Add Octavia certificate parameters

Adds configuration for the paths to Octavia's certificate files. Change-Id: I892854d623e63f339e94fe83261ac9b8a84bdcb5
2017-12-06 14:58:54 +00:00 · 2017-12-06 14:58:54 +00:00 · 1331feaef1
commit 1331feaef1
parent 3dfd327db6
3 changed files with 25 additions and 13 deletions
--- a/environments/services-docker/octavia.yaml
+++ b/environments/services-docker/octavia.yaml
@ -7,4 +7,7 @@ resource_registry:
 parameter_defaults:
    NeutronServicePlugins: "qos,router,trunk,lbaasv2"
    NeutronEnableForceMetadata: true
-
+    OctaviaCaCertFile: '/etc/octavia/certs/ca_01.pem'
+    OctaviaCaKeyFile: '/etc/octavia/certs/private/cakey.pem'
+    OctaviaCaKeyPassphrase: 'foobar'
+    OctaviaClientCertFile: '/etc/octavia/certs/client.pem'
--- a/puppet/services/octavia-base.yaml
+++ b/puppet/services/octavia-base.yaml
@ -74,6 +74,18 @@ parameters:
    description: The password for the Octavia's database account.
    type: string
    hidden: true
+  OctaviaCaCertFile:
+    type: string
+    default: '/etc/octavia/certs/ca_01.pem'
+    description: Octavia CA certificate file path.
+  OctaviaCaKeyFile:
+    type: string
+    default: '/etc/octavia/certs/private/cakey.pem'
+    description: Octavia CA private key file path.
+  OctaviaCaKeyPassphrase:
+    description: CA private key passphrase.
+    type: string
+    hidden: true

 conditions:
  service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
@ -102,3 +114,6 @@ outputs:
         octavia::service_auth::project_name: 'service'
         octavia::service_auth::project_domain_name: 'Default'
         octavia::service_auth::user_domain_name: 'Default'
+         octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
+         octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
+         octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
--- a/puppet/services/octavia-worker.yaml
+++ b/puppet/services/octavia-worker.yaml
@ -39,7 +39,7 @@ parameters:
      tag: openstack.octavia.worker
      path: /var/log/octavia/worker.log
  OctaviaAmphoraImageTag:
-    default: ''
+    default: 'amphora-image'
    description: Glance image tag for identifying the amphora image.
    type: string
  OctaviaAmphoraNetworkList:
@ -63,15 +63,13 @@ parameters:
    default: false
    description: Configure the nova flavor for the amphora.
    type: boolean
-  OctaviaSSHKeyName:
-    default: 'octavia-ssh-key'
-    description: name for ssh key to be configured so the amphora can
-                 be logged into.
+  OctaviaClientCertFile:
+    default: '/etc/octavia/certs/client.pem'
+    description: client certificate for amphoras
    type: string

 conditions:
  octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
-  octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]}

 resources:

@ -101,12 +99,8 @@ outputs:
            octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId}
            octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
            octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
-            octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName}
-          -
-            if:
-            - octavia_amphora_tag_unset
-            - {}
-            - octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
+            octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
+            octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
          -
            if:
            - octavia_topology_unset