diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-03-24 12:38:33 +0200 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-04-11 11:33:32 +0000 |
| commit | 87f41c6ec672cbbdc86c83fb13c35ab234ee618d (patch) | |
| tree | aa14779d075773165e306b7d60c64ddfb1cf82b2 | |
| parent | ccb0655db4cb0df125a52262e67b39609f78703b (diff) | |
Change the directory for httpd certs/keys to be service-specific
This moves the directories containing the certs/keys for httpd one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Change-Id: Ibe6e66ae4589b9eab7db330dd8b178e0f8775639
Depends-On: I0b71902358b754fa8bd7fdbb213479503c87aa46
| -rw-r--r-- | puppet/services/apache.yaml | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 9bd282f8..6e53b1f7 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -77,13 +77,15 @@ outputs: - "%{hiera('apache_remote_proxy_ips_network')}" - generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' apache_certificates_specs: map_merge: repeat: template: httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd-NETWORK.key' + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' hostname: "%{hiera('fqdn_NETWORK')}" principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: |