tripleo-heat-templates/deployment/certs/certmonger-user-baremetal-puppet.yaml
Takashi Kajinami fffdcf0f30 Use absolute name to include puppet classes
Current puppet modules uses only absolute name to include classes,
so replace relative name by absolute name in template files so that
template description can be consistent with puppet implementation.

Change-Id: I7a704d113289d61ed05f7a31d65caf2908a7994a
2020-04-11 08:13:23 +09:00

75 lines
2.2 KiB
YAML

heat_template_version: rocky
description: >
Requests certificates using certmonger through Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableInternalTLS:
type: boolean
default: false
DefaultCRLURL:
default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
description: URI where to get the CRL to be configured in the nodes.
type: string
# NOTE(jaosorior): This is being set as IPA as it's the first
# CA we'll actually be testing out. But we can change this if
# people request it.
CertmongerCA:
type: string
default: 'IPA'
# TODO: default to a dedicated CA once the ipa sub-CA setup has been
# automated and upgrades are addressed
CertmongerVncCA:
type: string
default: 'IPA'
CertmongerQemuCA:
type: string
default: 'IPA'
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the certmonger-user service
value:
service_name: certmonger_user
config_settings:
map_merge:
- certmonger_ca: {get_param: CertmongerCA}
- if:
- internal_tls_enabled
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
certmonger_ca_vnc: {get_param: CertmongerVncCA}
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
- {}
step_config: |
include tripleo::profile::base::certmonger_user