Create parameters for haproxy TLS certs and keys

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Mon, 7 Aug 2017 08:01:24 +0000 (11:01 +0300)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Mon, 7 Aug 2017 10:03:25 +0000 (13:03 +0300)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 7 Aug 2017 08:01:24 +0000 (11:01 +0300)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 7 Aug 2017 10:03:25 +0000 (13:03 +0300)
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml

index 3355a0d..642685a 100644 (file)
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
      description: Mapping of service endpoint -> protocol. Typically set
                   via parameter_defaults in the resource registry.
      type: json
+  HAProxyInternalTLSCertsDirectory:
+    default: '/etc/pki/tls/certs/haproxy'
+    type: string
+  HAProxyInternalTLSKeysDirectory:
+    default: '/etc/pki/tls/private/haproxy'
+    type: string
  
  resources:
  
@@ -55,16 +61,30 @@ outputs:
        config_settings:
          generate_service_certificates: true
          tripleo::haproxy::use_internal_certificates: true
-        tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
-        tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+        tripleo::certmonger::haproxy_dirs::certificate_dir:
+          get_param: HAProxyInternalTLSCertsDirectory
+        tripleo::certmonger::haproxy_dirs::key_dir:
+          get_param: HAProxyInternalTLSKeysDirectory
        certificates_specs:
          map_merge:
            repeat:
              template:
                haproxy-NETWORK:
-                service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
-                service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
-                service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
+                service_pem:
+                  list_join:
+                  - ''
+                  - - {get_param: HAProxyInternalTLSCertsDirectory}
+                    - '/overcloud-haproxy-NETWORK.pem'
+                service_certificate:
+                  list_join:
+                  - ''
+                  - - {get_param: HAProxyInternalTLSCertsDirectory}
+                    - '/overcloud-haproxy-NETWORK.crt'
+                service_key:
+                  list_join:
+                  - ''
+                  - - {get_param: HAProxyInternalTLSKeysDirectory}
+                    - '/overcloud-haproxy-NETWORK.key'
                  hostname: "%{hiera('cloud_name_NETWORK')}"
                  postsave_cmd: "" # TODO
                  principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml

index f1739f7..b2766c4 100644 (file)
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
      description: Mapping of service endpoint -> protocol. Typically set
                   via parameter_defaults in the resource registry.
      type: json
+  HAProxyInternalTLSCertsDirectory:
+    default: '/etc/pki/tls/certs/haproxy'
+    type: string
+  HAProxyInternalTLSKeysDirectory:
+    default: '/etc/pki/tls/private/haproxy'
+    type: string
  
  outputs:
    role_data:
@@ -38,14 +44,32 @@ outputs:
        service_name: haproxy_public_tls_certmonger
        config_settings:
          generate_service_certificates: true
-        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
-        tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
-        tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+        tripleo::haproxy::service_certificate:
+          list_join:
+          - ''
+          - - {get_param: HAProxyInternalTLSCertsDirectory}
+            - '/overcloud-haproxy-external.pem'
+        tripleo::certmonger::haproxy_dirs::certificate_dir:
+          get_param: HAProxyInternalTLSCertsDirectory
+        tripleo::certmonger::haproxy_dirs::key_dir:
+          get_param: HAProxyInternalTLSKeysDirectory
        certificates_specs:
          haproxy-external:
-          service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
-          service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
-          service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
+          service_pem:
+            list_join:
+            - ''
+            - - {get_param: HAProxyInternalTLSCertsDirectory}
+              - '/overcloud-haproxy-external.pem'
+          service_certificate:
+            list_join:
+            - ''
+            - - {get_param: HAProxyInternalTLSCertsDirectory}
+              - '/overcloud-haproxy-external.crt'
+          service_key:
+            list_join:
+            - ''
+            - - {get_param: HAProxyInternalTLSKeysDirectory}
+              - '/overcloud-haproxy-external.key'
            hostname: "%{hiera('cloud_name_external')}"
            postsave_cmd: "" # TODO
            principal: "haproxy/%{hiera('cloud_name_external')}"
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Mon, 7 Aug 2017 08:01:24 +0000 (11:01 +0300)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Mon, 7 Aug 2017 10:03:25 +0000 (13:03 +0300)
puppet/services/haproxy-internal-tls-certmonger.yaml		patch \| blob \| history
puppet/services/haproxy-public-tls-certmonger.yaml		patch \| blob \| history