diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-02 10:27:15 +0300 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-04 10:43:50 +0000 |
| commit | 0414e97f81d2bacd212e45e22f5e0b05602c47cd (patch) | |
| tree | 2727a5dec52aeceb0a977dff8ef0137e68d3299a | |
| parent | f96e07c909e6bc665ad816ab42a8e6fcd184c8aa (diff) | |
Change the directory for haproxy certs/keys to be service-specific
This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
| -rw-r--r-- | puppet/services/haproxy-internal-tls-certmonger.yaml | 8 | ||||
| -rw-r--r-- | puppet/services/haproxy-public-tls-certmonger.yaml | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index b6b4f270..3355a0d3 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -55,14 +55,16 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true + tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy' + tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy' certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem' + service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt' + service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index e79d2aec..f1739f78 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -38,12 +38,14 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy' + tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy' certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem' + service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt' + service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" |