description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
- postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
for_each:
NETWORK: {get_attr: [HAProxyNetworks, value]}
Code Review / apex-tripleo-heat-templates.git / blobdiff