Remove certificate request bits from service profiles
This is now the job of the certmonger_user profile. So these bits are not needed anymore in the service profiles. Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800 Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
This commit is contained in:
parent
2102a610c1
commit
d9916ce773
|
@ -39,14 +39,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
|
@ -57,17 +49,12 @@ class tripleo::profile::base::aodh::api (
|
|||
$aodh_network = hiera('aodh_api_network', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
|
||||
include ::tripleo::profile::base::aodh
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$aodh_network {
|
||||
fail('aodh_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -43,14 +43,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
|
@ -105,7 +97,6 @@ class tripleo::profile::base::barbican::api (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$step = hiera('step'),
|
||||
$oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
|
||||
|
@ -126,10 +117,6 @@ class tripleo::profile::base::barbican::api (
|
|||
}
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$barbican_network {
|
||||
fail('barbican_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -39,14 +39,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
|
@ -56,16 +48,11 @@ class tripleo::profile::base::ceilometer::api (
|
|||
$ceilometer_network = hiera('ceilometer_api_network', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
include ::tripleo::profile::base::ceilometer
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$ceilometer_network {
|
||||
fail('ceilometer_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -43,14 +43,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
|
@ -61,7 +53,6 @@ class tripleo::profile::base::cinder::api (
|
|||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$cinder_api_network = hiera('cinder_api_network', undef),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
if $::hostname == downcase($bootstrap_node) {
|
||||
|
@ -73,10 +64,6 @@ class tripleo::profile::base::cinder::api (
|
|||
include ::tripleo::profile::base::cinder
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$cinder_api_network {
|
||||
fail('cinder_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -47,12 +47,6 @@
|
|||
# limit for the mysql service.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# MySQL. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*manage_resources*]
|
||||
# (Optional) Whether or not manage root user, root my.cnf, and service.
|
||||
# Defaults to true
|
||||
|
@ -82,7 +76,6 @@ class tripleo::profile::base::database::mysql (
|
|||
$certificate_specs = {},
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_dropin_file_limit = false,
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$manage_resources = true,
|
||||
$mysql_server_options = {},
|
||||
$mysql_max_connections = hiera('mysql_max_connections', undef),
|
||||
|
@ -100,9 +93,6 @@ class tripleo::profile::base::database::mysql (
|
|||
validate_hash($certificate_specs)
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resource('class', 'tripleo::certmonger::mysql', $certificate_specs)
|
||||
}
|
||||
$tls_certfile = $certificate_specs['service_certificate']
|
||||
$tls_keyfile = $certificate_specs['service_key']
|
||||
} else {
|
||||
|
|
|
@ -38,14 +38,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*glance_backend*]
|
||||
# (Optional) Glance backend(s) to use.
|
||||
# Defaults to downcase(hiera('glance_backend', 'swift'))
|
||||
|
@ -91,7 +83,6 @@ class tripleo::profile::base::glance::api (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$glance_backend = downcase(hiera('glance_backend', 'swift')),
|
||||
$glance_network = hiera('glance_api_network', undef),
|
||||
$glance_nfs_enabled = false,
|
||||
|
@ -102,10 +93,6 @@ class tripleo::profile::base::glance::api (
|
|||
$tls_proxy_fqdn = undef,
|
||||
$tls_proxy_port = 9292,
|
||||
) {
|
||||
if $enable_internal_tls and $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
|
|
|
@ -38,14 +38,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*gnocchi_backend*]
|
||||
# (Optional) Gnocchi backend string file, swift or rbd
|
||||
# Defaults to swift
|
||||
|
@ -64,7 +56,6 @@ class tripleo::profile::base::gnocchi::api (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')),
|
||||
$gnocchi_network = hiera('gnocchi_api_network', undef),
|
||||
$step = hiera('step'),
|
||||
|
@ -78,10 +69,6 @@ class tripleo::profile::base::gnocchi::api (
|
|||
include ::tripleo::profile::base::gnocchi
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$gnocchi_network {
|
||||
fail('gnocchi_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -36,14 +36,6 @@
