Merge "Add script to create tripleo-admin on deployed servers"

[apex-tripleo-heat-templates.git] / puppet / role.role.j2.yaml

diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 85520fc..f1abf8d 100644 (file)
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -180,7 +180,7 @@ parameters:
       parameter is generated from the parent template.
   RoleParameters:
     type: json
-    description: Role Specific Parameters
+    description: Parameters specific to the role
     default: {}
   DeploymentSwiftDataMap:
     type: json
@@ -516,11 +516,21 @@ resources:
 
   # Resource for site-specific injection of root certificate
   NodeTLSCAData:
-    depends_on: {{role.name}}Deployment
+    depends_on: NetworkDeployment
     type: OS::TripleO::NodeTLSCAData
     properties:
       server: {get_resource: {{role.name}}}
 
+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+  # Resource for site-specific passing of private keys/certificates
+  NodeTLSData:
+    depends_on: NodeTLSCAData
+    type: OS::TripleO::NodeTLSData
+    properties:
+      server: {get_resource: {{role.name}}}
+      NodeIndex: {get_param: NodeIndex}
+  {%- endif -%}
+
   # Hook for site-specific additional pre-deployment config, e.g extra hieradata
   {{role.name}}ExtraConfigPre:
     depends_on: {{role.name}}Deployment
@@ -534,7 +544,13 @@ resources:
   # Hook for site-specific additional pre-deployment config,
   # applying to all nodes, e.g node registration/unregistration
   NodeExtraConfig:
-    depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData]
+    depends_on:
+      - {{role.name}}ExtraConfigPre
+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+      - NodeTLSData
+  {%- else %}
+      - NodeTLSCAData
+  {%- endif %}
     type: OS::TripleO::NodeExtraConfig
     # We have to use conditions here so that we don't break backwards
     # compatibility with templates everywhere
@@ -674,6 +690,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
                     - 6
                 - 0
         - keys: {hostname: {get_param: Hostname}}
+  {%- if 'primary' in role.tags and 'controller' in role.tags %}
+  tls_key_modulus_md5:
+    description: MD5 checksum of the TLS Key Modulus
+    value: {get_attr: [NodeTLSData, key_modulus_md5]}
+  tls_cert_modulus_md5:
+    description: MD5 checksum of the TLS Certificate Modulus
+    value: {get_attr: [NodeTLSData, cert_modulus_md5]}
+  {%- endif %}
   os_collect_config:
     description: The os-collect-config configuration associated with this server resource
     value: {get_attr: [{{role.name}}, os_collect_config]}