Use DeployedSSLCertificatePath for public TLS via certmonger

As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).

There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.

Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
This commit is contained in:
Juan Antonio Osorio Robles 2017-09-04 14:04:28 +03:00
parent 4b789f4963
commit f395d9eab2
1 changed files with 7 additions and 10 deletions

View File

@ -36,6 +36,11 @@ parameters:
HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy'
type: string
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
description: >
The filepath of the certificate as it will be stored in the controller.
type: string
outputs:
role_data:
@ -44,22 +49,14 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
tripleo::haproxy::service_certificate:
list_join:
- ''
- - {get_param: HAProxyInternalTLSCertsDirectory}
- '/overcloud-haproxy-external.pem'
tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
tripleo::certmonger::haproxy_dirs::certificate_dir:
get_param: HAProxyInternalTLSCertsDirectory
tripleo::certmonger::haproxy_dirs::key_dir:
get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
service_pem:
list_join:
- ''
- - {get_param: HAProxyInternalTLSCertsDirectory}
- '/overcloud-haproxy-external.pem'
service_pem: {get_param: DeployedSSLCertificatePath}
service_certificate:
list_join:
- ''