diff options
| author |   Ben Nemec <bnemec@redhat.com> | 2017-05-16 16:06:41 -0500 |
|---|---|---|
| committer | Ben Nemec <bnemec@redhat.com> | 2017-06-12 15:02:50 -0500 |
| commit | 204a5820995dd694fcd58d61fc6cf34a8955da92 (patch) | |
| tree | 5eab4d0af9aeed49453d3c9fbd714ede882ed296 /sample-env-generator | |
| parent | 8d086b171099f0a968f1fdd1b39706ec64a52f56 (diff) | |
Add nested sample environments for inject-trust-anchor
Fix a bug that prevented these working. A unit test and
documentation for the nested environment functionality is also
included.
Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
Diffstat (limited to 'sample-env-generator')
| -rw-r--r-- | sample-env-generator/README.rst | 11 | ||||
| -rw-r--r-- | sample-env-generator/ssl.yaml | 33 |
2 files changed, 44 insertions, 0 deletions
diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst index 55f3bacf..32e94f98 100644 --- a/sample-env-generator/README.rst +++ b/sample-env-generator/README.rst @@ -23,6 +23,11 @@ appropriate file in the ``sample-env-generator/`` directory. The existing entries in the files can be used as examples, and a more detailed explanation of the different available keys is below: +Top-level: +- **environments**: This is the top-level key in the file. All other keys + below should appear in a list of dictionaries that define environments. + +Environment-specific: - **name**: the output file will be this name + .yaml, in the ``environments`` directory. - **title**: a human-readable title for the environment. @@ -52,6 +57,12 @@ explanation of the different available keys is below: - **resource_registry**: Many environments also need to pass resource_registry entries when they are used. This can be used to specify that in the configuration file. +- **children**: For environments that share a lot of common values but may + need minor variations for different use cases, sample environment entries + can be nested. ``children`` takes a list of environments with the same + structure as the top-level ``environments`` key. The main difference is + that all keys are optional, and any that are omitted will be inherited from + the parent environment definition. Some behavioral notes: diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 2f379f30..6963e842 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,39 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - name: ssl/inject-trust-anchor + title: Inject SSL Trust Anchor on Overcloud Nodes + description: | + When using an SSL certificate signed by a CA that is not in the default + list of CAs, this environment allows adding a custom CA certificate to + the overcloud nodes. + files: + puppet/extraconfig/tls/ca-inject.yaml: + parameters: + - SSLRootCertificate + sample_values: + SSLRootCertificate: |- + | + The contents of your certificate go here + resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml + children: + - name: ssl/inject-trust-anchor-hiera + files: + puppet/services/ca-certs.yaml: + parameters: + - CAMap + # Need to clear this so we don't inherit the parent registry + resource_registry: {} + sample_values: + CAMap: |-2 + + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here - name: ssl/tls-endpoints-public-ip title: Deploy Public SSL Endpoints as IP Addresses |