summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDamien Ciabrini <dciabrin@redhat.com>2017-07-10 08:49:36 -0400
committerDamien Ciabrini <dciabrin@redhat.com>2017-07-10 08:49:36 -0400
commite32f679b052746acfe012bf12117ad55f0699d18 (patch)
tree13e677d7a27e8e40f420a23d177216973b75ab48
parentec9aea34c7f520b1a2a9138574bf5ba4f0a6b4c9 (diff)
Let pacemaker bind-mount needed cert for haproxy bundle
When SSL configuration is enabled, haproxy expects to load a SSL certificate file at startup. Update the bundle configuration to always bind-mount the cert file, to support both SSL and non SSL HAproxy bundle deployments. Change-Id: I6f4d3a5abae8f1781cfe6f69ff960aad500061e3
-rw-r--r--manifests/profile/pacemaker/haproxy_bundle.pp21
1 files changed, 16 insertions, 5 deletions
diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp
index 9c1bdf3..c6eb450 100644
--- a/manifests/profile/pacemaker/haproxy_bundle.pp
+++ b/manifests/profile/pacemaker/haproxy_bundle.pp
@@ -30,6 +30,11 @@
# (Optional) Whether load balancing is enabled for this cluster
# Defaults to hiera('enable_load_balancer', true)
#
+# [*deployed_ssl_cert_path*]
+# (Optional) The filepath of the certificate as it will be stored in
+# the controller.
+# Defaults to '/etc/pki/tls/private/overcloud_endpoint.pem'
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -40,11 +45,12 @@
# Defaults to hiera('pcs_tries', 20)
#
class tripleo::profile::pacemaker::haproxy_bundle (
- $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
- $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
- $enable_load_balancer = hiera('enable_load_balancer', true),
- $step = Integer(hiera('step')),
- $pcs_tries = hiera('pcs_tries', 20),
+ $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
+ $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
+ $enable_load_balancer = hiera('enable_load_balancer', true),
+ $deployed_ssl_cert_path = '/etc/pki/tls/private/overcloud_endpoint.pem',
+ $step = Integer(hiera('step')),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
include ::tripleo::profile::base::haproxy
@@ -137,6 +143,11 @@ class tripleo::profile::pacemaker::haproxy_bundle (
'target-dir' => '/dev/log',
'options' => 'rw',
},
+ 'haproxy-cert' => {
+ 'source-dir' => deployed_ssl_cert_path,
+ 'target-dir' => deployed_ssl_cert_path,
+ 'options' => 'ro',
+ },
},
}
$control_vip = hiera('controller_virtual_ip')