From 98d6d84ca31086e2486b830a147f3538ba079a73 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Tue, 4 Jul 2017 18:08:10 +0100 Subject: Add NodeTLSData to generic role.role.j2.yaml This is currently included in the controller-role template, so we need to add it to the generic role.role.j2.yaml in order to convert the controller-role template to be rendered via j2 Change-Id: I01bf01c8a31e4cc26f202dd1774845ec33f50bcd Partially-Implements: blueprint composable-networks --- puppet/role.role.j2.yaml | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 85520fc0..18707b9a 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -513,14 +513,27 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: - depends_on: {{role.name}}Deployment + depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: server: {get_resource: {{role.name}}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + # Resource for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: {{role.name}}} + NodeIndex: {get_param: NodeIndex} + {%- endif -%} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata {{role.name}}ExtraConfigPre: depends_on: {{role.name}}Deployment @@ -534,7 +547,13 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData] + depends_on: + - {{role.name}}ExtraConfigPre + {%- if 'primary' in role.tags and 'controller' in role.tags %} + - NodeTLSData + {%- else %} + - NodeTLSCAData + {%- endif %} type: OS::TripleO::NodeExtraConfig # We have to use conditions here so that we don't break backwards # compatibility with templates everywhere @@ -674,6 +693,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - 6 - 0 - keys: {hostname: {get_param: Hostname}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} + {%- endif %} os_collect_config: description: The os-collect-config configuration associated with this server resource value: {get_attr: [{{role.name}}, os_collect_config]} -- cgit 1.2.3-korg