Refactor map file to import role data only
This patch update map.file to add default for cacert_file in the
role data.
Change-Id: I93684f6bafebf6b0e0443528f5774a74867c23ca
Related-Prod: PROD-16501
diff --git a/barbican/_ssl.sls b/barbican/_ssl.sls
index bdce50f..592c4ea 100644
--- a/barbican/_ssl.sls
+++ b/barbican/_ssl.sls
@@ -1,4 +1,4 @@
-{%- from "barbican/map.jinja" import server, system_cacerts_file with context %}
+{%- from "barbican/map.jinja" import server with context %}
{#
@@ -20,7 +20,7 @@
- makedirs: true
{% else %}
file.exists:
- - name: {{ server.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{% endif %}
- watch_in:
- service: barbican_server_services
@@ -39,7 +39,7 @@
- makedirs: true
{% else %}
file.exists:
- - name: {{ server.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ server.database.ssl.get('cacert_file', server.cacert_file) }}
{% endif %}
- watch_in:
- service: barbican_server_services
diff --git a/barbican/files/ocata/barbican.conf.Debian b/barbican/files/ocata/barbican.conf.Debian
index a3247ea..83f73e1 100644
--- a/barbican/files/ocata/barbican.conf.Debian
+++ b/barbican/files/ocata/barbican.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "barbican/map.jinja" import server, system_cacerts_file with context -%}
+{%- from "barbican/map.jinja" import server with context -%}
[DEFAULT]
# Show debugging output in logs (sets DEBUG log level output)
#debug = True
@@ -40,7 +40,7 @@
#sql_connection = sqlite:///barbican.sqlite
# Note: For absolute addresses, use '////' slashes after 'sqlite:'
# Uncomment for a more global development environment
-sql_connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.ssl.enabled %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+sql_connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.ssl.enabled %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
db_auto_create = False
# Period in seconds after which SQLAlchemy should reestablish its connection
@@ -133,7 +133,7 @@
[oslo_messaging_rabbit]
{%- if server.message_queue.ssl.enabled %}
rabbit_use_ssl=true
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- if server.message_queue.ssl.version is defined %}
kombu_ssl_version = {{ server.message_queue.ssl.version }}
{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
diff --git a/barbican/map.jinja b/barbican/map.jinja
index 33ca3c1..8f536b1 100644
--- a/barbican/map.jinja
+++ b/barbican/map.jinja
@@ -24,6 +24,9 @@
- libnss3-tools
- python-nss
- pki-base
+ cacert_file: /etc/ssl/certs/ca-certificates.crt
+RedHat:
+ cacert_file: /etc/pki/tls/certs/ca-bundle.crt
{%- endload %}
{%- load_yaml as client_defaults %}
@@ -44,4 +47,3 @@
{%- endif %}
{%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('barbican:client')) %}
-{%- set system_cacerts_file = salt['grains.filter_by']({'Debian': '/etc/ssl/certs/ca-certificates.crt','RedHat': '/etc/pki/tls/certs/ca-bundle.crt'})%}