diff --git a/deployment/apache/apache-baremetal-puppet.j2.yaml b/deployment/apache/apache-baremetal-puppet.j2.yaml index 95393422ff..b17ac6872a 100644 --- a/deployment/apache/apache-baremetal-puppet.j2.yaml +++ b/deployment/apache/apache-baremetal-puppet.j2.yaml @@ -72,9 +72,12 @@ resources: # NOTE(xek) Get unique network names to create certificates. # We skip the tenant and management network (vip != false) # since we don't generate certificates for those. - - ctlplane -{%- for network in networks if network.enabled|default(true) and network.vip|default(false) %} - - {{network.name_lower}} +{%- for role in roles %} + {{ role.name }}: + - ctlplane +{%- for network in networks if network.name in role.networks and network.enabled|default(true) and network.vip|default(false) %} + - {{network.name_lower}} +{%- endfor %} {%- endfor %} outputs: @@ -119,7 +122,7 @@ outputs: service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]} metadata_settings: if: - {get_param: EnableInternalTLS} @@ -129,7 +132,7 @@ outputs: network: $NETWORK type: node for_each: - $NETWORK: {get_attr: [ApacheNetworks, value]} + $NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]} upgrade_tasks: [] deploy_steps_tasks: - name: Certificate generation @@ -167,4 +170,4 @@ outputs: - {get_param: CertificateKeySize} ca: ipa for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}