heat_template_version: ocata

description: >
  HAProxy deployment with TLS enabled, powered by certmonger

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json

outputs:
  role_data:
    description: Role data for the HAProxy public TLS via certmonger role.
    value:
      service_name: haproxy_public_tls_certmonger
      config_settings:
        generate_service_certificates: true
        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
      certificates_specs:
        haproxy-external:
          service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
          service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
          service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
          hostname: "%{hiera('cloud_name_external')}"
          postsave_cmd: "" # TODO
          principal: "haproxy/%{hiera('cloud_name_external')}"
      metadata_settings:
        - service: haproxy
          network: external
          type: vip