X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=docker%2Fservices%2Fhaproxy.yaml;h=21baf5c61e9b5690eb3d0c961f09279b5b53af3f;hb=52205fd2ee5b35eecf9644b3c511b0990c283372;hp=1f8bcfad0d1bd0aabdaf4fa11285ae665f77c1f7;hpb=737f40d755b29229d698b37239c4179a08a17a17;p=apex-tripleo-heat-templates.git

diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 1f8bcfad..21baf5c6 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -4,14 +4,16 @@ description: >
   OpenStack containerized HAproxy service
 
 parameters:
-  DockerNamespace:
-    description: namespace
-    default: 'tripleoupstream'
-    type: string
   DockerHAProxyImage:
     description: image
-    default: 'centos-binary-haproxy:latest'
     type: string
+  DockerHAProxyConfigImage:
+    description: The container image to use for the haproxy config_volume
+    type: string
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -38,6 +40,11 @@ parameters:
     default: /dev/log
     description: Syslog address where HAproxy will send its log
     type: string
+  DeployedSSLCertificatePath:
+    default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+    description: >
+        The filepath of the certificate as it will be stored in the controller.
+    type: string
   RedisPassword:
     description: The password for Redis
     type: string
@@ -63,6 +70,7 @@ resources:
     type: ../../puppet/services/haproxy.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
@@ -85,26 +93,35 @@ outputs:
         config_volume: haproxy
         puppet_tags: haproxy_config
         step_config: *step_config
-        config_image: &haproxy_image
-          list_join:
-            - '/'
-            - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+        config_image: {get_param: DockerHAProxyConfigImage}
+        volumes: &deployed_cert_mount
+          - list_join:
+            - ':'
+            - - {get_param: DeployedSSLCertificatePath}
+              - {get_param: DeployedSSLCertificatePath}
+              - 'ro'
       kolla_config:
         /var/lib/kolla/config_files/haproxy.json:
           command: haproxy -f /etc/haproxy/haproxy.cfg
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
       docker_config:
         step_1:
           haproxy:
-            image: *haproxy_image
+            image: {get_param: DockerHAProxyImage}
             net: host
             privileged: false
             restart: always
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
+                - *deployed_cert_mount
                 -
                   - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
-                  - /var/lib/config-data/haproxy/etc/:/etc/:ro
+                  - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       metadata_settings: