Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: a1d2af3)
Use DeployedSSLCertificatePath for public TLS via certmonger
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 4 Sep 2017 11:04:28 +0000 (14:04 +0300)
committerEmilien Macchi <emilien@redhat.com>
Thu, 7 Sep 2017 03:48:34 +0000 (03:48 +0000)
As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).

There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.

Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
(cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)

puppet/services/haproxy-public-tls-certmonger.yaml patch | blob | history

diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index 14d171d..cdfc41c 100644 (file)
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -36,6 +36,11 @@ parameters:
   HAProxyInternalTLSKeysDirectory:
     default: '/etc/pki/tls/private/haproxy'
     type: string
+  DeployedSSLCertificatePath:
+    default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+    description: >
+        The filepath of the certificate as it will be stored in the controller.
+    type: string
 
 outputs:
   role_data:
@@ -44,22 +49,14 @@ outputs:
       service_name: haproxy_public_tls_certmonger
       config_settings:
         generate_service_certificates: true
-        tripleo::haproxy::service_certificate:
-          list_join:
-          - ''
-          - - {get_param: HAProxyInternalTLSCertsDirectory}
-            - '/overcloud-haproxy-external.pem'
+        tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
         tripleo::certmonger::haproxy_dirs::certificate_dir:
           get_param: HAProxyInternalTLSCertsDirectory
         tripleo::certmonger::haproxy_dirs::key_dir:
           get_param: HAProxyInternalTLSKeysDirectory
       certificates_specs:
         haproxy-external:
-          service_pem:
-            list_join:
-            - ''
-            - - {get_param: HAProxyInternalTLSCertsDirectory}
-              - '/overcloud-haproxy-external.pem'
+          service_pem: {get_param: DeployedSSLCertificatePath}
           service_certificate:
             list_join:
             - ''