Configure CRL URI if TLS in the internal network is enabled

This uses by default the URL for the CRL provided by FreeIPA (the default CA in TripleO). bp tls-via-certmonger Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04 Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
2017-05-12 18:05:29 +03:00 · 2017-05-12 18:05:29 +03:00 · 83ff2f22da
parent 61fdeb67a0
commit 83ff2f22da
1 changed files with 17 additions and 0 deletions
--- a/puppet/services/certmonger-user.yaml
+++ b/puppet/services/certmonger-user.yaml
@ -26,11 +26,28 @@ parameters:
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  DefaultCRLURL:
+    default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+    description: URI where to get the CRL to be configured in the nodes.
+    type: string
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

 outputs:
  role_data:
    description: Role data for the certmonger-user service
    value:
      service_name: certmonger_user
+      config_settings:
+        tripleo::certmonger::ca::crl::crl_source:
+          if:
+            - internal_tls_enabled
+            - {get_param: DefaultCRLURL}
+            - null
      step_config: |
        include ::tripleo::profile::base::certmonger_user