Add deployment of CAs via hieradata

This enables us to pass a map of CAs to deploy the CA certificates
using puppet and hiera instead of the bash script we were using. It
also gives us the feature that we will be able to deploy several CA
certificates on the nodes instead of just one as was the case before.

Change-Id: I9559487874b80aeb093cc2fa2cfa7c0479d5a8b2
Depends-On: I84273b4cd6576a63fa78dc93ad6b077dd2a780c7
This commit is contained in:
Juan Antonio Osorio Robles 2016-08-09 20:32:19 +03:00
parent 6c537d2005
commit 9a6f712849
4 changed files with 49 additions and 0 deletions

View File

@ -0,0 +1,8 @@
parameter_defaults:
CAMap:
first-ca-name:
content: |
The content of the CA cert goes here
second-ca-name:
content: |
The content of the CA cert goes here

View File

@ -130,6 +130,7 @@ resource_registry:
# services
OS::TripleO::Services: puppet/services/services.yaml
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::CephClient: OS::Heat::None

View File

@ -109,6 +109,7 @@ parameters:
ControllerServices:
default:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CinderApi
@ -179,6 +180,7 @@ parameters:
ComputeServices:
default:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::Timezone
@ -211,6 +213,7 @@ parameters:
type: json
BlockStorageServices:
default:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
@ -235,6 +238,7 @@ parameters:
type: json
ObjectStorageServices:
default:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::SwiftStorage
@ -262,6 +266,7 @@ parameters:
type: json
CephStorageServices:
default:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp

View File

@ -0,0 +1,35 @@
heat_template_version: 2016-04-08
description: >
HAproxy service configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CAMap:
description: >
Map containing the CA certs and information needed for deploying them.
default: {}
type: json
outputs:
role_data:
description: Role data for injecting CA certificates.
value:
service_name: ca_certs
config_settings:
tripleo::trusted_cas::ca_map: {get_param: CAMap}
step_config: |
include ::tripleo::trusted_cas