openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Only mount Haproxy TLS if contents are set 

For non-pacemaker deployments, this mounts the TLS certificate only if
it's actually going to be used.

Change-Id: Id8ba09902d25689e642f922c43e71649977bf248
This commit is contained in:
Juan Antonio Osorio Robles 2017-11-02 08:12:13 +02:00
parent 3de6bc039c
commit 56ce14134d
1 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docker/services/haproxy.yaml
View File

@ -40,6 +40,11 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
SSLCertificate:
default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
description: >
@ -72,6 +77,11 @@ parameters:
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
public_tls_enabled:
not:
equals:
- {get_param: SSLCertificate}
- ""
resources:
@ -114,11 +124,14 @@ outputs:
config_image: {get_param: DockerHAProxyConfigImage}
volumes:
list_concat:
- - list_join:
- ':'
- - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath}
- 'ro'
- if:
- public_tls_enabled
- - list_join:
- ':'
- - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath}
- 'ro'
- null
- if:
- internal_tls_enabled
- - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro
@ -193,11 +206,14 @@ outputs:
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
- list_join:
- ':'
- - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath}
- 'ro'
- if:
- public_tls_enabled
- - list_join:
- ':'
- - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath}
- 'ro'
- null
-
if:
- internal_tls_enabled