Fix the mounting issues for the TLS everywhere deployment
This patch adds the CRL directory to the haproxy in case of TLS
everywhere deployment, it also removes the duplicated CA file
from the haproxy and rabbitmq containers.
Depends-On: I836ab1a23c8aea35c0cea54d0765c7313a4b9038
Closes-Bug: #1860638
Closes-Bug: #1860641
Change-Id: I7d18befc51a4afb404b39ebdd8b1ccab4dfdf744
(cherry picked from commit c155ea701e
)
This commit is contained in:
parent
74a753f115
commit
8df8c9e382
|
@ -104,6 +104,10 @@ parameters:
|
|||
type: string
|
||||
description: Specifies the default CRL PEM file to use for revocation if
|
||||
TLS is used for services in the internal network.
|
||||
InternalTLSCRLPEMDir:
|
||||
default: '/etc/pki/CA/crl/'
|
||||
type: string
|
||||
description: The directory of the CRL PEM file to be mounted.
|
||||
|
||||
conditions:
|
||||
puppet_debug_enabled: {get_param: ConfigDebug}
|
||||
|
@ -218,6 +222,11 @@ outputs:
|
|||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro,shared'
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCRLPEMDir}
|
||||
- {get_param: InternalTLSCRLPEMDir}
|
||||
- 'ro,shared'
|
||||
- null
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/haproxy.json:
|
||||
|
@ -279,8 +288,8 @@ outputs:
|
|||
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro,shared
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- - {get_param: InternalTLSCRLPEMDir}
|
||||
- {get_param: InternalTLSCRLPEMDir}
|
||||
- 'ro'
|
||||
- null
|
||||
environment:
|
||||
|
|
|
@ -43,11 +43,6 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RabbitUserName:
|
||||
default: guest
|
||||
description: The username for RabbitMQ
|
||||
|
@ -284,11 +279,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
@ -324,11 +314,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
|
|
@ -43,11 +43,6 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
NotifyPort:
|
||||
default: 5672
|
||||
description: The network port for messaging Notify backend
|
||||
|
@ -225,11 +220,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
@ -266,11 +256,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
|
|
@ -43,11 +43,6 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
|
@ -225,11 +220,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
@ -266,11 +256,6 @@ outputs:
|
|||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
||||
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
||||
- null
|
||||
|
|
Loading…
Reference in New Issue