Add support for providing Octavia cert data
This patch adds heat parameters for configuring the contents of the Octavia CA and cert files. Depends-On: I8d46bad372b8c24b290500ee6040207cb808ba23 Change-Id: I8595d85b7c9be703f9a247e07b677da0cfdb932c
This commit is contained in:
parent
1331feaef1
commit
c0b227135f
@ -78,10 +78,23 @@ parameters:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/ca_01.pem'
|
||||
description: Octavia CA certificate file path.
|
||||
OctaviaCaCert:
|
||||
type: string
|
||||
default: ''
|
||||
description: Octavia CA certificate data. If provided, this will create
|
||||
or update a file on the host with the path provided in
|
||||
OctaviaCaCertFile with the certificate data.
|
||||
OctaviaCaKeyFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaCaKey:
|
||||
type: string
|
||||
default: ''
|
||||
description: The private key for the certificate provided in OctaviaCaCert.
|
||||
If provided, this will create or update a file on the host
|
||||
with the path provided in OctaviaCaKeyFile with the key
|
||||
data.
|
||||
OctaviaCaKeyPassphrase:
|
||||
description: CA private key passphrase.
|
||||
type: string
|
||||
@ -89,6 +102,8 @@ parameters:
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
|
||||
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
|
||||
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -96,24 +111,35 @@ outputs:
|
||||
value:
|
||||
service_name: octavia_base
|
||||
config_settings:
|
||||
octavia::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: OctaviaDebug }
|
||||
octavia::purge_config: {get_param: EnableConfigPurge}
|
||||
octavia::notification_driver: {get_param: NotificationDriver}
|
||||
octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
octavia::rabbit_userid: {get_param: RabbitUserName}
|
||||
octavia::rabbit_password: {get_param: RabbitPassword}
|
||||
octavia::rabbit_port: {get_param: RabbitClientPort}
|
||||
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::service_auth::username: 'octavia'
|
||||
octavia::service_auth::password: {get_param: OctaviaPassword}
|
||||
octavia::service_auth::project_name: 'service'
|
||||
octavia::service_auth::project_domain_name: 'Default'
|
||||
octavia::service_auth::user_domain_name: 'Default'
|
||||
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
||||
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
||||
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
||||
map_merge:
|
||||
- octavia::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: OctaviaDebug }
|
||||
octavia::purge_config: {get_param: EnableConfigPurge}
|
||||
octavia::notification_driver: {get_param: NotificationDriver}
|
||||
octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
||||
octavia::rabbit_userid: {get_param: RabbitUserName}
|
||||
octavia::rabbit_password: {get_param: RabbitPassword}
|
||||
octavia::rabbit_port: {get_param: RabbitClientPort}
|
||||
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
octavia::service_auth::auth_type: 'password'
|
||||
octavia::service_auth::username: 'octavia'
|
||||
octavia::service_auth::password: {get_param: OctaviaPassword}
|
||||
octavia::service_auth::project_name: 'service'
|
||||
octavia::service_auth::project_domain_name: 'Default'
|
||||
octavia::service_auth::user_domain_name: 'Default'
|
||||
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
|
||||
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
|
||||
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
|
||||
-
|
||||
if:
|
||||
- octavia_ca_key_unset
|
||||
- {}
|
||||
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
|
||||
|
@ -67,9 +67,16 @@ parameters:
|
||||
default: '/etc/octavia/certs/client.pem'
|
||||
description: client certificate for amphoras
|
||||
type: string
|
||||
OctaviaClientCert:
|
||||
default: ''
|
||||
description: Client certificate data. If provided, this will create or update
|
||||
a file on the host with the path provided in OctaviaClientCertFile
|
||||
with the certificate data.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
|
||||
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -106,6 +113,12 @@ outputs:
|
||||
- octavia_topology_unset
|
||||
- {}
|
||||
- octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
|
||||
-
|
||||
if:
|
||||
- octavia_client_cert_unset
|
||||
- {}
|
||||
- octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
|
||||
|
||||
step_config: |
|
||||
include tripleo::profile::base::octavia::worker
|
||||
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added support for providing Octavia certificate data through heat parameters.
|
Loading…
Reference in New Issue
Block a user