From 8b40d4670d14142aab329a7f1af7ee476a71bab5 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 28 Mar 2017 14:17:21 +0300
Subject: TLS-everywhere: Add resources for libvirt's cert for live migration

This merely requests the certificates that will be used for libvirt's
live migration if TLS-everywhere is enabled.

bp tls-via-certmonger

Change-Id: If18206d89460f6660a81aabc4ff8b97f1f99bba7
---
 manifests/profile/base/certmonger_user.pp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'manifests/profile/base/certmonger_user.pp')

diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index 586c7e4..424ef09 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -43,6 +43,11 @@
 #   it will create.
 #   Defaults to hiera('tripleo::profile::base::haproxy::certificate_specs', {}).
 #
+# [*libvirt_certificates_specs*]
+#   (Optional) The specifications to give to certmonger for the certificate(s)
+#   it will create.
+#   Defaults to hiera('libvirt_certificates_specs', {}).
+#
 # [*mysql_certificate_specs*]
 #   (Optional) The specifications to give to certmonger for the certificate(s)
 #   it will create.
@@ -56,12 +61,19 @@
 class tripleo::profile::base::certmonger_user (
   $apache_certificates_specs  = hiera('apache_certificates_specs', {}),
   $haproxy_certificates_specs = hiera('tripleo::profile::base::haproxy::certificates_specs', {}),
+  $libvirt_certificates_specs = hiera('libvirt_certificates_specs', {}),
   $mysql_certificate_specs    = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
   $rabbitmq_certificate_specs = hiera('tripleo::profile::base::rabbitmq::certificate_specs', {}),
 ) {
+  include ::tripleo::certmonger::ca::libvirt
+
   unless empty($apache_certificates_specs) {
     ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs)
   }
+  unless empty($libvirt_certificates_specs) {
+    include ::tripleo::certmonger::libvirt_dirs
+    ensure_resources('tripleo::certmonger::libvirt', $libvirt_certificates_specs)
+  }
   unless empty($haproxy_certificates_specs) {
     ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs)
     # The haproxy fronends (or listen resources) depend on the certificate
-- 
cgit 1.2.3-korg