Use barbican for certificates storage

Octavia can do SSL termination only in case when barbican is available. We should be able to add required configuration section only when barbican is also present in inventory Change-Id: Ie319fd02cdd60f8a8ac65f0508e9075f40839ae9
2020-12-25 18:09:29 +02:00 · 2020-12-25 18:09:29 +02:00 · 78d204afb8
commit 78d204afb8
parent 44d0a6d398
2 changed files with 7 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -58,6 +58,9 @@ octavia_clients_endpoint: internalURL

 octavia_auth_strategy: keystone

+## Barbican certificates
+octavia_barbican_enabled: false
+
 ## Cinder Volume
 octavia_cinder_enabled: False

--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@ -66,14 +66,15 @@ memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}

 [certificates]
-# cert_generator = local_cert_generator
-
-# For local certificate signing (development only):
 ca_certificate = /etc/octavia/certs/ca.pem
 ca_private_key = /etc/octavia/certs/ca_key.pem
 ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
 signing_digest = {{ octavia_signing_digest }}
+{% if octavia_barbican_enabled %}
+cert_manager = barbican_cert_manager
 endpoint_type = {{ octavia_clients_endpoint }}
+region_name = {{ keystone_service_region }}
+{% endif %}

 [haproxy_amphora]
 {% if octavia_haproxy_amphora_template is defined %}