Configure CRL URI if TLS in the internal network is enabled
This uses by default the URL for the CRL provided by FreeIPA (the default CA in TripleO). bp tls-via-certmonger Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04 Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
This commit is contained in:
parent
61fdeb67a0
commit
83ff2f22da
|
@ -26,11 +26,28 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
DefaultCRLURL:
|
||||
default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
|
||||
description: URI where to get the CRL to be configured in the nodes.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the certmonger-user service
|
||||
value:
|
||||
service_name: certmonger_user
|
||||
config_settings:
|
||||
tripleo::certmonger::ca::crl::crl_source:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: DefaultCRLURL}
|
||||
- null
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::certmonger_user
|
||||
|
|
Loading…
Reference in New Issue