openstack/puppet-openstack-integration
Code Issues Proposed changes

Use common implementation for ovn certs

Browse Source 
... instead of maintaining the similar logics in neutron and octavia.

Change-Id: I0006dcbe116b018b8e9c2d5f6851086b7de143fe
This commit is contained in:
Takashi Kajinami 2023-12-08 17:58:31 +09:00
parent 9121aaeed7
commit 1bda1d37ce
3 changed files with 34 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
manifests/neutron.pp
View File

@ -54,37 +54,14 @@ class openstack_integration::neutron (
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'neutron':
notify => Service['neutron-server'],
require => Package['neutron'],
require => Anchor['neutron::install::end'],
}
Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |>
if $driver == 'ovn' {
['ovnnb', 'ovnsb'].each |$ovndb| {
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
file { "/etc/neutron/${ovn_ssl_file}":
ensure => present,
owner => 'neutron',
mode => '0600',
source => "/etc/openvswitch/${ovn_ssl_file}",
require => [
Anchor['neutron::install::end'],
Vswitch::Pki::Cert[$ovndb]
],
notify => Anchor['neutron::service::begin'],
}
}
}
file { '/etc/neutron/switchcacert.pem':
ensure => present,
owner => 'neutron',
mode => '0600',
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
require => [
Anchor['neutron::install::end'],
Class['vswitch::pki::Cacert'],
],
openstack_integration::ovn::ssl_key { 'neutron':
notify => Anchor['neutron::service::begin'],
require => Anchor['neutron::install::end'],
}
}
}

29
manifests/octavia.pp
View File

@ -24,37 +24,14 @@ class openstack_integration::octavia (
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'octavia':
notify => Service['httpd'],
require => Package['octavia'],
require => Anchor['octavia::install::end'],
}
Exec['update-ca-certificates'] ~> Service['httpd']
if $provider_driver == 'ovn' {
['ovnnb', 'ovnsb'].each |$ovndb| {
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
file { "/etc/octavia/${ovn_ssl_file}":
ensure => present,
owner => 'octavia',
mode => '0600',
source => "/etc/openvswitch/${ovn_ssl_file}",
require => [
Anchor['octavia::install::end'],
Vswitch::Pki::Cert[$ovndb]
],
notify => Anchor['octavia::service::begin'],
}
}
}
file { '/etc/octavia/switchcacert.pem':
ensure => present,
owner => 'octavia',
mode => '0600',
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
require => [
Anchor['octavia::install::end'],
Class['vswitch::pki::Cacert'],
],
openstack_integration::ovn::ssl_key { 'octavia':
notify => Anchor['octavia::service::begin'],
require => Anchor['octavia::install::end'],
}
}
}

28
manifests/ovn/ssl_key.pp Normal file
View File

@ -0,0 +1,28 @@
#
# [*key_owner*]
# (optional) Owner of SSL private key
# Defaults to $name.
#
define openstack_integration::ovn::ssl_key(
$key_owner = $name,
){
['ovnnb', 'ovnsb'].each |$ovndb| {
["${ovndb}-privkey.pem", "${ovndb}-cert.pem"].each |$ovn_ssl_file| {
file { "/etc/${key_owner}/${ovn_ssl_file}":
ensure => present,
owner => $key_owner,
mode => '0600',
source => "/etc/openvswitch/${ovn_ssl_file}",
require => Vswitch::Pki::Cert[$ovndb]
}
}
}
file { "/etc/${key_owner}/switchcacert.pem":
ensure => present,
owner => $key_owner,
mode => '0600',
source => '/var/lib/openvswitch/pki/switchca/cacert.pem',
require => Class['vswitch::pki::Cacert'],
}
}