diff options
author | Damien Ciabrini <dciabrin@redhat.com> | 2017-07-10 08:49:36 -0400 |
---|---|---|
committer | Damien Ciabrini <dciabrin@redhat.com> | 2017-07-10 08:49:36 -0400 |
commit | e32f679b052746acfe012bf12117ad55f0699d18 (patch) | |
tree | 13e677d7a27e8e40f420a23d177216973b75ab48 | |
parent | ec9aea34c7f520b1a2a9138574bf5ba4f0a6b4c9 (diff) |
Let pacemaker bind-mount needed cert for haproxy bundle
When SSL configuration is enabled, haproxy expects to load a SSL
certificate file at startup.
Update the bundle configuration to always bind-mount the cert
file, to support both SSL and non SSL HAproxy bundle deployments.
Change-Id: I6f4d3a5abae8f1781cfe6f69ff960aad500061e3
-rw-r--r-- | manifests/profile/pacemaker/haproxy_bundle.pp | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp index 9c1bdf3..c6eb450 100644 --- a/manifests/profile/pacemaker/haproxy_bundle.pp +++ b/manifests/profile/pacemaker/haproxy_bundle.pp @@ -30,6 +30,11 @@ # (Optional) Whether load balancing is enabled for this cluster # Defaults to hiera('enable_load_balancer', true) # +# [*deployed_ssl_cert_path*] +# (Optional) The filepath of the certificate as it will be stored in +# the controller. +# Defaults to '/etc/pki/tls/private/overcloud_endpoint.pem' +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -40,11 +45,12 @@ # Defaults to hiera('pcs_tries', 20) # class tripleo::profile::pacemaker::haproxy_bundle ( - $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef), - $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), - $enable_load_balancer = hiera('enable_load_balancer', true), - $step = Integer(hiera('step')), - $pcs_tries = hiera('pcs_tries', 20), + $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef), + $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), + $enable_load_balancer = hiera('enable_load_balancer', true), + $deployed_ssl_cert_path = '/etc/pki/tls/private/overcloud_endpoint.pem', + $step = Integer(hiera('step')), + $pcs_tries = hiera('pcs_tries', 20), ) { include ::tripleo::profile::base::haproxy @@ -137,6 +143,11 @@ class tripleo::profile::pacemaker::haproxy_bundle ( 'target-dir' => '/dev/log', 'options' => 'rw', }, + 'haproxy-cert' => { + 'source-dir' => deployed_ssl_cert_path, + 'target-dir' => deployed_ssl_cert_path, + 'options' => 'ro', + }, }, } $control_vip = hiera('controller_virtual_ip') |