Merge "Stop generating certificate requests for disabled networks" into stable/wallaby
This commit is contained in:
commit
d515e45746
|
@ -72,9 +72,12 @@ resources:
|
|||
# NOTE(xek) Get unique network names to create certificates.
|
||||
# We skip the tenant and management network (vip != false)
|
||||
# since we don't generate certificates for those.
|
||||
- ctlplane
|
||||
{%- for network in networks if network.enabled|default(true) and network.vip|default(false) %}
|
||||
- {{network.name_lower}}
|
||||
{%- for role in roles %}
|
||||
{{ role.name }}:
|
||||
- ctlplane
|
||||
{%- for network in networks if network.name in role.networks and network.enabled|default(true) and network.vip|default(false) %}
|
||||
- {{network.name_lower}}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
outputs:
|
||||
|
@ -119,7 +122,7 @@ outputs:
|
|||
service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
|
||||
service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
|
||||
for_each:
|
||||
NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||
NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}
|
||||
metadata_settings:
|
||||
if:
|
||||
- {get_param: EnableInternalTLS}
|
||||
|
@ -129,7 +132,7 @@ outputs:
|
|||
network: $NETWORK
|
||||
type: node
|
||||
for_each:
|
||||
$NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||
$NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}
|
||||
upgrade_tasks: []
|
||||
deploy_steps_tasks:
|
||||
- name: Certificate generation
|
||||
|
@ -167,4 +170,4 @@ outputs:
|
|||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
for_each:
|
||||
NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||
NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}
|
||||
|
|
Loading…
Reference in New Issue