Merge "Add HAProxy TLS handled by certmonger as composable service"

1 files changed, 37 insertions, 0 deletions

diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
new file mode 100644
index 00000000..1551d16a
--- /dev/null
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-10-14
+
+description: >
+  HAProxy deployment with TLS enabled, powered by certmonger
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the HAProxy public TLS via certmonger role.
+    value:
+      service_name: haproxy_public_tls_certmonger
+      config_settings:
+        generate_service_certificates: true
+        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+      certificates_specs:
+        haproxy-external:
+          service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+          service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
+          service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+          hostname: "%{hiera('cloud_name_external')}"
+          postsave_cmd: "" # TODO
+          principal: "haproxy/%{hiera('cloud_name_external')}"