puppet/services/haproxy-public-tls-certmonger.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   HAProxy deployment with TLS enabled, powered by certmonger
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   RoleName:
  17     default: ''
  18     description: Role name on which the service is applied
  19     type: string
  20   RoleParameters:
  21     default: {}
  22     description: Parameters specific to the role
  23     type: json
  24   EndpointMap:
  25     default: {}
  26     description: Mapping of service endpoint -> protocol. Typically set
  27                  via parameter_defaults in the resource registry.
  28     type: json
  29
  30 outputs:
  31   role_data:
  32     description: Role data for the HAProxy public TLS via certmonger role.
  33     value:
  34       service_name: haproxy_public_tls_certmonger
  35       config_settings:
  36         generate_service_certificates: true
  37         tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
  38       certificates_specs:
  39         haproxy-external:
  40           service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
  41           service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
  42           service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
  43           hostname: "%{hiera('cloud_name_external')}"
  44           postsave_cmd: "" # TODO
  45           principal: "haproxy/%{hiera('cloud_name_external')}"
  46       metadata_settings:
  47         - service: haproxy
  48           network: external
  49           type: vip