Merge "Fix the mounting issues for the TLS everywhere deployment" into stable/train

This commit is contained in:
Zuul 2020-03-18 23:33:26 +00:00 committed by Gerrit Code Review
commit 1602e8ea78
4 changed files with 11 additions and 47 deletions

View File

@ -104,6 +104,10 @@ parameters:
type: string
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
InternalTLSCRLPEMDir:
default: '/etc/pki/CA/crl/'
type: string
description: The directory of the CRL PEM file to be mounted.
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
@ -218,6 +222,11 @@ outputs:
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro,shared'
- list_join:
- ':'
- - {get_param: InternalTLSCRLPEMDir}
- {get_param: InternalTLSCRLPEMDir}
- 'ro,shared'
- null
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
@ -279,8 +288,8 @@ outputs:
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro,shared
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- - {get_param: InternalTLSCRLPEMDir}
- {get_param: InternalTLSCRLPEMDir}
- 'ro'
- null
environment:

View File

@ -43,11 +43,6 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
RabbitUserName:
default: guest
description: The username for RabbitMQ
@ -284,11 +279,6 @@ outputs:
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
@ -324,11 +314,6 @@ outputs:
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null

View File

@ -43,11 +43,6 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
NotifyPort:
default: 5672
description: The network port for messaging Notify backend
@ -225,11 +220,6 @@ outputs:
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
@ -266,11 +256,6 @@ outputs:
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null

View File

@ -43,11 +43,6 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
RpcPort:
default: 5672
description: The network port for messaging backend
@ -225,11 +220,6 @@ outputs:
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
@ -266,11 +256,6 @@ outputs:
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null