Create parameters for haproxy TLS certs and keys
this removes the hardcoded paths for the haproxy certs and keys and will enable re-use. We'll use this in a further commit in the containterized TLS work. Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
This commit is contained in:
parent
5bf7d6582b
commit
65e9ffa15f
|
@ -30,6 +30,12 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
HAProxyInternalTLSCertsDirectory:
|
||||
default: '/etc/pki/tls/certs/haproxy'
|
||||
type: string
|
||||
HAProxyInternalTLSKeysDirectory:
|
||||
default: '/etc/pki/tls/private/haproxy'
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -55,16 +61,30 @@ outputs:
|
|||
config_settings:
|
||||
generate_service_certificates: true
|
||||
tripleo::haproxy::use_internal_certificates: true
|
||||
tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
|
||||
tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
|
||||
tripleo::certmonger::haproxy_dirs::certificate_dir:
|
||||
get_param: HAProxyInternalTLSCertsDirectory
|
||||
tripleo::certmonger::haproxy_dirs::key_dir:
|
||||
get_param: HAProxyInternalTLSKeysDirectory
|
||||
certificates_specs:
|
||||
map_merge:
|
||||
repeat:
|
||||
template:
|
||||
haproxy-NETWORK:
|
||||
service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
|
||||
service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
|
||||
service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
|
||||
service_pem:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||
- '/overcloud-haproxy-NETWORK.pem'
|
||||
service_certificate:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||
- '/overcloud-haproxy-NETWORK.crt'
|
||||
service_key:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSKeysDirectory}
|
||||
- '/overcloud-haproxy-NETWORK.key'
|
||||
hostname: "%{hiera('cloud_name_NETWORK')}"
|
||||
postsave_cmd: "" # TODO
|
||||
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
|
||||
|
|
|
@ -30,6 +30,12 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
HAProxyInternalTLSCertsDirectory:
|
||||
default: '/etc/pki/tls/certs/haproxy'
|
||||
type: string
|
||||
HAProxyInternalTLSKeysDirectory:
|
||||
default: '/etc/pki/tls/private/haproxy'
|
||||
type: string
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -38,14 +44,32 @@ outputs:
|
|||
service_name: haproxy_public_tls_certmonger
|
||||
config_settings:
|
||||
generate_service_certificates: true
|
||||
tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
|
||||
tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
|
||||
tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
|
||||
tripleo::haproxy::service_certificate:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||
- '/overcloud-haproxy-external.pem'
|
||||
tripleo::certmonger::haproxy_dirs::certificate_dir:
|
||||
get_param: HAProxyInternalTLSCertsDirectory
|
||||
tripleo::certmonger::haproxy_dirs::key_dir:
|
||||
get_param: HAProxyInternalTLSKeysDirectory
|
||||
certificates_specs:
|
||||
haproxy-external:
|
||||
service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
|
||||
service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
|
||||
service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
|
||||
service_pem:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||
- '/overcloud-haproxy-external.pem'
|
||||
service_certificate:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||
- '/overcloud-haproxy-external.crt'
|
||||
service_key:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: HAProxyInternalTLSKeysDirectory}
|
||||
- '/overcloud-haproxy-external.key'
|
||||
hostname: "%{hiera('cloud_name_external')}"
|
||||
postsave_cmd: "" # TODO
|
||||
principal: "haproxy/%{hiera('cloud_name_external')}"
|
||||
|
|
Loading…
Reference in New Issue