openstack/tripleo-heat-templates
Code Issues Proposed changes
0da17202ec
tripleo-heat-templates/puppet/extraconfig/tls/ca-inject.yaml
Carlos Camacho 927495fe3d Change template names to queens 
The new master branch should point now to queens instead of pike.

So, HOT templates should specify that they might contain features
for queens release [1]

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#queens

Change-Id: I7654d1c59db0c4508a9d7045f452612d22493004
2017-11-23 10:15:32 +01:00

68 lines
2.0 KiB
YAML
Raw Blame History

heat_template_version: queens
description: >
This is a template which will inject the trusted anchor.
parameters:
# Can be overridden via parameter_defaults in the environment
SSLRootCertificate:
description: >
The content of a CA's SSL certificate file in PEM format.
This is evaluated on the client side.
type: string
SSLRootCertificatePath:
default: '/etc/pki/ca-trust/source/anchors/ca.crt.pem'
description: >
The filepath of the root certificate as it will be stored in the nodes.
Note that the path has to be one that can be picked up by the update
trust anchor command. e.g. in RHEL it would be
/etc/pki/ca-trust/source/anchors/ca.crt.pem
type: string
UpdateTrustAnchorsCommand:
default: update-ca-trust extract
description: >
command that will be executed to update the trust anchors.
type: string
# Passed in by controller.yaml
server:
description: ID of the node to apply this config to
type: string
resources:
CAConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: cacert_path
- name: cacert_content
- name: update_anchor_command
outputs:
- name: root_cert_md5sum
config: |
#!/bin/sh
cat > ${cacert_path} << EOF
${cacert_content}
EOF
chmod 0444 ${cacert_path}
chown root:root ${cacert_path}
${update_anchor_command}
md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum
CADeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: CADeployment
config: {get_resource: CAConfig}
server: {get_param: server}
input_values:
cacert_path: {get_param: SSLRootCertificatePath}
cacert_content: {get_param: SSLRootCertificate}
update_anchor_command: {get_param: UpdateTrustAnchorsCommand}
outputs:
deploy_stdout:
description: Deployment reference
value: {get_attr: [CADeployment, root_cert_md5sum]}
View Git Blame Copy Permalink