openstack/tripleo-heat-templates
Code Issues Proposed changes

Do not generate apache/haproxy certs for invalid networks

Browse Source 
Certs were being generated for all networks in service net map.
This was failing as we do not generate hieradata for all of these networks.

Switching from yaql to jinga templating to match the logic that
generates the hieradata.

Change-Id: Ic6c25aceb07ea3824a8fb23549bc5d1205e5cefc
Closes-bug: 1748023
Closes-Bug: 1748053
This commit is contained in:
Oliver Walsh 2018-02-07 22:01:38 +00:00
parent 16e15b73b9
commit fa66c327fc
3 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
puppet/services/apache.yaml → puppet/services/apache.j2.yaml
View File

@ -61,10 +61,12 @@ resources:
# NOTE(jaosorior) Get unique network names to create # NOTE(jaosorior) Get unique network names to create
# certificates for those. We skip the tenant network since # certificates for those. We skip the tenant network since
# we don't need a certificate for that. # we don't need a certificate for that.
yaql: - ctlplane
expression: list($.data.values().toSet().where($ != tenant)) {%- for network in networks %}
data: {%- if network.name_lower != 'tenant' %}
get_param: ServiceNetMap - {{network.name_lower}}
{%- endif %}
{%- endfor %}
outputs: outputs:
role_data: role_data:

11
puppet/services/haproxy-internal-tls-certmonger.yaml → puppet/services/haproxy-internal-tls-certmonger.j2.yaml
View File

@ -47,11 +47,12 @@ resources:
# certificates for those. We skip the tenant network since # certificates for those. We skip the tenant network since
# we don't need a certificate for that, and the external # we don't need a certificate for that, and the external
# network will be handled in another template. # network will be handled in another template.
yaql: - ctlplane
expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant) {%- for network in networks if network.vip|default(false) %}
data: {%- if network.name_lower != 'external' and network.name_lower != 'tenant' %}
map: - {{network.name_lower}}
get_param: ServiceNetMap {%- endif %}
{%- endfor %}
outputs: outputs:
role_data: role_data:

10
tripleo_heat_templates/tests/test_yaql.py
View File

@ -33,13 +33,3 @@ class YAQLTestCase(base.BaseTestCase):
data = data[i] data = data[i]
return data['yaql']['expression'] return data['yaql']['expression']
def test_apache_networks(self):
snippet = self.get_snippet(
'puppet/services/apache.yaml',
'resources.ApacheNetworks.properties.value')
self.assertEqual(
['service'],
yaql.eval(
snippet,
{'data': {'nova': 'tenant', 'cinder': 'service',
'glance': 'service'}}))