Use common implementation for ovn certs
... instead of maintaining the similar logics in neutron and octavia. Change-Id: I0006dcbe116b018b8e9c2d5f6851086b7de143fe
This commit is contained in:
		| @@ -54,37 +54,14 @@ class openstack_integration::neutron ( | |||||||
|   if $::openstack_integration::config::ssl { |   if $::openstack_integration::config::ssl { | ||||||
|     openstack_integration::ssl_key { 'neutron': |     openstack_integration::ssl_key { 'neutron': | ||||||
|       notify  => Service['neutron-server'], |       notify  => Service['neutron-server'], | ||||||
|       require => Package['neutron'], |       require => Anchor['neutron::install::end'], | ||||||
|     } |     } | ||||||
|     Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |> |     Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |> | ||||||
|  |  | ||||||
|     if $driver == 'ovn' { |     if $driver == 'ovn' { | ||||||
|       ['ovnnb', 'ovnsb'].each |$ovndb| { |       openstack_integration::ovn::ssl_key { 'neutron': | ||||||
|         ["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| { |  | ||||||
|           file { "/etc/neutron/${ovn_ssl_file}": |  | ||||||
|             ensure  => present, |  | ||||||
|             owner   => 'neutron', |  | ||||||
|             mode    => '0600', |  | ||||||
|             source  => "/etc/openvswitch/${ovn_ssl_file}", |  | ||||||
|             require => [ |  | ||||||
|               Anchor['neutron::install::end'], |  | ||||||
|               Vswitch::Pki::Cert[$ovndb] |  | ||||||
|             ], |  | ||||||
|             notify  => Anchor['neutron::service::begin'], |  | ||||||
|           } |  | ||||||
|         } |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       file { '/etc/neutron/switchcacert.pem': |  | ||||||
|         ensure  => present, |  | ||||||
|         owner   => 'neutron', |  | ||||||
|         mode    => '0600', |  | ||||||
|         source  => '/var/lib/openvswitch/pki/switchca/cacert.pem', |  | ||||||
|         require => [ |  | ||||||
|           Anchor['neutron::install::end'], |  | ||||||
|           Class['vswitch::pki::Cacert'], |  | ||||||
|         ], |  | ||||||
|         notify  => Anchor['neutron::service::begin'], |         notify  => Anchor['neutron::service::begin'], | ||||||
|  |         require => Anchor['neutron::install::end'], | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|   | |||||||
| @@ -24,37 +24,14 @@ class openstack_integration::octavia ( | |||||||
|   if $::openstack_integration::config::ssl { |   if $::openstack_integration::config::ssl { | ||||||
|     openstack_integration::ssl_key { 'octavia': |     openstack_integration::ssl_key { 'octavia': | ||||||
|       notify  => Service['httpd'], |       notify  => Service['httpd'], | ||||||
|       require => Package['octavia'], |       require => Anchor['octavia::install::end'], | ||||||
|     } |     } | ||||||
|     Exec['update-ca-certificates'] ~> Service['httpd'] |     Exec['update-ca-certificates'] ~> Service['httpd'] | ||||||
|  |  | ||||||
|     if $provider_driver == 'ovn' { |     if $provider_driver == 'ovn' { | ||||||
|       ['ovnnb', 'ovnsb'].each |$ovndb| { |       openstack_integration::ovn::ssl_key { 'octavia': | ||||||
|         ["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| { |  | ||||||
|           file { "/etc/octavia/${ovn_ssl_file}": |  | ||||||
|             ensure  => present, |  | ||||||
|             owner   => 'octavia', |  | ||||||
|             mode    => '0600', |  | ||||||
|             source  => "/etc/openvswitch/${ovn_ssl_file}", |  | ||||||
|             require => [ |  | ||||||
|               Anchor['octavia::install::end'], |  | ||||||
|               Vswitch::Pki::Cert[$ovndb] |  | ||||||
|             ], |  | ||||||
|             notify  => Anchor['octavia::service::begin'], |  | ||||||
|           } |  | ||||||
|         } |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       file { '/etc/octavia/switchcacert.pem': |  | ||||||
|         ensure  => present, |  | ||||||
|         owner   => 'octavia', |  | ||||||
|         mode    => '0600', |  | ||||||
|         source  => '/var/lib/openvswitch/pki/switchca/cacert.pem', |  | ||||||
|         require => [ |  | ||||||
|           Anchor['octavia::install::end'], |  | ||||||
|           Class['vswitch::pki::Cacert'], |  | ||||||
|         ], |  | ||||||
|         notify  => Anchor['octavia::service::begin'], |         notify  => Anchor['octavia::service::begin'], | ||||||
|  |         require => Anchor['octavia::install::end'], | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|   | |||||||
							
								
								
									
										28
									
								
								manifests/ovn/ssl_key.pp
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/ovn/ssl_key.pp
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | |||||||
|  | # | ||||||
|  | # [*key_owner*] | ||||||
|  | #   (optional) Owner of SSL private key | ||||||
|  | #   Defaults to $name. | ||||||
|  | # | ||||||
|  | define openstack_integration::ovn::ssl_key( | ||||||
|  |   $key_owner = $name, | ||||||
|  | ){ | ||||||
|  |   ['ovnnb', 'ovnsb'].each |$ovndb| { | ||||||
|  |     ["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| { | ||||||
|  |       file { "/etc/${key_owner}/${ovn_ssl_file}": | ||||||
|  |         ensure  => present, | ||||||
|  |         owner   => $key_owner, | ||||||
|  |         mode    => '0600', | ||||||
|  |         source  => "/etc/openvswitch/${ovn_ssl_file}", | ||||||
|  |         require => Vswitch::Pki::Cert[$ovndb] | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   file { "/etc/${key_owner}/switchcacert.pem": | ||||||
|  |     ensure  => present, | ||||||
|  |     owner   => $key_owner, | ||||||
|  |     mode    => '0600', | ||||||
|  |     source  => '/var/lib/openvswitch/pki/switchca/cacert.pem', | ||||||
|  |     require => Class['vswitch::pki::Cacert'], | ||||||
|  |   } | ||||||
|  | } | ||||||
		Reference in New Issue
	
	Block a user
	 Takashi Kajinami
					Takashi Kajinami