Change the directory for httpd certs/keys to be service-specific

This moves the directories containing the certs/keys for httpd one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.

bp tls-via-certmonger-containers

Change-Id: Ibe6e66ae4589b9eab7db330dd8b178e0f8775639
Depends-On: I0b71902358b754fa8bd7fdbb213479503c87aa46

diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 9bd282f..6e53b1f 100644 (file)
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -77,13 +77,15 @@ outputs:
               - "%{hiera('apache_remote_proxy_ips_network')}"
           -
             generate_service_certificates: true
+            tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+            tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
             apache_certificates_specs:
               map_merge:
                 repeat:
                   template:
                     httpd-NETWORK:
-                      service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
-                      service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
+                      service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+                      service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
                       hostname: "%{hiera('fqdn_NETWORK')}"
                       principal: "HTTP/%{hiera('fqdn_NETWORK')}"
                   for_each: