openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Request certificate for using host service principals"

Browse Source
This commit is contained in:
Zuul 2019-03-14 07:54:06 +00:00 committed by Gerrit Code Review
commit b9fd01cc68
3 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deployment/database/mysql-base.yaml
View File

@ -133,7 +133,7 @@ outputs:
service_key: '/etc/pki/tls/private/mysql.key'
hostname:
str_replace:
template: "%{hiera('cloud_name_NETWORK')}"
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
dnsnames:
@ -143,12 +143,12 @@ outputs:
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
- str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
"%{hiera('fqdn_NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
principal:
str_replace:
template: "mysql/%{hiera('cloud_name_NETWORK')}"
template: "mysql/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
- {}

19
deployment/database/redis-container-puppet.yaml
View File

@ -94,12 +94,22 @@ outputs:
service_key: '/etc/pki/tls/private/redis.key'
hostname:
str_replace:
template: "%{hiera('cloud_name_NETWORK')}"
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
dnsnames:
- str_replace:
template: "%{hiera('cloud_name_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
- str_replace:
template:
"%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
principal:
str_replace:
template: "redis/%{hiera('cloud_name_NETWORK')}"
template: "redis/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
@ -197,8 +207,11 @@ outputs:
- internal_tls_enabled
-
- service: redis
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
network: {get_param: [ServiceNetMap, RedisNetwork]}
type: vip
- service: redis
network: {get_param: [ServiceNetMap, RedisNetwork]}
type: node
- null
host_prep_tasks:
- name: create persistent directories

10
deployment/haproxy/haproxy-internal-tls-certmonger.j2.yaml
View File

@ -86,8 +86,11 @@ outputs:
- ''
- - {get_param: HAProxyInternalTLSKeysDirectory}
- '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
hostname: "%{hiera('fqdn_NETWORK')}"
dnsnames:
- "%{hiera('cloud_name_NETWORK')}"
- "%{hiera('fqdn_NETWORK')}"
principal: "haproxy/%{hiera('fqdn_NETWORK')}"
postsave_cmd: "/usr/bin/certmonger-haproxy-refresh.sh reload NETWORK"
for_each:
NETWORK: {get_attr: [HAProxyNetworks, value]}
@ -97,5 +100,8 @@ outputs:
- service: haproxy
network: $NETWORK
type: vip
- service: haproxy
network: $NETWORK
type: node
for_each:
$NETWORK: {get_attr: [HAProxyNetworks, value]}