From e32f679b052746acfe012bf12117ad55f0699d18 Mon Sep 17 00:00:00 2001
From: Damien Ciabrini <dciabrin@redhat.com>
Date: Mon, 10 Jul 2017 08:49:36 -0400
Subject: Let pacemaker bind-mount needed cert for haproxy bundle

When SSL configuration is enabled, haproxy expects to load a SSL
certificate file at startup.

Update the bundle configuration to always bind-mount the cert
file, to support both SSL and non SSL HAproxy bundle deployments.

Change-Id: I6f4d3a5abae8f1781cfe6f69ff960aad500061e3
---
 manifests/profile/pacemaker/haproxy_bundle.pp | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'manifests/profile/pacemaker/haproxy_bundle.pp')

diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp
index 9c1bdf3..c6eb450 100644
--- a/manifests/profile/pacemaker/haproxy_bundle.pp
+++ b/manifests/profile/pacemaker/haproxy_bundle.pp
@@ -30,6 +30,11 @@
 #   (Optional) Whether load balancing is enabled for this cluster
 #   Defaults to hiera('enable_load_balancer', true)
 #
+# [*deployed_ssl_cert_path*]
+#   (Optional) The filepath of the certificate as it will be stored in
+#   the controller.
+#   Defaults to '/etc/pki/tls/private/overcloud_endpoint.pem'
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
@@ -40,11 +45,12 @@
 #   Defaults to hiera('pcs_tries', 20)
 #
 class tripleo::profile::pacemaker::haproxy_bundle (
-  $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
-  $bootstrap_node       = hiera('haproxy_short_bootstrap_node_name'),
-  $enable_load_balancer = hiera('enable_load_balancer', true),
-  $step                 = Integer(hiera('step')),
-  $pcs_tries            = hiera('pcs_tries', 20),
+  $haproxy_docker_image   = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
+  $bootstrap_node         = hiera('haproxy_short_bootstrap_node_name'),
+  $enable_load_balancer   = hiera('enable_load_balancer', true),
+  $deployed_ssl_cert_path = '/etc/pki/tls/private/overcloud_endpoint.pem',
+  $step                   = Integer(hiera('step')),
+  $pcs_tries              = hiera('pcs_tries', 20),
 ) {
   include ::tripleo::profile::base::haproxy
 
@@ -137,6 +143,11 @@ class tripleo::profile::pacemaker::haproxy_bundle (
             'target-dir' => '/dev/log',
             'options'    => 'rw',
           },
+          'haproxy-cert'                    => {
+            'source-dir' => deployed_ssl_cert_path,
+            'target-dir' => deployed_ssl_cert_path,
+            'options'    => 'ro',
+          },
         },
       }
       $control_vip = hiera('controller_virtual_ip')
-- 
cgit 1.2.3-korg