diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-08-04 14:04:44 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-08-04 14:04:44 +0000 |
commit | 3899491b1cb9fd39f4c2df00c8b955bd6040dc04 (patch) | |
tree | ac5fbfa4eb52ece6679d821dd483995cdb50dac3 | |
parent | fd1b1f8ec647d56346c0ad3728fed8fbfb482632 (diff) | |
parent | 0414e97f81d2bacd212e45e22f5e0b05602c47cd (diff) |
Merge "Change the directory for haproxy certs/keys to be service-specific"
-rw-r--r-- | puppet/services/haproxy-internal-tls-certmonger.yaml | 8 | ||||
-rw-r--r-- | puppet/services/haproxy-public-tls-certmonger.yaml | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index b6b4f270..3355a0d3 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -55,14 +55,16 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true + tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy' + tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy' certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem' + service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt' + service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index e79d2aec..f1739f78 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -38,12 +38,14 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy' + tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy' certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem' + service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt' + service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" |