From 0dcb51e10175bc1010e56e5bb4b64f22b051b23b Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Thu, 18 Jan 2018 08:42:45 +0200
Subject: [PATCH] Enable configuring tripleo-ipsec variables through IpsecVars

This exposes the IpsecVars heat parameter which in turn can set any
variable from the tripleo-ipsec ansible role.

Change-Id: Ie6ef4aa05567c739884c1d402fc59eea80b31506
---
 extraconfig/services/ipsec.yaml | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/extraconfig/services/ipsec.yaml b/extraconfig/services/ipsec.yaml
index 90e8365264..7b05690bd7 100644
--- a/extraconfig/services/ipsec.yaml
+++ b/extraconfig/services/ipsec.yaml
@@ -33,6 +33,12 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
 
+  IpsecVars:
+    default: {}
+    description: Hash of ansible-tripleo-ipsec variables used to
+                 configure IPSec tunnels.
+    type: json
+
 outputs:
   role_data:
     description: Role data for the IPSEC service
@@ -97,8 +103,10 @@ outputs:
           - include_role:
               name: tripleo-ipsec
             vars:
-              ipsec_configure_vips: false
-              ipsec_skip_firewall_rules: false
+              map_merge:
+              - ipsec_configure_vips: false
+                ipsec_skip_firewall_rules: false
+              - {get_param: IpsecVars}
         # In step 2 the pacemaker resources are created and the VIPs
         # are assigned to the nodes. We need those VIPs to be assigned
         # already before setting up the IPSEC tunnels. Hence we do this
@@ -109,5 +117,7 @@ outputs:
           - include_role:
               name: tripleo-ipsec
             vars:
-              ipsec_configure_vips: true
-              ipsec_skip_firewall_rules: true
+              map_merge:
+              - ipsec_configure_vips: true
+                ipsec_skip_firewall_rules: true
+              - {get_param: IpsecVars}