Configure CRL URI if TLS in the internal network is enabled

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Fri, 12 May 2017 15:05:29 +0000 (18:05 +0300)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Thu, 8 Jun 2017 05:12:14 +0000 (08:12 +0300)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Fri, 12 May 2017 15:05:29 +0000 (18:05 +0300)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Thu, 8 Jun 2017 05:12:14 +0000 (08:12 +0300)
diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml

index 6ad451a..0508c55 100644 (file)
--- a/puppet/services/certmonger-user.yaml
+++ b/puppet/services/certmonger-user.yaml
@@ -26,11 +26,28 @@ parameters:
      description: Mapping of service endpoint -> protocol. Typically set
                   via parameter_defaults in the resource registry.
      type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  DefaultCRLURL:
+    default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+    description: URI where to get the CRL to be configured in the nodes.
+    type: string
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  
  outputs:
    role_data:
      description: Role data for the certmonger-user service
      value:
        service_name: certmonger_user
+      config_settings:
+        tripleo::certmonger::ca::crl::crl_source:
+          if:
+            - internal_tls_enabled
+            - {get_param: DefaultCRLURL}
+            - null
        step_config: |
          include ::tripleo::profile::base::certmonger_user
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Fri, 12 May 2017 15:05:29 +0000 (18:05 +0300)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Thu, 8 Jun 2017 05:12:14 +0000 (08:12 +0300)