fffdcf0f30
Current puppet modules uses only absolute name to include classes, so replace relative name by absolute name in template files so that template description can be consistent with puppet implementation. Change-Id: I7a704d113289d61ed05f7a31d65caf2908a7994a
75 lines
2.2 KiB
YAML
75 lines
2.2 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Requests certificates using certmonger through Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
DefaultCRLURL:
|
|
default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
|
|
description: URI where to get the CRL to be configured in the nodes.
|
|
type: string
|
|
# NOTE(jaosorior): This is being set as IPA as it's the first
|
|
# CA we'll actually be testing out. But we can change this if
|
|
# people request it.
|
|
CertmongerCA:
|
|
type: string
|
|
default: 'IPA'
|
|
# TODO: default to a dedicated CA once the ipa sub-CA setup has been
|
|
# automated and upgrades are addressed
|
|
CertmongerVncCA:
|
|
type: string
|
|
default: 'IPA'
|
|
CertmongerQemuCA:
|
|
type: string
|
|
default: 'IPA'
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the certmonger-user service
|
|
value:
|
|
service_name: certmonger_user
|
|
config_settings:
|
|
map_merge:
|
|
- certmonger_ca: {get_param: CertmongerCA}
|
|
- if:
|
|
- internal_tls_enabled
|
|
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
|
|
certmonger_ca_vnc: {get_param: CertmongerVncCA}
|
|
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
|
|
- {}
|
|
step_config: |
|
|
include tripleo::profile::base::certmonger_user
|