Create parameters for haproxy TLS certs and keys
this removes the hardcoded paths for the haproxy certs and keys and will enable re-use. We'll use this in a further commit in the containterized TLS work. Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
This commit is contained in:
parent
5bf7d6582b
commit
65e9ffa15f
|
@ -30,6 +30,12 @@ parameters:
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
via parameter_defaults in the resource registry.
|
via parameter_defaults in the resource registry.
|
||||||
type: json
|
type: json
|
||||||
|
HAProxyInternalTLSCertsDirectory:
|
||||||
|
default: '/etc/pki/tls/certs/haproxy'
|
||||||
|
type: string
|
||||||
|
HAProxyInternalTLSKeysDirectory:
|
||||||
|
default: '/etc/pki/tls/private/haproxy'
|
||||||
|
type: string
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
@ -55,16 +61,30 @@ outputs:
|
||||||
config_settings:
|
config_settings:
|
||||||
generate_service_certificates: true
|
generate_service_certificates: true
|
||||||
tripleo::haproxy::use_internal_certificates: true
|
tripleo::haproxy::use_internal_certificates: true
|
||||||
tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
|
tripleo::certmonger::haproxy_dirs::certificate_dir:
|
||||||
tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
|
get_param: HAProxyInternalTLSCertsDirectory
|
||||||
|
tripleo::certmonger::haproxy_dirs::key_dir:
|
||||||
|
get_param: HAProxyInternalTLSKeysDirectory
|
||||||
certificates_specs:
|
certificates_specs:
|
||||||
map_merge:
|
map_merge:
|
||||||
repeat:
|
repeat:
|
||||||
template:
|
template:
|
||||||
haproxy-NETWORK:
|
haproxy-NETWORK:
|
||||||
service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
|
service_pem:
|
||||||
service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
|
list_join:
|
||||||
service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||||
|
- '/overcloud-haproxy-NETWORK.pem'
|
||||||
|
service_certificate:
|
||||||
|
list_join:
|
||||||
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||||
|
- '/overcloud-haproxy-NETWORK.crt'
|
||||||
|
service_key:
|
||||||
|
list_join:
|
||||||
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSKeysDirectory}
|
||||||
|
- '/overcloud-haproxy-NETWORK.key'
|
||||||
hostname: "%{hiera('cloud_name_NETWORK')}"
|
hostname: "%{hiera('cloud_name_NETWORK')}"
|
||||||
postsave_cmd: "" # TODO
|
postsave_cmd: "" # TODO
|
||||||
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
|
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
|
||||||
|
|
|
@ -30,6 +30,12 @@ parameters:
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
via parameter_defaults in the resource registry.
|
via parameter_defaults in the resource registry.
|
||||||
type: json
|
type: json
|
||||||
|
HAProxyInternalTLSCertsDirectory:
|
||||||
|
default: '/etc/pki/tls/certs/haproxy'
|
||||||
|
type: string
|
||||||
|
HAProxyInternalTLSKeysDirectory:
|
||||||
|
default: '/etc/pki/tls/private/haproxy'
|
||||||
|
type: string
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
|
@ -38,14 +44,32 @@ outputs:
|
||||||
service_name: haproxy_public_tls_certmonger
|
service_name: haproxy_public_tls_certmonger
|
||||||
config_settings:
|
config_settings:
|
||||||
generate_service_certificates: true
|
generate_service_certificates: true
|
||||||
tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
|
tripleo::haproxy::service_certificate:
|
||||||
tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
|
list_join:
|
||||||
tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||||
|
- '/overcloud-haproxy-external.pem'
|
||||||
|
tripleo::certmonger::haproxy_dirs::certificate_dir:
|
||||||
|
get_param: HAProxyInternalTLSCertsDirectory
|
||||||
|
tripleo::certmonger::haproxy_dirs::key_dir:
|
||||||
|
get_param: HAProxyInternalTLSKeysDirectory
|
||||||
certificates_specs:
|
certificates_specs:
|
||||||
haproxy-external:
|
haproxy-external:
|
||||||
service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
|
service_pem:
|
||||||
service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
|
list_join:
|
||||||
service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||||
|
- '/overcloud-haproxy-external.pem'
|
||||||
|
service_certificate:
|
||||||
|
list_join:
|
||||||
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||||
|
- '/overcloud-haproxy-external.crt'
|
||||||
|
service_key:
|
||||||
|
list_join:
|
||||||
|
- ''
|
||||||
|
- - {get_param: HAProxyInternalTLSKeysDirectory}
|
||||||
|
- '/overcloud-haproxy-external.key'
|
||||||
hostname: "%{hiera('cloud_name_external')}"
|
hostname: "%{hiera('cloud_name_external')}"
|
||||||
postsave_cmd: "" # TODO
|
postsave_cmd: "" # TODO
|
||||||
principal: "haproxy/%{hiera('cloud_name_external')}"
|
principal: "haproxy/%{hiera('cloud_name_external')}"
|
||||||
|
|
Loading…
Reference in New Issue