Change the directory for haproxy certs/keys to be service-specific

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Wed, 2 Aug 2017 07:27:15 +0000 (10:27 +0300)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Fri, 4 Aug 2017 10:43:50 +0000 (10:43 +0000)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 2 Aug 2017 07:27:15 +0000 (10:27 +0300)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Fri, 4 Aug 2017 10:43:50 +0000 (10:43 +0000)
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml

index b6b4f27..3355a0d 100644 (file)
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -55,14 +55,16 @@ outputs:
        config_settings:
          generate_service_certificates: true
          tripleo::haproxy::use_internal_certificates: true
+        tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+        tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
        certificates_specs:
          map_merge:
            repeat:
              template:
                haproxy-NETWORK:
-                service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
-                service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
-                service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+                service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
+                service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
+                service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
                  hostname: "%{hiera('cloud_name_NETWORK')}"
                  postsave_cmd: "" # TODO
                  principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml

index e79d2ae..f1739f7 100644 (file)
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -38,12 +38,14 @@ outputs:
        service_name: haproxy_public_tls_certmonger
        config_settings:
          generate_service_certificates: true
-        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+        tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+        tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
        certificates_specs:
          haproxy-external:
-          service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
-          service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
-          service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+          service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+          service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
+          service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
            hostname: "%{hiera('cloud_name_external')}"
            postsave_cmd: "" # TODO
            principal: "haproxy/%{hiera('cloud_name_external')}"
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Wed, 2 Aug 2017 07:27:15 +0000 (10:27 +0300)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Fri, 4 Aug 2017 10:43:50 +0000 (10:43 +0000)
puppet/services/haproxy-internal-tls-certmonger.yaml		patch \| blob \| history
puppet/services/haproxy-public-tls-certmonger.yaml		patch \| blob \| history