|
|||
# (Optional) Whether or not loadbalancer is enabled.
|
||||
# Defaults to hiera('enable_load_balancer', true).
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
|
@ -52,18 +44,10 @@
|
|||
class tripleo::profile::base::haproxy (
|
||||
$certificates_specs = {},
|
||||
$enable_load_balancer = hiera('enable_load_balancer', true),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
if $step >= 1 {
|
||||
if $enable_load_balancer {
|
||||
if str2bool($generate_service_certificates) {
|
||||
ensure_resources('tripleo::certmonger::haproxy', $certificates_specs)
|
||||
# The haproxy fronends (or listen resources) depend on the certificate
|
||||
# existing and need to be refreshed if it changed.
|
||||
Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
|
||||
}
|
||||
|
||||
class {'::tripleo::haproxy':
|
||||
internal_certificates_specs => $certificates_specs,
|
||||
}
|
||||
|
|
|
@ -34,14 +34,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*heat_api_network*]
|
||||
# (Optional) The network name where the heat API endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
|
@ -55,17 +47,12 @@
|
|||
class tripleo::profile::base::heat::api (
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$heat_api_network = hiera('heat_api_network', undef),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
include ::tripleo::profile::base::heat
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$heat_api_network {
|
||||
fail('heat_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -34,14 +34,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*heat_api_cfn_network*]
|
||||
# (Optional) The network name where the heat cfn endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
|
@ -55,17 +47,12 @@
|
|||
class tripleo::profile::base::heat::api_cfn (
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
include ::tripleo::profile::base::heat
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$heat_api_cfn_network {
|
||||
fail('heat_api_cfn_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -34,14 +34,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*heat_api_cloudwatch_network*]
|
||||
# (Optional) The network name where the heat cloudwatch endpoint is listening
|
||||
# on. This is set by t-h-t.
|
||||
|
@ -55,17 +47,12 @@
|
|||
class tripleo::profile::base::heat::api_cloudwatch (
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
include ::tripleo::profile::base::heat
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$heat_api_cloudwatch_network {
|
||||
fail('heat_api_cloudwatch_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -43,14 +43,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*heat_admin_domain*]
|
||||
# domain name for heat admin
|
||||
# Defaults to undef
|
||||
|
@ -130,7 +122,6 @@ class tripleo::profile::base::keystone (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$heat_admin_domain = undef,
|
||||
$heat_admin_email = undef,
|
||||
$heat_admin_password = undef,
|
||||
|
@ -163,10 +154,6 @@ class tripleo::profile::base::keystone (
|
|||
}
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$public_endpoint_network {
|
||||
fail('keystone_public_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -43,14 +43,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*l3_ha_override*]
|
||||
# (Optional) Override the calculated value for neutron::server::l3_ha
|
||||
# by default this is calculated to enable when DVR is not enabled
|
||||
|
@ -95,7 +87,6 @@ class tripleo::profile::base::neutron::server (
|
|||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$dvr_enabled = hiera('neutron::server::router_distributed', false),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$l3_ha_override = '',
|
||||
$l3_nodes = hiera('neutron_l3_short_node_names', []),
|
||||
$neutron_network = hiera('neutron_api_network', undef),
|
||||
|
@ -104,10 +95,6 @@ class tripleo::profile::base::neutron::server (
|
|||
$tls_proxy_fqdn = undef,
|
||||
$tls_proxy_port = 9696,
|
||||
) {
|
||||
if $enable_internal_tls and $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
|
|
|
@ -36,14 +36,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*nova_api_network*]
|
||||
# (Optional) The network name where the nova API endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
|
@ -63,7 +55,6 @@ class tripleo::profile::base::nova::api (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$nova_api_network = hiera('nova_api_network', undef),
|
||||
$nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false),
|
||||
$step = hiera('step'),
|
||||
|
@ -93,10 +84,6 @@ class tripleo::profile::base::nova::api (
|
|||
# https://bugs.launchpad.net/nova/+bug/1661360
|
||||
if $nova_api_wsgi_enabled {
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$nova_api_network {
|
||||
fail('nova_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -36,14 +36,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*nova_placement_network*]
|
||||
# (Optional) The network name where the nova placement endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
|
@ -58,7 +50,6 @@ class tripleo::profile::base::nova::placement (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$nova_placement_network = hiera('nova_placement_network', undef),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
|
@ -72,10 +63,6 @@ class tripleo::profile::base::nova::placement (
|
|||
include ::tripleo::profile::base::nova::authtoken
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$nova_placement_network {
|
||||
fail('nova_placement_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -38,14 +38,6 @@
|
|||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to hiera('enable_internal_tls', false)
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# HAProxy. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Note that this doesn't configure the certificates in haproxy, it merely
|
||||
# creates the certificates.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*panko_network*]
|
||||
# (Optional) The network name where the panko endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
|
@ -60,7 +52,6 @@ class tripleo::profile::base::panko::api (
|
|||
$bootstrap_node = hiera('bootstrap_nodeid', undef),
|
||||
$certificates_specs = hiera('apache_certificates_specs', {}),
|
||||
$enable_internal_tls = hiera('enable_internal_tls', false),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$panko_network = hiera('panko_api_network', undef),
|
||||
$step = hiera('step'),
|
||||
) {
|
||||
|
@ -73,10 +64,6 @@ class tripleo::profile::base::panko::api (
|
|||
include ::tripleo::profile::base::panko
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$panko_network {
|
||||
fail('panko_api_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -42,12 +42,6 @@
