Handle NodeTLSData resources for controller roles
In ocata (and newton), a custom role in place of the default controller didn't work, b/c not all of the controller specific resources were represented in role.role.j2.yaml. This patch makes it so that at least overcloud SSL configuration is handled by checking to see if the string "controller" is in the role name. This fixes the issue of using deployed-server with ssl for ocata. Change-Id: I7e8487208cc71a0780abc167d06902b9f3d3c983 Closes-Bug: #1751179
This commit is contained in:
parent
f9ded9307b
commit
eb8de76ad0
|
@ -454,14 +454,27 @@ resources:
|
|||
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
|
||||
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
|
||||
fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
|
||||
{%- if 'controller' in role.lower() %}
|
||||
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
|
||||
{%- endif -%}
|
||||
|
||||
# Resource for site-specific injection of root certificate
|
||||
NodeTLSCAData:
|
||||
depends_on: {{role}}Deployment
|
||||
depends_on: NetworkDeployment
|
||||
type: OS::TripleO::NodeTLSCAData
|
||||
properties:
|
||||
server: {get_resource: {{role}}}
|
||||
|
||||
{%- if 'controller' in role.lower() %}
|
||||
# Resource for site-specific passing of private keys/certificates
|
||||
NodeTLSData:
|
||||
depends_on: NodeTLSCAData
|
||||
type: OS::TripleO::NodeTLSData
|
||||
properties:
|
||||
server: {get_resource: {{role}}}
|
||||
NodeIndex: {get_param: NodeIndex}
|
||||
{%- endif -%}
|
||||
|
||||
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
|
||||
{{role}}ExtraConfigPre:
|
||||
depends_on: {{role}}Deployment
|
||||
|
@ -472,7 +485,13 @@ resources:
|
|||
# Hook for site-specific additional pre-deployment config,
|
||||
# applying to all nodes, e.g node registration/unregistration
|
||||
NodeExtraConfig:
|
||||
depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
|
||||
depends_on:
|
||||
- {{role}}ExtraConfigPre
|
||||
{%- if 'controller' in role.lower() %}
|
||||
- NodeTLSData
|
||||
{%- else %}
|
||||
- NodeTLSCAData
|
||||
{%- endif %}
|
||||
type: OS::TripleO::NodeExtraConfig
|
||||
properties:
|
||||
server: {get_resource: {{role}}}
|
||||
|
@ -596,3 +615,11 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
|||
management_ip_address:
|
||||
description: IP address of the server in the management network
|
||||
value: {get_attr: [ManagementPort, ip_address]}
|
||||
{%- if 'controller' in role.lower() %}
|
||||
tls_key_modulus_md5:
|
||||
description: MD5 checksum of the TLS Key Modulus
|
||||
value: {get_attr: [NodeTLSData, key_modulus_md5]}
|
||||
tls_cert_modulus_md5:
|
||||
description: MD5 checksum of the TLS Certificate Modulus
|
||||
value: {get_attr: [NodeTLSData, cert_modulus_md5]}
|
||||
{%- endif %}
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
fixes:
|
||||
- The custom roles for deployed-server in deployed-server-roles-data.yaml
|
||||
will now work when configuring overcloud SSL.
|
Loading…
Reference in New Issue