puppet/services/haproxy-public-tls-certmonger.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   HAProxy deployment with TLS enabled, powered by certmonger
   5
   6 parameters:
   7   ServiceData:
   8     default: {}
   9     description: Dictionary packing service data
  10     type: json
  11   ServiceNetMap:
  12     default: {}
  13     description: Mapping of service_name -> network name. Typically set
  14                  via parameter_defaults in the resource registry.  This
  15                  mapping overrides those in ServiceNetMapDefaults.
  16     type: json
  17   DefaultPasswords:
  18     default: {}
  19     type: json
  20   RoleName:
  21     default: ''
  22     description: Role name on which the service is applied
  23     type: string
  24   RoleParameters:
  25     default: {}
  26     description: Parameters specific to the role
  27     type: json
  28   EndpointMap:
  29     default: {}
  30     description: Mapping of service endpoint -> protocol. Typically set
  31                  via parameter_defaults in the resource registry.
  32     type: json
  33   HAProxyInternalTLSCertsDirectory:
  34     default: '/etc/pki/tls/certs/haproxy'
  35     type: string
  36   HAProxyInternalTLSKeysDirectory:
  37     default: '/etc/pki/tls/private/haproxy'
  38     type: string
  39
  40 outputs:
  41   role_data:
  42     description: Role data for the HAProxy public TLS via certmonger role.
  43     value:
  44       service_name: haproxy_public_tls_certmonger
  45       config_settings:
  46         generate_service_certificates: true
  47         tripleo::haproxy::service_certificate:
  48           list_join:
  49           - ''
  50           - - {get_param: HAProxyInternalTLSCertsDirectory}
  51             - '/overcloud-haproxy-external.pem'
  52         tripleo::certmonger::haproxy_dirs::certificate_dir:
  53           get_param: HAProxyInternalTLSCertsDirectory
  54         tripleo::certmonger::haproxy_dirs::key_dir:
  55           get_param: HAProxyInternalTLSKeysDirectory
  56       certificates_specs:
  57         haproxy-external:
  58           service_pem:
  59             list_join:
  60             - ''
  61             - - {get_param: HAProxyInternalTLSCertsDirectory}
  62               - '/overcloud-haproxy-external.pem'
  63           service_certificate:
  64             list_join:
  65             - ''
  66             - - {get_param: HAProxyInternalTLSCertsDirectory}
  67               - '/overcloud-haproxy-external.crt'
  68           service_key:
  69             list_join:
  70             - ''
  71             - - {get_param: HAProxyInternalTLSKeysDirectory}
  72               - '/overcloud-haproxy-external.key'
  73           hostname: "%{hiera('cloud_name_external')}"
  74           postsave_cmd: "" # TODO
  75           principal: "haproxy/%{hiera('cloud_name_external')}"
  76       metadata_settings:
  77         - service: haproxy
  78           network: external
  79           type: vip