c68aa2e140
This is part 1 of 2, where ovn provider info located in tripleo::profile::base::octavia::api will move to newly created octavia::provider::ovn. But that has to be split into 2 parts to avoid breaking the CI until the THT+pupple-tripleo changes merges [1]. [1]: https://review.opendev.org/#/q/topic:bug/1861886+(status:open+OR+status:merged) This patch enhances Octavia's OVN driver config, so it can connect to OVN_Northbound DB using TLS. Depends-On: https://review.opendev.org/#/c/711333/ Change-Id: I85049de9960586a1069aa750c8d727c6e37cec73 Related-Bug: #1861886
71 lines
2.1 KiB
Puppet
71 lines
2.1 KiB
Puppet
# Copyright 2020 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::certmonger::ovn_octavia
|
|
#
|
|
# Request a certificate for the ovn_controller service and do the necessary setup.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*hostname*]
|
|
# The hostname of the node. this will be set in the CN of the certificate.
|
|
#
|
|
# [*service_certificate*]
|
|
# The path to the certificate that will be used for TLS in this service.
|
|
#
|
|
# [*service_key*]
|
|
# The path to the key that will be used for TLS in this service.
|
|
#
|
|
# [*certmonger_ca*]
|
|
# (Optional) The CA that certmonger will use to generate the certificates.
|
|
# Defaults to hiera('certmonger_ca', 'local').
|
|
#
|
|
# [*postsave_cmd*]
|
|
# (Optional) Specifies the command to execute after requesting a certificate.
|
|
#
|
|
# [*principal*]
|
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
|
# Defaults to undef
|
|
#
|
|
class tripleo::certmonger::ovn_octavia (
|
|
$hostname,
|
|
$service_certificate,
|
|
$service_key,
|
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
|
$postsave_cmd = undef,
|
|
$principal = undef,
|
|
) {
|
|
include certmonger
|
|
|
|
certmonger_certificate { 'ovn_octavia' :
|
|
ensure => 'present',
|
|
certfile => $service_certificate,
|
|
keyfile => $service_key,
|
|
hostname => $hostname,
|
|
dnsname => $hostname,
|
|
principal => $principal,
|
|
postsave_cmd => $postsave_cmd,
|
|
ca => $certmonger_ca,
|
|
wait => true,
|
|
require => Class['::certmonger'],
|
|
}
|
|
file { $service_certificate :
|
|
require => Certmonger_certificate['ovn_octavia']
|
|
}
|
|
file { $service_key :
|
|
require => Certmonger_certificate['ovn_octavia']
|
|
}
|
|
|
|
}
|