1 heat_template_version: pike
4 HAProxy deployment with TLS enabled, powered by certmonger
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
33 HAProxyInternalTLSCertsDirectory:
34 default: '/etc/pki/tls/certs/haproxy'
36 HAProxyInternalTLSKeysDirectory:
37 default: '/etc/pki/tls/private/haproxy'
39 DeployedSSLCertificatePath:
40 default: '/etc/pki/tls/private/overcloud_endpoint.pem'
42 The filepath of the certificate as it will be stored in the controller.
47 description: Role data for the HAProxy public TLS via certmonger role.
49 service_name: haproxy_public_tls_certmonger
51 generate_service_certificates: true
52 tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
53 tripleo::certmonger::haproxy_dirs::certificate_dir:
54 get_param: HAProxyInternalTLSCertsDirectory
55 tripleo::certmonger::haproxy_dirs::key_dir:
56 get_param: HAProxyInternalTLSKeysDirectory
59 service_pem: {get_param: DeployedSSLCertificatePath}
63 - - {get_param: HAProxyInternalTLSCertsDirectory}
64 - '/overcloud-haproxy-external.crt'
68 - - {get_param: HAProxyInternalTLSKeysDirectory}
69 - '/overcloud-haproxy-external.key'
70 hostname: "%{hiera('cloud_name_external')}"
71 principal: "haproxy/%{hiera('cloud_name_external')}"