aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-09-04 14:04:28 +0300
committerEmilien Macchi <emilien@redhat.com>2017-09-07 03:48:34 +0000
commitcbcfb59e1d95de21d591d33f5c2d91197c83b0a3 (patch)
treecb5de99569e35901532813f7da157dadbd179ca9 /puppet
parenta1d2af3918c9aeded6668ecb75532c3d820fa18d (diff)
Use DeployedSSLCertificatePath for public TLS via certmonger
As described in the bug report, DeployedSSLCertificatePath is used by the TLS injection script (if you decide to use that). There is an alternative, which is to use FreeIPA to provide the certificate for public TLS (powered by certmonger); however, it doesn't use the same path as what folks expected. This reuses the DeployedSSLCertificatePath parameter and uses that as a path for the resulting PEM file, so its easier to debug. Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d Closes-Bug: #1714932 (cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml17
1 files changed, 7 insertions, 10 deletions
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index 14d171dc..cdfc41cf 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -36,6 +36,11 @@ parameters:
HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy'
type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
outputs:
role_data:
@@ -44,22 +49,14 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate:
- list_join:
- - ''
- - - {get_param: HAProxyInternalTLSCertsDirectory}
- - '/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
tripleo::certmonger::haproxy_dirs::certificate_dir:
get_param: HAProxyInternalTLSCertsDirectory
tripleo::certmonger::haproxy_dirs::key_dir:
get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem:
- list_join:
- - ''
- - - {get_param: HAProxyInternalTLSCertsDirectory}
- - '/overcloud-haproxy-external.pem'
+ service_pem: {get_param: DeployedSSLCertificatePath}
service_certificate:
list_join:
- ''