Code Review
/
apex-tripleo-heat-templates.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Change flat network name for nosdn fdio scenario
[apex-tripleo-heat-templates.git]
/
puppet
/
services
/
haproxy.yaml
diff --git
a/puppet/services/haproxy.yaml
b/puppet/services/haproxy.yaml
index
0af132e
..
6b2d028
100644
(file)
--- a/
puppet/services/haproxy.yaml
+++ b/
puppet/services/haproxy.yaml
@@
-51,12
+51,22
@@
parameters:
description: Whether or not to enable the HAProxy stats interface.
type: boolean
RedisPassword:
description: Whether or not to enable the HAProxy stats interface.
type: boolean
RedisPassword:
- description: The password for
Redis
+ description: The password for
the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
type: string
hidden: true
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
+ SSLCertificate:
+ default: ''
+ description: >
+ The content of the SSL certificate (without Key) in PEM format.
+ type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
@@
-68,6
+78,14
@@
parameters:
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
+conditions:
+
+ public_tls_enabled:
+ not:
+ equals:
+ - {get_param: SSLCertificate}
+ - ""
+
resources:
HAProxyPublicTLS:
resources:
HAProxyPublicTLS:
@@
-98,8
+116,6
@@
outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- - get_attr: [HAProxyPublicTLS, role_data, config_settings]
- - get_attr: [HAProxyInternalTLS, role_data, config_settings]
- tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
- tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
@@
-115,6
+131,12
@@
outputs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
+ - if:
+ - public_tls_enabled
+ - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
+ - {}
+ - get_attr: [HAProxyPublicTLS, role_data, config_settings]
+ - get_attr: [HAProxyInternalTLS, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks:
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks: