diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-12 18:05:29 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-08 08:12:14 +0300 |
commit | 83ff2f22dae324a983cc4845b00900b08cdac3d9 (patch) | |
tree | e58017109c3108fbeb0c2cfccad3b61c7311887a | |
parent | 61fdeb67a021d8f3a74186200674b6725c0b8870 (diff) |
Configure CRL URI if TLS in the internal network is enabled
This uses by default the URL for the CRL provided by FreeIPA (the
default CA in TripleO).
bp tls-via-certmonger
Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
-rw-r--r-- | puppet/services/certmonger-user.yaml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml index 6ad451a8..0508c557 100644 --- a/puppet/services/certmonger-user.yaml +++ b/puppet/services/certmonger-user.yaml @@ -26,11 +26,28 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + DefaultCRLURL: + default: 'http://ipa-ca/ipa/crl/MasterCRL.bin' + description: URI where to get the CRL to be configured in the nodes. + type: string + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: description: Role data for the certmonger-user service value: service_name: certmonger_user + config_settings: + tripleo::certmonger::ca::crl::crl_source: + if: + - internal_tls_enabled + - {get_param: DefaultCRLURL} + - null step_config: | include ::tripleo::profile::base::certmonger_user |