Stop generating certificate requests for disabled networks
Make sure the list includes only networks that are configured on the
running node. This change is analogous to
7013a04e04
, but for haproxy.
Change-Id: I0293e019f3a2c4c8ffbf8258214d8522957d56f5
Resolves: rhbz#2088526
This commit is contained in:
parent
890b91c29b
commit
f3c76bcf07
|
@ -62,14 +62,17 @@ resources:
|
|||
# * The "external" (PublicNetwork) network will be handled in
|
||||
# another template, it is skipped by a yaql filter on the
|
||||
# PublicNetwork defined in ServiceNetMap.
|
||||
yaql:
|
||||
expression: let(public_network => $.data.public_network) -> $.data.networks.where($ != $public_network or $ = 'ctlplane')
|
||||
data:
|
||||
public_network: {get_param: [ServiceNetMap, PublicNetwork]}
|
||||
networks:
|
||||
- ctlplane
|
||||
{%- for network in networks if network.enabled|default(true) and network.vip|default(false) %}
|
||||
- {{network.name_lower}}
|
||||
{%- for role in roles %}
|
||||
{{ role.name }}:
|
||||
yaql:
|
||||
expression: let(public_network => $.data.public_network) -> $.data.networks.where($ != $public_network or $ = 'ctlplane')
|
||||
data:
|
||||
public_network: {get_param: [ServiceNetMap, PublicNetwork]}
|
||||
networks:
|
||||
- ctlplane
|
||||
{%- for network in networks if network.name in role.networks and network.enabled|default(true) and network.vip|default(false) %}
|
||||
- {{network.name_lower}}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{% raw -%}
|
||||
outputs:
|
||||
|
@ -90,7 +93,7 @@ outputs:
|
|||
- - {get_param: HAProxyInternalTLSCertsDirectory}
|
||||
- '/overcloud-haproxy-NETWORK.pem'
|
||||
for_each:
|
||||
NETWORK: {get_attr: [HAProxyNetworks, value]}
|
||||
NETWORK: {get_attr: [HAProxyNetworks, value, { get_param: RoleName }]}
|
||||
metadata_settings:
|
||||
repeat:
|
||||
template:
|
||||
|
@ -101,7 +104,7 @@ outputs:
|
|||
network: $NETWORK
|
||||
type: node
|
||||
for_each:
|
||||
$NETWORK: {get_attr: [HAProxyNetworks, value]}
|
||||
$NETWORK: {get_attr: [HAProxyNetworks, value, { get_param: RoleName }]}
|
||||
deploy_steps_tasks:
|
||||
- name: Certificate generation
|
||||
when: step|int == 1
|
||||
|
@ -169,5 +172,5 @@ outputs:
|
|||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
for_each:
|
||||
NETWORK: {get_attr: [HAProxyNetworks, value]}
|
||||
NETWORK: {get_attr: [HAProxyNetworks, value, { get_param: RoleName }]}
|
||||
{%- endraw %}
|
||||
|
|
Loading…
Reference in New Issue