From 7be65d2666e90837d0ed35bdf4933d2ae0881d5a Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 10 Jan 2018 11:14:12 -0500 Subject: [PATCH] Fixes generating public certificates In non-containerized deployments auto-generation of public certificates fails because the parameter for determining autogeneration is only used in the docker haproxy service template. This patch adds it also to the puppet service. Closes-Bug: 1742481 Change-Id: I4c6e2e95ee9e24973f4d2943d250ca5314493b3c Signed-off-by: Tim Rozet --- puppet/services/haproxy.yaml | 17 +++++++++++++---- ...public-cert-generation-41c75be0b07a48fe.yaml | 5 +++++ 2 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a002d2ad7d..0f5bc1f1c4 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -62,6 +62,11 @@ parameters: description: > The content of the SSL certificate (without Key) in PEM format. type: string + PublicSSLCertificateAutogenerated: + default: false + description: > + Whether the public SSL certificate was autogenerated or not. + type: boolean DeployedSSLCertificatePath: default: '/etc/pki/tls/private/overcloud_endpoint.pem' description: > @@ -81,10 +86,14 @@ parameters: conditions: public_tls_enabled: - not: - equals: - - {get_param: SSLCertificate} - - "" + or: + - not: + equals: + - {get_param: SSLCertificate} + - "" + - equals: + - {get_param: PublicSSLCertificateAutogenerated} + - true resources: diff --git a/releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml b/releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml new file mode 100644 index 0000000000..5de887c653 --- /dev/null +++ b/releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes generation public certificates for haproxy in a non-containerized + TLS deployment scenario.