openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Only set apache certificates if TLS everywhere is enabled"

This commit is contained in:
Jenkins 2017-05-17 15:37:49 +00:00 committed by Gerrit Code Review
parent 013e27fe0d 30bd4f5189
commit 1324f2f1c9
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
puppet/services/apache.yaml
View File

@ -84,21 +84,24 @@ outputs:
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips: apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}" - "%{hiera('apache_remote_proxy_ips_network')}"
- - if:
generate_service_certificates: true - internal_tls_enabled
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' -
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' generate_service_certificates: true
apache_certificates_specs: tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
map_merge: tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
repeat: apache_certificates_specs:
template: map_merge:
httpd-NETWORK: repeat:
service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' template:
service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' httpd-NETWORK:
hostname: "%{hiera('fqdn_NETWORK')}" service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
principal: "HTTP/%{hiera('fqdn_NETWORK')}" service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
for_each: hostname: "%{hiera('fqdn_NETWORK')}"
NETWORK: {get_attr: [ApacheNetworks, value]} principal: "HTTP/%{hiera('fqdn_NETWORK')}"
for_each:
NETWORK: {get_attr: [ApacheNetworks, value]}
- {}
metadata_settings: metadata_settings:
if: if:
- internal_tls_enabled - internal_tls_enabled