From 9a6f712849ec742a5dbe7298ad152404c664be6a Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 9 Aug 2016 20:32:19 +0300
Subject: Add deployment of CAs via hieradata

This enables us to pass a map of CAs to deploy the CA certificates
using puppet and hiera instead of the bash script we were using. It
also gives us the feature that we will be able to deploy several CA
certificates on the nodes instead of just one as was the case before.

Change-Id: I9559487874b80aeb093cc2fa2cfa7c0479d5a8b2
Depends-On: I84273b4cd6576a63fa78dc93ad6b077dd2a780c7
---
 puppet/services/ca-certs.yaml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 puppet/services/ca-certs.yaml

(limited to 'puppet')

diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml
new file mode 100644
index 00000000..1a534156
--- /dev/null
+++ b/puppet/services/ca-certs.yaml
@@ -0,0 +1,35 @@
+heat_template_version: 2016-04-08
+
+description: >
+  HAproxy service configured with Puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  CAMap:
+    description: >
+      Map containing the CA certs and information needed for deploying them.
+    default: {}
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for injecting CA certificates.
+    value:
+      service_name: ca_certs
+      config_settings:
+        tripleo::trusted_cas::ca_map: {get_param: CAMap}
+      step_config: |
+        include ::tripleo::trusted_cas
-- 
cgit 1.2.3-korg