Tell HAProxy container template that the public cert was autogenerated

With the recent change to only mounting the certificate when it's used [1]. The usecase of autogenerating the public certificate was missed. This enables a flag to tell the template to mount it if we're autogenerating the certificate. [1] Id8ba09902d25689e642f922c43e71649977bf248 Change-Id: I299e6052e6a872c3907184b635d218a806d906e0
2017-11-03 14:11:41 +02:00 · 2017-11-03 14:11:41 +02:00 · 7c2eee2494
commit 7c2eee2494
parent 3b17b3fccd
2 changed files with 14 additions and 4 deletions
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@ -45,6 +45,11 @@ parameters:
    description: >
      The content of the SSL certificate (without Key) in PEM format.
    type: string
+  PublicSSLCertificateAutogenerated:
+    default: false
+    description: >
+      Whether the public SSL certificate was autogenerated or not.
+    type: boolean
  DeployedSSLCertificatePath:
    default: '/etc/pki/tls/private/overcloud_endpoint.pem'
    description: >
@ -78,10 +83,14 @@ conditions:

  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  public_tls_enabled:
-    not:
-      equals:
-      - {get_param: SSLCertificate}
-      - ""
+    or:
+    - not:
+        equals:
+        - {get_param: SSLCertificate}
+        - ""
+    - equals:
+        - {get_param: PublicSSLCertificateAutogenerated}
+        - true

 resources:

--- a/environments/services/haproxy-public-tls-certmonger.yaml
+++ b/environments/services/haproxy-public-tls-certmonger.yaml
@ -1,4 +1,5 @@
 # A Heat environment file which can be used to enable a
 # a TLS for HAProxy via certmonger
 resource_registry:
+  PublicSSLCertificateAutogenerated: true
  OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml