Merge "Add NodeTLSData to generic role.role.j2.yaml"

2017-07-26 13:14:21 +00:00 · 2017-07-26 13:14:21 +00:00 · 083d654e5c
parent 37099cce3d 98d6d84ca3
commit 083d654e5c
1 changed files with 29 additions and 2 deletions
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@ -513,14 +513,27 @@ resources:
            fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
            fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
            fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+            tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
+  {%- endif -%}

  # Resource for site-specific injection of root certificate
  NodeTLSCAData:
-    depends_on: {{role.name}}Deployment
+    depends_on: NetworkDeployment
    type: OS::TripleO::NodeTLSCAData
    properties:
      server: {get_resource: {{role.name}}}

+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+  # Resource for site-specific passing of private keys/certificates
+  NodeTLSData:
+    depends_on: NodeTLSCAData
+    type: OS::TripleO::NodeTLSData
+    properties:
+      server: {get_resource: {{role.name}}}
+      NodeIndex: {get_param: NodeIndex}
+  {%- endif -%}
+
  # Hook for site-specific additional pre-deployment config, e.g extra hieradata
  {{role.name}}ExtraConfigPre:
    depends_on: {{role.name}}Deployment
@ -534,7 +547,13 @@ resources:
  # Hook for site-specific additional pre-deployment config,
  # applying to all nodes, e.g node registration/unregistration
  NodeExtraConfig:
-    depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData]
+    depends_on:
+      - {{role.name}}ExtraConfigPre
+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+      - NodeTLSData
+  {%- else %}
+      - NodeTLSCAData
+  {%- endif %}
    type: OS::TripleO::NodeExtraConfig
    # We have to use conditions here so that we don't break backwards
    # compatibility with templates everywhere
@ -674,6 +693,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
                    - 6
                - 0
        - keys: {hostname: {get_param: Hostname}}
+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+  tls_key_modulus_md5:
+    description: MD5 checksum of the TLS Key Modulus
+    value: {get_attr: [NodeTLSData, key_modulus_md5]}
+  tls_cert_modulus_md5:
+    description: MD5 checksum of the TLS Certificate Modulus
+    value: {get_attr: [NodeTLSData, cert_modulus_md5]}
+  {%- endif %}
  os_collect_config:
    description: The os-collect-config configuration associated with this server resource
    value: {get_attr: [{{role.name}}, os_collect_config]}