From 78d204afb8760915bb32d15a318b20e02176473d Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Date: Fri, 25 Dec 2020 18:09:29 +0200
Subject: [PATCH] Use barbican for certificates storage

Octavia can do SSL termination only in case when barbican is available.
We should be able to add required configuration section only when barbican
is also present in inventory

Change-Id: Ie319fd02cdd60f8a8ac65f0508e9075f40839ae9
---
 defaults/main.yml         | 3 +++
 templates/octavia.conf.j2 | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4e593922..369871f8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -58,6 +58,9 @@ octavia_clients_endpoint: internalURL
 
 octavia_auth_strategy: keystone
 
+## Barbican certificates
+octavia_barbican_enabled: false
+
 ## Cinder Volume
 octavia_cinder_enabled: False
 
diff --git a/templates/octavia.conf.j2 b/templates/octavia.conf.j2
index 4f730078..9e8c8a06 100644
--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@@ -66,14 +66,15 @@ memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}
 
 [certificates]
-# cert_generator = local_cert_generator
-
-# For local certificate signing (development only):
 ca_certificate = /etc/octavia/certs/ca.pem
 ca_private_key = /etc/octavia/certs/ca_key.pem
 ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
 signing_digest = {{ octavia_signing_digest }}
+{% if octavia_barbican_enabled %}
+cert_manager = barbican_cert_manager
 endpoint_type = {{ octavia_clients_endpoint }}
+region_name = {{ keystone_service_region }}
+{% endif %}
 
 [haproxy_amphora]
 {% if octavia_haproxy_amphora_template is defined %}