|
|||
# (Optional) RabbitMQ environment.
|
||||
# Defaults to hiera('rabbitmq_environment').
|
||||
#
|
||||
# [*generate_service_certificates*]
|
||||
# (Optional) Whether or not certmonger will generate certificates for
|
||||
# MySQL. This could be as many as specified by the $certificates_specs
|
||||
# variable.
|
||||
# Defaults to hiera('generate_service_certificate', false).
|
||||
#
|
||||
# [*inet_dist_interface*]
|
||||
# (Optional) Address to bind the inter-cluster interface
|
||||
# to. It is the inet_dist_use_interface option in the kernel variables
|
||||
|
@ -87,7 +81,6 @@ class tripleo::profile::base::rabbitmq (
|
|||
$config_variables = hiera('rabbitmq_config_variables'),
|
||||
$enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t
|
||||
$environment = hiera('rabbitmq_environment'),
|
||||
$generate_service_certificates = hiera('generate_service_certificates', false),
|
||||
$inet_dist_interface = hiera('rabbitmq::interface', undef),
|
||||
$ipv6 = str2bool(hiera('rabbit_ipv6', false)),
|
||||
$kernel_variables = hiera('rabbitmq_kernel_variables'),
|
||||
|
@ -98,9 +91,6 @@ class tripleo::profile::base::rabbitmq (
|
|||
$step = hiera('step'),
|
||||
) {
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs)
|
||||
}
|
||||
$tls_certfile = $certificate_specs['service_certificate']
|
||||
$tls_keyfile = $certificate_specs['service_key']
|
||||
} else {
|
||||
|
|
|
@ -49,7 +49,6 @@ eos
|
|||
let(:params) { {
|
||||
:step => 1,
|
||||
:enable_internal_tls => true,
|
||||
:generate_service_certificates => true,
|
||||
:nova_placement_network => 'bar',
|
||||
:certificates_specs => {
|
||||
'httpd-bar' => {
|
||||
|
@ -63,7 +62,6 @@ eos
|
|||
it {
|
||||
is_expected.to contain_class('tripleo::profile::base::nova::placement')
|
||||
is_expected.to contain_class('tripleo::profile::base::nova')
|
||||
is_expected.to contain_tripleo__certmonger__httpd('httpd-bar')
|
||||
is_expected.to_not contain_class('nova::keystone::authtoken')
|
||||
is_expected.to_not contain_class('nova::wsgi::apache_placement')
|
||||
}
|
||||
|
@ -87,7 +85,6 @@ eos
|
|||
let(:params) { {
|
||||
:step => 3,
|
||||
:enable_internal_tls => true,
|
||||
:generate_service_certificates => false,
|
||||
:nova_placement_network => 'bar',
|
||||
:certificates_specs => {
|
||||
'httpd-bar' => {
|
||||
|
@ -102,7 +99,6 @@ eos
|
|||
it {
|
||||
is_expected.to contain_class('tripleo::profile::base::nova::placement')
|
||||
is_expected.to contain_class('tripleo::profile::base::nova')
|
||||
is_expected.to_not contain_tripleo__certmonger__httpd('foo')
|
||||
is_expected.to contain_class('nova::keystone::authtoken')
|
||||
is_expected.to contain_class('nova::wsgi::apache_placement').with(
|
||||
:ssl_cert => '/foo.pem',
|
||||
|
|
Loading…
Reference in New Issue