1 heat_template_version: pike
4 HAProxy deployment with TLS enabled, powered by certmonger
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
33 HAProxyInternalTLSCertsDirectory:
34 default: '/etc/pki/tls/certs/haproxy'
36 HAProxyInternalTLSKeysDirectory:
37 default: '/etc/pki/tls/private/haproxy'
42 description: Role data for the HAProxy public TLS via certmonger role.
44 service_name: haproxy_public_tls_certmonger
46 generate_service_certificates: true
47 tripleo::haproxy::service_certificate:
50 - - {get_param: HAProxyInternalTLSCertsDirectory}
51 - '/overcloud-haproxy-external.pem'
52 tripleo::certmonger::haproxy_dirs::certificate_dir:
53 get_param: HAProxyInternalTLSCertsDirectory
54 tripleo::certmonger::haproxy_dirs::key_dir:
55 get_param: HAProxyInternalTLSKeysDirectory
61 - - {get_param: HAProxyInternalTLSCertsDirectory}
62 - '/overcloud-haproxy-external.pem'
66 - - {get_param: HAProxyInternalTLSCertsDirectory}
67 - '/overcloud-haproxy-external.crt'
71 - - {get_param: HAProxyInternalTLSKeysDirectory}
72 - '/overcloud-haproxy-external.key'
73 hostname: "%{hiera('cloud_name_external')}"
74 postsave_cmd: "" # TODO
75 principal: "haproxy/%{hiera('cloud_name_external')}"