openstack/puppet-tripleo
Code Issues Proposed changes

Add principal to certmonger's haproxy helper

Browse Source 
The principal is needed for kerberos-based solutions like FreeIPA.

bp tls-via-certmonger

Change-Id: Ie27848f522d11135b061aef766de2b696c77fcb9
This commit is contained in:
Juan Antonio Osorio Robles 2016-07-18 18:00:14 +03:00
parent b613e77015
commit b05e8debde
1 changed files with 5 additions and 0 deletions

5
manifests/certmonger/haproxy.pp

@ -36,18 +36,23 @@
# The post-save-command that certmonger will use once it renews the # The post-save-command that certmonger will use once it renews the
# certificate. # certificate.
# #
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
define tripleo::certmonger::haproxy ( define tripleo::certmonger::haproxy (
$service_pem, $service_pem,
$service_certificate, $service_certificate,
$service_key, $service_key,
$hostname, $hostname,
$postsave_cmd, $postsave_cmd,
$principal = undef,
){ ){
certmonger_certificate { "${title}-cert": certmonger_certificate { "${title}-cert":
hostname => $hostname, hostname => $hostname,
certfile => $service_certificate, certfile => $service_certificate,
keyfile => $service_key, keyfile => $service_key,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
principal => $principal,
} }
concat { $service_pem : concat { $service_pem :
ensure => present, ensure => present,