heat_template_version: ocata

description: >
  RabbitMQ configurations for using TLS via certmonger.

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  # The following parameters are not needed by the template but are
  # required to pass the pep8 tests
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json

outputs:
  role_data:
    description: RabbitMQ configurations for using TLS via certmonger.
    value:
      service_name: rabbitmq_internal_tls_certmonger
      config_settings:
        generate_service_certificates: true
        tripleo::profile::base::rabbitmq::certificate_specs:
          service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
          service_key: '/etc/pki/tls/private/rabbitmq.key'
          hostname:
            str_replace:
              template: "%{hiera('fqdn_NETWORK')}"
              params:
                NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
          principal:
            str_replace:
              template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
              params:
                NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
      metadata_settings:
        - service: rabbitmq
          network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
          type: node