1 heat_template_version: 2016-10-14
4 HAProxy deployment with TLS enabled, powered by certmonger
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
24 description: Role data for the HAProxy internal TLS via certmonger role.
26 service_name: haproxy_internal_tls_certmonger
28 generate_service_certificates: true
29 tripleo::haproxy::use_internal_certificates: true
35 service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
36 service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
37 service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
38 hostname: "%{hiera('cloud_name_NETWORK')}"
39 postsave_cmd: "" # TODO
40 principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
43 # NOTE(jaosorior) Get unique network names to create
44 # certificates for those. We skip the tenant network since
45 # we don't need a certificate for that, and the external
46 # network will be handled in another template.
48 expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
51 get_param: ServiceNetMap