openstack/tripleo-heat-templates
Code Issues Proposed changes

Enable internal TLS for aodh

Browse Source 
This adds the necessary hieradata for enabling TLS in the internal
network for aodh.

bp tls-via-certmonger

Change-Id: I2ea160e3ac0775404d6ed302f475268d3a3031ef
Depends-On: I50ef0c8fbecb19d6597a28290daa61a91f3b13fc
This commit is contained in:
Juan Antonio Osorio Robles 2016-09-27 08:45:37 +00:00
parent 660dbd5afb
commit eb114773ac
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
puppet/services/aodh-api.yaml
View File

@ -26,6 +26,9 @@ parameters:
description: Combination alarms are deprecated in Newton, hence disabled description: Combination alarms are deprecated in Newton, hence disabled
by default. To enable, set this parameter to true. by default. To enable, set this parameter to true.
type: boolean type: boolean
EnableInternalTLS:
type: boolean
default: false
resources: resources:
AodhBase: AodhBase:
@ -41,6 +44,7 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap} ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap} EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs: outputs:
role_data: role_data:
@ -52,7 +56,7 @@ outputs:
map_merge: map_merge:
- get_attr: [AodhBase, role_data, config_settings] - get_attr: [AodhBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false - aodh::wsgi::apache::ssl: {get_param: EnableInternalTLS}
aodh::wsgi::apache::servername: aodh::wsgi::apache::servername:
str_replace: str_replace:
template: template:
@ -66,13 +70,18 @@ outputs:
dport: dport:
- 8042 - 8042
- 13042 - 13042
aodh::api::host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the # NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
# (eg. for internal_api): # (eg. for internal_api):
# internal_api -> IP # internal_api -> IP
# internal_api_uri -> [IP] # internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR # internal_api_subnet - > IP/CIDR
aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
service_config_settings: service_config_settings: