Change the directory for httpd certs/keys to be service-specific
This moves the directories containing the certs/keys for httpd one step further inside the hierarchy. This way we will be able to bind-mount this certificate into the container without bind-mounting any other certs/keys from other services. bp tls-via-certmonger-containers Change-Id: Ibe6e66ae4589b9eab7db330dd8b178e0f8775639 Depends-On: I0b71902358b754fa8bd7fdbb213479503c87aa46
This commit is contained in:
parent
ccb0655db4
commit
87f41c6ec6
|
@ -77,13 +77,15 @@ outputs:
|
||||||
- "%{hiera('apache_remote_proxy_ips_network')}"
|
- "%{hiera('apache_remote_proxy_ips_network')}"
|
||||||
-
|
-
|
||||||
generate_service_certificates: true
|
generate_service_certificates: true
|
||||||
|
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
||||||
|
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
||||||
apache_certificates_specs:
|
apache_certificates_specs:
|
||||||
map_merge:
|
map_merge:
|
||||||
repeat:
|
repeat:
|
||||||
template:
|
template:
|
||||||
httpd-NETWORK:
|
httpd-NETWORK:
|
||||||
service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
|
service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
|
||||||
service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
|
service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
|
||||||
hostname: "%{hiera('fqdn_NETWORK')}"
|
hostname: "%{hiera('fqdn_NETWORK')}"
|
||||||
principal: "HTTP/%{hiera('fqdn_NETWORK')}"
|
principal: "HTTP/%{hiera('fqdn_NETWORK')}"
|
||||||
for_each:
|
for_each:
|
||||||
|
|
Loading…
Reference in New Issue