diff --git a/deployment/apache/apache-baremetal-puppet.j2.yaml b/deployment/apache/apache-baremetal-puppet.j2.yaml index 70767cd8a4..50e57cd55e 100644 --- a/deployment/apache/apache-baremetal-puppet.j2.yaml +++ b/deployment/apache/apache-baremetal-puppet.j2.yaml @@ -56,12 +56,10 @@ parameters: certificate for this service conditions: - - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: ApacheCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: ApacheCertificateKeySize}, '']} resources: - ApacheNetworks: type: OS::Heat::Value properties: @@ -73,7 +71,7 @@ resources: {%- for network in networks if network.enabled|default(true) and network.vip|default(false) %} - {{network.name_lower}} {%- endfor %} -{% raw -%} + outputs: role_data: description: Role data for the Apache role. @@ -81,12 +79,11 @@ outputs: service_name: apache config_settings: map_merge: - - # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - apache::ip: + - apache::ip: str_replace: template: "%{hiera('$NETWORK')}" @@ -105,9 +102,8 @@ outputs: - {get_param: [ServiceNetMap, ApacheNetwork]} apache::mod::alias::icons_options: 'None' - if: - - internal_tls_enabled - - - apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile} + - {get_param: EnableInternalTLS} + - apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile} apache::mod::ssl::ssl_protocol: ['all', '-SSLv2', '-SSLv3', '-TLSv1'] apache_certificates_specs: map_merge: @@ -118,19 +114,16 @@ outputs: service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' for_each: NETWORK: {get_attr: [ApacheNetworks, value]} - - {} metadata_settings: if: - - internal_tls_enabled - - - repeat: + - {get_param: EnableInternalTLS} + - repeat: template: - service: HTTP network: $NETWORK type: node for_each: $NETWORK: {get_attr: [ApacheNetworks, value]} - - null upgrade_tasks: [] deploy_steps_tasks: - name: Certificate generation @@ -140,7 +133,7 @@ outputs: block: - name: Create dirs for certificates and keys file: - path: "{{ item }}" + path: "{% raw %}{{ item }}{% endraw %}" state: directory serole: object_r setype: cert_t @@ -155,18 +148,17 @@ outputs: repeat: template: name: httpd-NETWORK - dns: "{{fqdn_NETWORK}}" - principal: "HTTP/{{fqdn_NETWORK}}@{{idm_realm}}" + dns: "{% raw %}{{ fqdn_NETWORK }}{% endraw %}" + principal: "{% raw %}HTTP/{{ fqdn_NETWORK }}@{{ idm_realm }}{% endraw %}" run_after: | cp /etc/pki/tls/certs/httpd-NETWORK.crt /etc/pki/tls/certs/httpd/httpd-NETWORK.crt cp /etc/pki/tls/private/httpd-NETWORK.key /etc/pki/tls/private/httpd/httpd-NETWORK.key pkill -USR1 httpd key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: ApacheCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa for_each: NETWORK: {get_attr: [ApacheNetworks, value]} -{%- endraw %}