config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
+ tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+ tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+ service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
+ service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+ tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+ service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+ service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
+ service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"