2e2750b72d
Change-Id: I152762c33ef31a580ce1c7fba5f5e81146b2f00b Related-Blueprint: services-yaml-flattening
74 lines
2.1 KiB
YAML
74 lines
2.1 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Requests certificates using certmonger through Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
DefaultCRLURL:
|
|
default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
|
|
description: URI where to get the CRL to be configured in the nodes.
|
|
type: string
|
|
# NOTE(jaosorior): This is being set as IPA as it's the first
|
|
# CA we'll actually be testing out. But we can change this if
|
|
# people request it.
|
|
CertmongerCA:
|
|
type: string
|
|
default: 'IPA'
|
|
# TODO: default to a dedicated CA once the ipa sub-CA setup has been
|
|
# automated and upgrades are addressed
|
|
CertmongerVncCA:
|
|
type: string
|
|
default: 'IPA'
|
|
CertmongerQemuCA:
|
|
type: string
|
|
default: 'IPA'
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the certmonger-user service
|
|
value:
|
|
service_name: certmonger_user
|
|
config_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
- tripleo::certmonger::ca::crl::crl_source: {get_param: DefaultCRLURL}
|
|
certmonger_ca: {get_param: CertmongerCA}
|
|
certmonger_ca_vnc: {get_param: CertmongerVncCA}
|
|
certmonger_ca_qemu: {get_param: CertmongerQemuCA}
|
|
- {}
|
|
step_config: |
|
|
include ::tripleo::profile::base::certmonger_user
|