summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--manifests/certmonger/ca/local.pp37
-rw-r--r--manifests/haproxy/endpoint.pp12
-rw-r--r--manifests/profile/base/heat.pp10
-rw-r--r--manifests/profile/pacemaker/gnocchi.pp6
4 files changed, 63 insertions, 2 deletions
diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp
new file mode 100644
index 0000000..ea08dec
--- /dev/null
+++ b/manifests/certmonger/ca/local.pp
@@ -0,0 +1,37 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::certmonger::ca::local
+#
+# Does the necessary action to extract and trust certmonger's local CA.
+#
+# === Parameters:
+#
+# [*ca_pem*]
+# (optional) PEM file that will contain the local CA certificate.
+# Defaults to '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
+#
+class tripleo::certmonger::ca::local(
+ $ca_pem = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem',
+){
+ $ca_pkcs12 = '/var/lib/certmonger/local/creds'
+ $extract_cmd = "openssl pkcs12 -in ${ca_pkcs12} -out ${ca_pem} -nokeys -nodes -passin pass:''"
+ $trust_ca_cmd = 'update-ca-trust extract'
+ exec { 'extract-and-trust-ca':
+ command => "${extract_cmd} && ${trust_ca_cmd}",
+ path => '/usr/bin',
+ creates => $ca_pem,
+ require => Package['certmonger'],
+ }
+}
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
index 94bfcff..ac6cb6c 100644
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@@ -117,4 +117,16 @@ define tripleo::haproxy::endpoint (
server_names => $server_names,
options => $member_options,
}
+ if hiera('manage_firewall', true) {
+ include ::tripleo::firewall
+ $firewall_rules = {
+ "100 ${name}_haproxy" => {
+ 'dport' => $service_port,
+ },
+ "100 ${name}_haproxy_ssl" => {
+ 'dport' => $public_ssl_port,
+ },
+ }
+ create_resources('tripleo::firewall::rule', $firewall_rules)
+ }
}
diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp
index 0fc30d8..fa0e2f1 100644
--- a/manifests/profile/base/heat.pp
+++ b/manifests/profile/base/heat.pp
@@ -42,6 +42,16 @@ class tripleo::profile::base::heat (
$manage_db_purge = hiera('heat_enable_db_purge', true),
) {
+ # Domain resources will be created at step5 on the pacemaker_master so we
+ # configure heat.conf at step3 and 4 but actually create the domain later.
+ if hiera('step') == 3 or hiera('step') == 4 {
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
+ }
+
if $step >= 4 {
class { '::heat' :
notification_driver => $notification_driver,
diff --git a/manifests/profile/pacemaker/gnocchi.pp b/manifests/profile/pacemaker/gnocchi.pp
index 98d1b36..edc1728 100644
--- a/manifests/profile/pacemaker/gnocchi.pp
+++ b/manifests/profile/pacemaker/gnocchi.pp
@@ -59,11 +59,13 @@ class tripleo::profile::pacemaker::gnocchi (
}
}
- if $step >= 3 and $pacemaker_master {
+ if $step >= 3 {
include ::gnocchi
include ::gnocchi::config
include ::gnocchi::client
- include ::gnocchi::db::sync
+ if $pacemaker_master {
+ include ::gnocchi::db::sync
+ }
}
if $step >= 5 and $pacemaker_master {