Create a new parameter for the HAProxy external network
In the standalone config, there is no external network defined.
This leaves the hieradata cloud_name_external undefined, resulting in
an error when we are using the haproxy-public-tls-certmonger template
to create new public certs through haproxy.
Using the PublicNetwork allows us to get the right network for haproxy
in all cases to specify the network and fqdn to use for public certmonger
certificates.
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Change-Id: I8778402bbb7a670c4aa95671c6017dff356238d4
(cherry picked from commit e5f51815c5
)
This commit is contained in:
parent
71977985e3
commit
7dea79a9e3
|
@ -67,10 +67,18 @@ outputs:
|
|||
- ''
|
||||
- - {get_param: HAProxyInternalTLSKeysDirectory}
|
||||
- '/overcloud-haproxy-external.key'
|
||||
hostname: "%{hiera('cloud_name_external')}"
|
||||
principal: "haproxy/%{hiera('cloud_name_external')}"
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, PublicNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "haproxy/%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, PublicNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-haproxy-refresh.sh reload external"
|
||||
metadata_settings:
|
||||
- service: haproxy
|
||||
network: external
|
||||
network: {get_param: [ServiceNetMap, PublicNetwork]}
|
||||
type: vip
|
||||
|
|
Loading…
Reference in New Issue