X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fhaproxy-internal-tls-certmonger.yaml;h=b6b4f270bb13cb9a7916bbeba0c6b5aee51c6af6;hb=6ed08b3fbc5a534350f4e4b4641f2f7aa2e408d6;hp=774575938ad2a538d88a6ca1f1c84ac3f8d815a9;hpb=3243a1ab275648a17c98f47735a4490b59478d1e;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 77457593..b6b4f270 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -1,9 +1,13 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAProxy deployment with TLS enabled, powered by certmonger
 
 parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -13,12 +17,36 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
 
+resources:
+
+  HAProxyNetworks:
+    type: OS::Heat::Value
+    properties:
+      value:
+        # NOTE(jaosorior) Get unique network names to create
+        # certificates for those. We skip the tenant network since
+        # we don't need a certificate for that, and the external
+        # network will be handled in another template.
+        yaql:
+          expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
+          data:
+            map:
+              get_param: ServiceNetMap
+
 outputs:
   role_data:
     description: Role data for the HAProxy internal TLS via certmonger role.
@@ -39,13 +67,12 @@ outputs:
                 postsave_cmd: "" # TODO
                 principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
             for_each:
-              NETWORK:
-                # NOTE(jaosorior) Get unique network names to create
-                # certificates for those. We skip the tenant network since
-                # we don't need a certificate for that, and the external
-                # network will be handled in another template.
-                yaql:
-                  expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
-                  data:
-                    map:
-                      get_param: ServiceNetMap
+              NETWORK: {get_attr: [HAProxyNetworks, value]}
+      metadata_settings:
+        repeat:
+          template:
+          - service: haproxy
+            network: $NETWORK
+            type: vip
+          for_each:
+            $NETWORK: {get_attr: [HAProxyNetworks, value]}