openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Enable TLS for ec2api metadata service 

bp tls-via-certmonger
Depends-On: Id7d487abb65cf17cd65626e582bf4ff950b4395c

Change-Id: Ibc1340f276409dc8d71fb57dc71bae6a40263a5c
This commit is contained in:
Rajesh Tailor 2017-10-12 15:40:28 +05:30
parent 23a710ac3c
commit 5ac3f3cc2c
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
puppet/services/ec2-api.yaml
View File

@ -124,11 +124,14 @@ outputs:
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
ec2api::metadata::metadata_listen:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
ec2api::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
@ -165,6 +168,13 @@ outputs:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiNetwork]}
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_bind_ip:
get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]
tripleo::profile::base::nova::ec2api::metadata_tls_proxy_fqdn:
str_replace:
template: "%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
- {}
step_config: |
include tripleo::profile::base::nova::ec2api