Fix the mounting issues for the TLS everywhere deployment
This patch adds the CRL directory to the haproxy in case of TLS
everywhere deployment.
NOTE: The queens backport doesn't contain duplicate mountpoint fixes
which only apply to train.
Closes-Bug: #1860641
Resolves: rhbz#1698058
Change-Id: I7d18befc51a4afb404b39ebdd8b1ccab4dfdf744
(cherry picked from commit c155ea701e
)
This commit is contained in:
parent
2fdda9b318
commit
b9ab64afa4
|
@ -82,6 +82,10 @@ parameters:
|
|||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
InternalTLSCRLPEMDir:
|
||||
default: '/etc/pki/CA/crl/'
|
||||
type: string
|
||||
description: The directory of the CRL PEM file to be mounted.
|
||||
ConfigDebug:
|
||||
default: false
|
||||
description: Whether to run config management (e.g. Puppet) in debug mode.
|
||||
|
@ -162,6 +166,11 @@ outputs:
|
|||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCRLPEMDir}
|
||||
- {get_param: InternalTLSCRLPEMDir}
|
||||
- 'ro'
|
||||
- null
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/haproxy.json:
|
||||
|
@ -247,8 +256,8 @@ outputs:
|
|||
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- - {get_param: InternalTLSCRLPEMDir}
|
||||
- {get_param: InternalTLSCRLPEMDir}
|
||||
- 'ro'
|
||||
- null
|
||||
environment:
|
||||
|
|
Loading…
Reference in New Issue