tripleo-heat-templates/deployment/certs/certmonger-user-baremetal-puppet.yaml
Dan Prince 2e2750b72d Move auditd, ca-cert, certmonger to deployment
Change-Id: I152762c33ef31a580ce1c7fba5f5e81146b2f00b
Related-Blueprint: services-yaml-flattening
2019-05-30 20:37:25 +00:00

74 lines
2.1 KiB
YAML

heat_template_version: rocky
description: >
Requests certificates using certmonger through Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableInternalTLS:
type: boolean
default: false
DefaultCRLURL:
default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
description: URI where to get the CRL to be configured in the nodes.
type: string
# NOTE(jaosorior): This is being set as IPA as it's the first
# CA we'll actually be testing out. But we can change this if
# people request it.
CertmongerCA:
type: string
default: 'IPA'
# TODO: default to a dedicated CA once the ipa sub-CA setup has been
# automated and upgrades are addressed
CertmongerVncCA:
type: string
default: 'IPA'
CertmongerQemuCA:
type: string
default: 'IPA'
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the certmonger-user service
value:
service_name: certmonger_user
config_settings:
if:
- internal_tls_enabled
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
certmonger_ca: {get_param: CertmongerCA}
certmonger_ca_vnc: {get_param: CertmongerVncCA}
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
- {}
step_config: |
include ::tripleo::profile::base::certmonger_user