X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fcertmonger-user.yaml;h=0508c557f0c3a838f5f45b2faf11d5082f8537fd;hb=0f88704204b87450c6a82b2ffcc52a50067db8ca;hp=af9802b0b95711584d291c4d32616b1537f3fd9f;hpb=91565d872c06f8e194a5ee46fffad20c750c854f;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml
index af9802b0..0508c557 100644
--- a/puppet/services/certmonger-user.yaml
+++ b/puppet/services/certmonger-user.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Requests certificates using certmonger through Puppet
@@ -13,16 +13,41 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  DefaultCRLURL:
+    default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+    description: URI where to get the CRL to be configured in the nodes.
+    type: string
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 outputs:
   role_data:
     description: Role data for the certmonger-user service
     value:
       service_name: certmonger_user
+      config_settings:
+        tripleo::certmonger::ca::crl::crl_source:
+          if:
+            - internal_tls_enabled
+            - {get_param: DefaultCRLURL}
+            - null
       step_config: |
         include ::tripleo::profile::base::certmonger_user