::install::end'],
|
|
||||||
Class['vswitch::pki::Cacert'],
|
|
||||||
],
|
|
||||||
notify => Anchor['octavia::service::begin'],
|
notify => Anchor['octavia::service::begin'],
|
||||||
|
require => Anchor['octavia::install::end'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
28
manifests/ovn/ssl_key.pp
Normal file
28
manifests/ovn/ssl_key.pp
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
#
|
||||||
|
# [*key_owner*]
|
||||||
|
# (optional) Owner of SSL private key
|
||||||
|
# Defaults to $name.
|
||||||
|
#
|
||||||
|
define openstack_integration::ovn::ssl_key(
|
||||||
|
$key_owner = $name,
|
||||||
|
){
|
||||||
|
['ovnnb', 'ovnsb'].each |$ovndb| {
|
||||||
|
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
|
||||||
|
file { "/etc/${key_owner}/${ovn_ssl_file}":
|
||||||
|
ensure => present,
|
||||||
|
owner => $key_owner,
|
||||||
|
mode => '0600',
|
||||||
|
source => "/etc/openvswitch/${ovn_ssl_file}",
|
||||||
|
require => Vswitch::Pki::Cert[$ovndb]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/${key_owner}/switchcacert.pem":
|
||||||
|
ensure => present,
|
||||||
|
owner => $key_owner,
|
||||||
|
mode => '0600',
|
||||||
|
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
|
||||||
|
require => Class['vswitch::pki::Cacert'],
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user