Fix the mounting issues for the TLS everywhere deployment
This patch adds the CRL directory to the haproxy in case of TLS everywhere deployment, it also removes the duplicated CA file from the haproxy and rabbitmq containers. Depends-On: I836ab1a23c8aea35c0cea54d0765c7313a4b9038 Closes-Bug: #1860638 Closes-Bug: #1860641 Change-Id: I7d18befc51a4afb404b39ebdd8b1ccab4dfdf744
This commit is contained in:
parent
be9a319461
commit
c155ea701e
|
@ -104,6 +104,10 @@ parameters:
|
|||
type: string
|
||||
description: Specifies the default CRL PEM file to use for revocation if
|
||||
TLS is used for services in the internal network.
|
||||
InternalTLSCRLPEMDir:
|
||||
default: '/etc/pki/CA/crl/'
|
||||
type: string
|
||||
description: The directory of the CRL PEM file to be mounted.
|
||||
|
||||
conditions:
|
||||
puppet_debug_enabled: {get_param: ConfigDebug}
|
||||
|
@ -218,6 +222,11 @@ outputs:
|
|||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro,shared'
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCRLPEMDir}
|
||||
- {get_param: InternalTLSCRLPEMDir}
|
||||
- 'ro,shared'
|
||||
- null
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/haproxy.json:
|
||||
|
@ -279,8 +288,8 @@ outputs:
|
|||
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro,shared
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- - {get_param: InternalTLSCRLPEMDir}
|
||||
- {get_param: InternalTLSCRLPEMDir}
|
||||
- 'ro'
|
||||
- null
|
||||
environment:
|
||||
|
|
|
@ -43,11 +43,6 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RabbitUserName:
|
||||
default: guest
|
||||
description: The username for RabbitMQ
|
||||
|
|
|
@ -43,11 +43,6 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
NotifyPort:
|
||||
default: 5672
|
||||
description: The network port for messaging Notify backend
|
||||
|
@ -261,11 +256,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
|
|
@ -43,11 +43,6 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
|
|
Loading…
Reference in New Issue