O:config_master: use cfssl for tls

Change-Id: I542564ebe6ea815fd59c1e4d0b845ae8c3c6d4e6
wikimedia · Aug 1, 2023 · 131906b · 131906b
1 parent 8377aa4
commit 131906b
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/hieradata/role/common/config_master.yaml b/hieradata/role/common/config_master.yaml
@@ -1,5 +1,12 @@
+profile::contacts::role_contacts: ['Infrastructure Foundations']
 profile::configmaster::server_name: config-master.wikimedia.org
 profile::configmaster::server_aliases:
   - 'config-master.discovery.wmnet'
   - "config-master.%{::site}.wmnet"
+  - "%{facts.networking.fqdn}"
 profile::configmaster::enable_nda: true
+profile::tlsproxy::envoy::ssl_provider: cfssl
+profile::tlsproxy::envoy::global_cert_name: "%{alias('profile::configmaster::server_name')}"
+profile::tlsproxy::envoy::cfssl_options:
+  hosts: "%{alias('profile::configmaster::server_aliases')}"
+