9cde9139c4
This solves the problem that bootstrap_nodeid, which is set to the first node in each role via t-h-t, can match potentially more than one node - e.g in the event that a service is deployed such that it spans more than one role. The SERVICE_short_bootstrap_node_name is automatically generated based on the composable service template service_name, and this considers all roles where the service is enabled, e.g it should only evaluate true once regardles off the roles where the service is enabled. Change-Id: I48ec4549552910f3cb8db960b0ff10a6c61b4bb9 Partial-Bug: #1792613
87 lines
2.9 KiB
Puppet
87 lines
2.9 KiB
Puppet
# Copyright 2017 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::barbican::backends
|
|
#
|
|
# Barbican's secret store plugin profile for tripleo
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*bootstrap_node*]
|
|
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
# Defaults to hiera('barbican_api_bootstrap_node_name')
|
|
#
|
|
# [*step*]
|
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
# for more details.
|
|
# Defaults to hiera('step')
|
|
#
|
|
# [*simple_crypto_backend_enabled*]
|
|
# (Optional) Whether the simple crypto backend is enabled or not. This is
|
|
# dynamically set via t-h-t.
|
|
# Defaults to hiera('barbican_backend_simple_crypto_enabled', false)
|
|
#
|
|
# [*dogtag_backend_enabled*]
|
|
# (Optional) Whether the Dogtag backend is enabled or not. This is
|
|
# dynamically set via t-h-t.
|
|
# Defaults to hiera('barbican_backend_dogtag_enabled', false)
|
|
#
|
|
# [*p11_crypto_backend_enabled*]
|
|
# (Optional) Whether the pkcs11 crypto backend is enabled or not. This is
|
|
# dynamically set via t-h-t.
|
|
# Defaults to hiera('barbican_backend_pkcs11_crypto_enabled', false)
|
|
#
|
|
# [*kmip_backend_enabled*]
|
|
# (Optional) Whether the KMIP backend is enabled or not. This is
|
|
# dynamically set via t-h-t.
|
|
# Defaults to hiera('barbican_backend_kmip_enabled', false)
|
|
#
|
|
class tripleo::profile::base::barbican::backends (
|
|
$simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false),
|
|
$dogtag_backend_enabled = hiera('barbican_backend_dogtag_enabled', false),
|
|
$p11_crypto_backend_enabled = hiera('barbican_backend_pkcs11_crypto_enabled', false),
|
|
$kmip_backend_enabled = hiera('barbican_backend_kmip_enabled', false),
|
|
) {
|
|
if $simple_crypto_backend_enabled {
|
|
include ::barbican::plugins::simple_crypto
|
|
$backend1 = 'simple_crypto'
|
|
} else {
|
|
$backend1 = undef
|
|
}
|
|
|
|
if $dogtag_backend_enabled {
|
|
include ::barbican::plugins::dogtag
|
|
$backend2 = 'dogtag'
|
|
} else {
|
|
$backend2 = undef
|
|
}
|
|
|
|
if $p11_crypto_backend_enabled {
|
|
include ::barbican::plugins::p11_crypto
|
|
$backend3 = 'pkcs11'
|
|
} else {
|
|
$backend3 = undef
|
|
}
|
|
|
|
if $kmip_backend_enabled {
|
|
include ::barbican::plugins::kmip
|
|
$backend4 = 'kmip'
|
|
} else {
|
|
$backend4 = undef
|
|
}
|
|
|
|
$enabled_backends_list = [$backend1, $backend2, $backend3, $backend4].filter |$items| { $items != undef }
|
|
$enabled_secret_stores = join($enabled_backends_list, ',')
|
|
}
|