summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-09 10:55:06 +0000
committerGerrit Code Review <review@openstack.org>2017-06-09 10:55:06 +0000
commit6927a4166530c3de8ae469a1911ed3475b4f4bdc (patch)
treef8f86c8a740f24d3bd6f4e4dc41ffaa916b128ad /puppet
parentcf17396a371d4e48ff9a961c813a1327b4631ee8 (diff)
parent83ff2f22dae324a983cc4845b00900b08cdac3d9 (diff)
Merge "Configure CRL URI if TLS in the internal network is enabled"
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/certmonger-user.yaml17
1 files changed, 17 insertions, 0 deletions
diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml
index 6ad451a8..0508c557 100644
--- a/puppet/services/certmonger-user.yaml
+++ b/puppet/services/certmonger-user.yaml
@@ -26,11 +26,28 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ DefaultCRLURL:
+ default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+ description: URI where to get the CRL to be configured in the nodes.
+ type: string
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the certmonger-user service
value:
service_name: certmonger_user
+ config_settings:
+ tripleo::certmonger::ca::crl::crl_source:
+ if:
+ - internal_tls_enabled
+ - {get_param: DefaultCRLURL}
+ - null
step_config: |
include ::tripleo::profile::base::certmonger_user