-heat_template_version: ocata
+heat_template_version: pike
description: >
HAproxy service configured with Puppet
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
resources:
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
+ tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
when: haproxy_enabled.rc == 0
service: name=haproxy state=started
metadata_settings:
- yaql:
- expression: '[].concat(coalesce($.data.internal, []), coalesce($.data.public, []))'
- data:
- public: {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
- internal: {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
+ list_concat:
+ - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
+ - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}