summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-03-28 14:17:21 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-04-07 11:31:40 +0300
commit8b40d4670d14142aab329a7f1af7ee476a71bab5 (patch)
treec923145de2197a25c522e0031d94fc75e28836c6 /manifests/profile/base
parentd826518a77378963ac3ca0b4d3f51ba967c2f313 (diff)
TLS-everywhere: Add resources for libvirt's cert for live migration
This merely requests the certificates that will be used for libvirt's live migration if TLS-everywhere is enabled. bp tls-via-certmonger Change-Id: If18206d89460f6660a81aabc4ff8b97f1f99bba7
Diffstat (limited to 'manifests/profile/base')
-rw-r--r--manifests/profile/base/certmonger_user.pp12
1 files changed, 12 insertions, 0 deletions
diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index 586c7e4..424ef09 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -43,6 +43,11 @@
# it will create.
# Defaults to hiera('tripleo::profile::base::haproxy::certificate_specs', {}).
#
+# [*libvirt_certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Defaults to hiera('libvirt_certificates_specs', {}).
+#
# [*mysql_certificate_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -56,12 +61,19 @@
class tripleo::profile::base::certmonger_user (
$apache_certificates_specs = hiera('apache_certificates_specs', {}),
$haproxy_certificates_specs = hiera('tripleo::profile::base::haproxy::certificates_specs', {}),
+ $libvirt_certificates_specs = hiera('libvirt_certificates_specs', {}),
$mysql_certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
$rabbitmq_certificate_specs = hiera('tripleo::profile::base::rabbitmq::certificate_specs', {}),
) {
+ include ::tripleo::certmonger::ca::libvirt
+
unless empty($apache_certificates_specs) {
ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs)
}
+ unless empty($libvirt_certificates_specs) {
+ include ::tripleo::certmonger::libvirt_dirs
+ ensure_resources('tripleo::certmonger::libvirt', $libvirt_certificates_specs)
+ }
unless empty($haproxy_certificates_specs) {
ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs)
# The haproxy fronends (or listen resources) depend on the certificate