Add Octavia certificate parameters

Adds configuration for the paths to Octavia's certificate files.

Change-Id: I892854d623e63f339e94fe83261ac9b8a84bdcb5
This commit is contained in:
Or Idgar 2017-12-06 14:58:54 +00:00 committed by Brent Eagles
parent 3dfd327db6
commit 1331feaef1
3 changed files with 25 additions and 13 deletions
environments/services-docker
puppet/services

@ -7,4 +7,7 @@ resource_registry:
parameter_defaults: parameter_defaults:
NeutronServicePlugins: "qos,router,trunk,lbaasv2" NeutronServicePlugins: "qos,router,trunk,lbaasv2"
NeutronEnableForceMetadata: true NeutronEnableForceMetadata: true
OctaviaCaCertFile: '/etc/octavia/certs/ca_01.pem'
OctaviaCaKeyFile: '/etc/octavia/certs/private/cakey.pem'
OctaviaCaKeyPassphrase: 'foobar'
OctaviaClientCertFile: '/etc/octavia/certs/client.pem'

@ -74,6 +74,18 @@ parameters:
description: The password for the Octavia's database account. description: The password for the Octavia's database account.
type: string type: string
hidden: true hidden: true
OctaviaCaCertFile:
type: string
default: '/etc/octavia/certs/ca_01.pem'
description: Octavia CA certificate file path.
OctaviaCaKeyFile:
type: string
default: '/etc/octavia/certs/private/cakey.pem'
description: Octavia CA private key file path.
OctaviaCaKeyPassphrase:
description: CA private key passphrase.
type: string
hidden: true
conditions: conditions:
service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
@ -102,3 +114,6 @@ outputs:
octavia::service_auth::project_name: 'service' octavia::service_auth::project_name: 'service'
octavia::service_auth::project_domain_name: 'Default' octavia::service_auth::project_domain_name: 'Default'
octavia::service_auth::user_domain_name: 'Default' octavia::service_auth::user_domain_name: 'Default'
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}

@ -39,7 +39,7 @@ parameters:
tag: openstack.octavia.worker tag: openstack.octavia.worker
path: /var/log/octavia/worker.log path: /var/log/octavia/worker.log
OctaviaAmphoraImageTag: OctaviaAmphoraImageTag:
default: '' default: 'amphora-image'
description: Glance image tag for identifying the amphora image. description: Glance image tag for identifying the amphora image.
type: string type: string
OctaviaAmphoraNetworkList: OctaviaAmphoraNetworkList:
@ -63,15 +63,13 @@ parameters:
default: false default: false
description: Configure the nova flavor for the amphora. description: Configure the nova flavor for the amphora.
type: boolean type: boolean
OctaviaSSHKeyName: OctaviaClientCertFile:
default: 'octavia-ssh-key' default: '/etc/octavia/certs/client.pem'
description: name for ssh key to be configured so the amphora can description: client certificate for amphoras
be logged into.
type: string type: string
conditions: conditions:
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]}
resources: resources:
@ -101,12 +99,8 @@ outputs:
octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId} octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId}
octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName} octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
- octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
if:
- octavia_amphora_tag_unset
- {}
- octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
- -
if: if:
- octavia_topology_unset - octavia_topology_unset