diff --git a/environments/services-docker/octavia.yaml b/environments/services-docker/octavia.yaml index f0c671f6c8..3af17478b8 100644 --- a/environments/services-docker/octavia.yaml +++ b/environments/services-docker/octavia.yaml @@ -7,4 +7,7 @@ resource_registry: parameter_defaults: NeutronServicePlugins: "qos,router,trunk,lbaasv2" NeutronEnableForceMetadata: true - + OctaviaCaCertFile: '/etc/octavia/certs/ca_01.pem' + OctaviaCaKeyFile: '/etc/octavia/certs/private/cakey.pem' + OctaviaCaKeyPassphrase: 'foobar' + OctaviaClientCertFile: '/etc/octavia/certs/client.pem' diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index 7c0c67f29b..caa9a45e78 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -74,6 +74,18 @@ parameters: description: The password for the Octavia's database account. type: string hidden: true + OctaviaCaCertFile: + type: string + default: '/etc/octavia/certs/ca_01.pem' + description: Octavia CA certificate file path. + OctaviaCaKeyFile: + type: string + default: '/etc/octavia/certs/private/cakey.pem' + description: Octavia CA private key file path. + OctaviaCaKeyPassphrase: + description: CA private key passphrase. + type: string + hidden: true conditions: service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} @@ -102,3 +114,6 @@ outputs: octavia::service_auth::project_name: 'service' octavia::service_auth::project_domain_name: 'Default' octavia::service_auth::user_domain_name: 'Default' + octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile} + octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile} + octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase} diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml index 3449ed704a..13289df573 100644 --- a/puppet/services/octavia-worker.yaml +++ b/puppet/services/octavia-worker.yaml @@ -39,7 +39,7 @@ parameters: tag: openstack.octavia.worker path: /var/log/octavia/worker.log OctaviaAmphoraImageTag: - default: '' + default: 'amphora-image' description: Glance image tag for identifying the amphora image. type: string OctaviaAmphoraNetworkList: @@ -63,15 +63,13 @@ parameters: default: false description: Configure the nova flavor for the amphora. type: boolean - OctaviaSSHKeyName: - default: 'octavia-ssh-key' - description: name for ssh key to be configured so the amphora can - be logged into. + OctaviaClientCertFile: + default: '/etc/octavia/certs/client.pem' + description: client certificate for amphoras type: string conditions: octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} - octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]} resources: @@ -101,12 +99,8 @@ outputs: octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId} octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} - octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName} - - - if: - - octavia_amphora_tag_unset - - {} - - octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag} + octavia::certificates::client_cert: {get_param: OctaviaClientCertFile} + octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag} - if: - octavia_topology_unset