8b4707a1f5
Octavia uses PKI in order to securely communicate over REST between the control plane and the amphorae. However, there is no option to currently configure these options at the moment. This patch adds a class which helps configure these options to be able to successfully communicate with PKI. It is important that the SSL certificates must still be generated by the user. Change-Id: Ifbf5cd5118e6d02c514589ecbce9d49096faf242
41 lines
1.3 KiB
Puppet
41 lines
1.3 KiB
Puppet
# == Class: octavia::certificates
|
|
#
|
|
# Configure the octavia certificates for TLS authentication
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*ca_certificate*]
|
|
# (Optional) Path to the CA certificate for Octavia
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*ca_private_key*]
|
|
# (Optional) Path for private key used to sign certificates
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*ca_private_key_passphrase*]
|
|
# (Optional) CA password used to sign certificates
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*client_cert*]
|
|
# (Optional) Path for client certificate used to connect to amphorae.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
class octavia::certificates (
|
|
$ca_certificate = $::os_service_default,
|
|
$ca_private_key = $::os_service_default,
|
|
$ca_private_key_passphrase = $::os_service_default,
|
|
$client_cert = $::os_service_default,
|
|
) {
|
|
|
|
include ::octavia::deps
|
|
|
|
octavia_config {
|
|
'certificates/ca_certificate' : value => $ca_certificate;
|
|
'certificates/ca_private_key' : value => $ca_private_key;
|
|
'certificates/ca_private_key_passphrase' : value => $ca_private_key_passphrase;
|
|
'controller_worker/client_ca' : value => $ca_certificate;
|
|
'haproxy_amphora/client_cert' : value => $client_cert;
|
|
'haproxy_amphora/server_ca' : value => $ca_certificate;
|
|
}
|
|
}
|