aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/certmonger
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-07-13 13:10:21 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-07-13 13:33:07 +0300
commitd8cb7b8603db97c7d77a7d8b9c9cbf83c7f7f024 (patch)
tree214f63e2de5ff91c48508e6ab61aa9fecb24a1ef /manifests/certmonger
parent30b76ab78fcaa202022b604fe71bf51a8cf7ca36 (diff)
Add resource for requesting certificates for HAProxy
This resource will be used in both the overcloud and the undercloud, and can be called in several instances (for public-facing or internal-facing certificates). bp tls-via-certmonger Change-Id: I0410fe0dbbed97d16909e911f7318d78a5bd7d7b
Diffstat (limited to 'manifests/certmonger')
-rw-r--r--manifests/certmonger/haproxy.pp70
1 files changed, 70 insertions, 0 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
new file mode 100644
index 0000000..0806e40
--- /dev/null
+++ b/manifests/certmonger/haproxy.pp
@@ -0,0 +1,70 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Resource: tripleo::certmonger::haproxy
+#
+# Request a certificate for the HAProxy service and does the necessary logic to
+# get it into a format that the service understands.
+#
+# === Parameters
+#
+# [*service_pem*]
+# The file in PEM format that the HAProxy service will use as a certificate.
+#
+# [*service_certificate*]
+# The certificate file that certmonger will be tracking.
+#
+# [*service_key*]
+# The key file that certmonger will use for the certificate.
+#
+# [*hostname*]
+# The hostname that certmonger will use as the common name for the
+# certificate.
+#
+# [*postsave_cmd*]
+# The post-save-command that certmonger will use once it renews the
+# certificate.
+#
+define tripleo::certmonger::haproxy (
+ $service_pem,
+ $service_certificate,
+ $service_key,
+ $hostname,
+ $postsave_cmd,
+){
+ certmonger_certificate { "${title}-cert":
+ hostname => $hostname,
+ certfile => $service_certificate,
+ keyfile => $service_key,
+ postsave_cmd => $postsave_cmd,
+ }
+ concat { $service_pem :
+ ensure => present,
+ mode => '0640',
+ owner => 'haproxy',
+ group => 'haproxy',
+ }
+ concat::fragment { "${title}-cert-fragment":
+ target => $service_pem,
+ source => $service_certificate,
+ order => '01',
+ require => Certmonger_certificate["${title}-cert"],
+ }
+ concat::fragment { "${title}-key-fragment":
+ target => $service_pem,
+ source => $service_key,
+ order => 10,
+ require => Certmonger_certificate["${title}-cert"],
+ }
+}