diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-09-04 14:04:28 +0300 |
|---|---|---|
| committer |   Emilien Macchi <emilien@redhat.com> | 2017-09-07 03:48:34 +0000 |
| commit | cbcfb59e1d95de21d591d33f5c2d91197c83b0a3 (patch) | |
| tree | cb5de99569e35901532813f7da157dadbd179ca9 /puppet | |
| parent | a1d2af3918c9aeded6668ecb75532c3d820fa18d (diff) | |
Use DeployedSSLCertificatePath for public TLS via certmonger
As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).
There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.
Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
(cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/haproxy-public-tls-certmonger.yaml | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index 14d171dc..cdfc41cf 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -36,6 +36,11 @@ parameters: HAProxyInternalTLSKeysDirectory: default: '/etc/pki/tls/private/haproxy' type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string outputs: role_data: @@ -44,22 +49,14 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: - list_join: - - '' - - - {get_param: HAProxyInternalTLSCertsDirectory} - - '/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} tripleo::certmonger::haproxy_dirs::certificate_dir: get_param: HAProxyInternalTLSCertsDirectory tripleo::certmonger::haproxy_dirs::key_dir: get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: - list_join: - - '' - - - {get_param: HAProxyInternalTLSCertsDirectory} - - '/overcloud-haproxy-external.pem' + service_pem: {get_param: DeployedSSLCertificatePath} service_certificate: list_join: - '' |