X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fhaproxy.yaml;h=6b2d028f2c2858ee03c5f8ef373b08def3dde389;hb=refs%2Fheads%2Fmaster;hp=a37135dae16131f81dbf6aad9d2b875b5dd90d64;hpb=19e89d8d6e2c39c4b98edfba33613607e28e38ee;p=apex-tripleo-heat-templates.git diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a37135da..6b2d028f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -57,6 +57,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string @@ -68,6 +78,14 @@ parameters: description: Specifies the default CRL PEM file to use for revocation if TLS is used for services in the internal network. +conditions: + + public_tls_enabled: + not: + equals: + - {get_param: SSLCertificate} + - "" + resources: HAProxyPublicTLS: @@ -98,8 +116,6 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - get_attr: [HAProxyPublicTLS, role_data, config_settings] - - get_attr: [HAProxyInternalTLS, role_data, config_settings] - tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 @@ -115,6 +131,12 @@ outputs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] + - if: + - public_tls_enabled + - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} + - {} + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: