Add support for providing Octavia cert data

This patch adds heat parameters for configuring the contents of the Octavia CA and cert files. Depends-On: I8d46bad372b8c24b290500ee6040207cb808ba23 Change-Id: I8595d85b7c9be703f9a247e07b677da0cfdb932c
2017-12-07 10:27:33 -03:30 · 2017-12-07 10:27:33 -03:30 · c0b227135f
commit c0b227135f
parent 1331feaef1
3 changed files with 64 additions and 21 deletions
--- a/puppet/services/octavia-base.yaml
+++ b/puppet/services/octavia-base.yaml
@ -78,10 +78,23 @@ parameters:
    type: string
    default: '/etc/octavia/certs/ca_01.pem'
    description: Octavia CA certificate file path.
  OctaviaCaCert:
    type: string
    default: ''
    description: Octavia CA certificate data. If provided, this will create
                 or update a file on the host with the path provided in
                 OctaviaCaCertFile with the certificate data.
  OctaviaCaKeyFile:
    type: string
    default: '/etc/octavia/certs/private/cakey.pem'
    description: Octavia CA private key file path.
  OctaviaCaKey:
    type: string
    default: ''
    description: The private key for the certificate provided in OctaviaCaCert.
                 If provided, this will create or update a file on the host
                 with the path provided in OctaviaCaKeyFile with the key
                 data.
  OctaviaCaKeyPassphrase:
    description: CA private key passphrase.
    type: string
@ -89,6 +102,8 @@ parameters:
 conditions:
  service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
  octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
  octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
 outputs:
  role_data:
@ -96,24 +111,35 @@ outputs:
    value:
       service_name: octavia_base
       config_settings:
-         octavia::debug:
+         map_merge:
-          if:
+           - octavia::debug:
-          - service_debug_unset
+              if:
-          - {get_param: Debug }
+              - service_debug_unset
-          - {get_param: OctaviaDebug }
+              - {get_param: Debug }
-         octavia::purge_config: {get_param: EnableConfigPurge}
+              - {get_param: OctaviaDebug }
-         octavia::notification_driver: {get_param: NotificationDriver}
+             octavia::purge_config: {get_param: EnableConfigPurge}
-         octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+             octavia::notification_driver: {get_param: NotificationDriver}
-         octavia::rabbit_userid: {get_param: RabbitUserName}
+             octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
-         octavia::rabbit_password: {get_param: RabbitPassword}
+             octavia::rabbit_userid: {get_param: RabbitUserName}
-         octavia::rabbit_port: {get_param: RabbitClientPort}
+             octavia::rabbit_password: {get_param: RabbitPassword}
-         octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+             octavia::rabbit_port: {get_param: RabbitClientPort}
-         octavia::service_auth::auth_type: 'password'
+             octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
-         octavia::service_auth::username: 'octavia'
+             octavia::service_auth::auth_type: 'password'
-         octavia::service_auth::password: {get_param: OctaviaPassword}
+             octavia::service_auth::username: 'octavia'
-         octavia::service_auth::project_name: 'service'
+             octavia::service_auth::password: {get_param: OctaviaPassword}
-         octavia::service_auth::project_domain_name: 'Default'
+             octavia::service_auth::project_name: 'service'
-         octavia::service_auth::user_domain_name: 'Default'
+             octavia::service_auth::project_domain_name: 'Default'
-         octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
+             octavia::service_auth::user_domain_name: 'Default'
-         octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
+             octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
-         octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
+             octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
             octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
           -
             if:
               - octavia_ca_cert_unset
               - {}
               - octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
           -
             if:
               - octavia_ca_key_unset
               - {}
               - octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
--- a/puppet/services/octavia-worker.yaml
+++ b/puppet/services/octavia-worker.yaml
@ -67,9 +67,16 @@ parameters:
    default: '/etc/octavia/certs/client.pem'
    description: client certificate for amphoras
    type: string
  OctaviaClientCert:
    default: ''
    description: Client certificate data. If provided, this will create or update
                 a file on the host with the path provided in OctaviaClientCertFile
                 with the certificate data.
    type: string
 conditions:
  octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
  octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]}
 resources:
@ -106,6 +113,12 @@ outputs:
            - octavia_topology_unset
            - {}
            - octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
          -
            if:
            - octavia_client_cert_unset
            - {}
            - octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
      step_config: |
        include tripleo::profile::base::octavia::worker
--- a/releasenotes/notes/add-octavia-cert-key-variables-48133267832ee196.yaml
+++ b/releasenotes/notes/add-octavia-cert-key-variables-48133267832ee196.yaml
@ -0,0 +1,4 @@
 ---
 features:
  - |
    Added support for providing Octavia certificate data through heat parameters.