Add support for providing Octavia cert data

This patch adds heat parameters for configuring the contents of the Octavia CA and cert files. Depends-On: I8d46bad372b8c24b290500ee6040207cb808ba23 Change-Id: I8595d85b7c9be703f9a247e07b677da0cfdb932c
2017-12-07 10:27:33 -03:30 · 2017-12-07 10:27:33 -03:30 · c0b227135f
commit c0b227135f
parent 1331feaef1
3 changed files with 64 additions and 21 deletions
--- a/puppet/services/octavia-base.yaml
+++ b/puppet/services/octavia-base.yaml
@ -78,10 +78,23 @@ parameters:
    type: string
    default: '/etc/octavia/certs/ca_01.pem'
    description: Octavia CA certificate file path.
+  OctaviaCaCert:
+    type: string
+    default: ''
+    description: Octavia CA certificate data. If provided, this will create
+                 or update a file on the host with the path provided in
+                 OctaviaCaCertFile with the certificate data.
  OctaviaCaKeyFile:
    type: string
    default: '/etc/octavia/certs/private/cakey.pem'
    description: Octavia CA private key file path.
+  OctaviaCaKey:
+    type: string
+    default: ''
+    description: The private key for the certificate provided in OctaviaCaCert.
+                 If provided, this will create or update a file on the host
+                 with the path provided in OctaviaCaKeyFile with the key
+                 data.
  OctaviaCaKeyPassphrase:
    description: CA private key passphrase.
    type: string
@ -89,6 +102,8 @@ parameters:

 conditions:
  service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
+  octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
+  octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}

 outputs:
  role_data:
@ -96,7 +111,8 @@ outputs:
    value:
       service_name: octavia_base
       config_settings:
-         octavia::debug:
+         map_merge:
+           - octavia::debug:
              if:
              - service_debug_unset
              - {get_param: Debug }
@ -117,3 +133,13 @@ outputs:
             octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
             octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
             octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
+           -
+             if:
+               - octavia_ca_cert_unset
+               - {}
+               - octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
+           -
+             if:
+               - octavia_ca_key_unset
+               - {}
+               - octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
--- a/puppet/services/octavia-worker.yaml
+++ b/puppet/services/octavia-worker.yaml
@ -67,9 +67,16 @@ parameters:
    default: '/etc/octavia/certs/client.pem'
    description: client certificate for amphoras
    type: string
+  OctaviaClientCert:
+    default: ''
+    description: Client certificate data. If provided, this will create or update
+                 a file on the host with the path provided in OctaviaClientCertFile
+                 with the certificate data.
+    type: string

 conditions:
  octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
+  octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]}

 resources:

@ -106,6 +113,12 @@ outputs:
            - octavia_topology_unset
            - {}
            - octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
+          -
+            if:
+            - octavia_client_cert_unset
+            - {}
+            - octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
+
      step_config: |
        include tripleo::profile::base::octavia::worker

--- a/releasenotes/notes/add-octavia-cert-key-variables-48133267832ee196.yaml
+++ b/releasenotes/notes/add-octavia-cert-key-variables-48133267832ee196.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Added support for providing Octavia certificate data through heat parameters.