With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
We do not need to add an if: internal_tls_enabled in a number of
ansible tasks. enabled_internal_tls is already defined as an ansible
fact in common/deploy-steps.j2:
enable_internal_tls: {get_param: EnableInternalTLS}
So when the service uses the enable_internal_tls condition and it points
to the EnableInternalTLS param, we can just use the ansible fact
directly. Note that if the enable_internal_tls condition points to
something else than the mere EnableInternalTLS we may not do this
cleanup.
Change-Id: Idb07cbc8fc3a4d73ff52c54d869310fd6c49b502
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
Adding the ability to specifies the private key size
used when creating the certificate. We have defined the
default value the same as we have before 2048 bits.
Also, it'll be able to override the key_size value
per service.
Depends-on: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
Change-Id: Ic2edabb7f1bd0caf4a5550d03f60fab7c8354d65
Remove ApacheMaxMaxClients property to set apache::mod::prefork::maxclients
and add ApacheMaxRequestWorkers to set apache::mod::prefork::maxrequestworkers
as the current setting ApacheMaxRequestWorkers sets maxclients and this
is confusing. This was due to maxclients being renamed to maxrequestworkers
in the apache configuration so was legacy naming.
Change-Id: I4e0e1beb733ae1c41d74d488481230026611c6c0
Closes-bug: #1871643
Without this change we were unable to deploy TLS Everywhere with
management network. This is because the service principal is not
created due to VIP being set to false in network_data.yaml
Closes-Bug: #1861097
Resolves: rhbz#1777605
Change-Id: I43fd5f67c1a0be6eaa1752575349e64329cada4a
Allow to configure Apache MPM module for the containerized API/WSGI'ish
services running Apache as a backend. Change the default from 'prefork'
to 'event', which is a low level change and should provide no sensible
upgrade impact. This alleviates the related heartbeats threading issue
arising with the monkey-patched eventlet.
Merge the missing ApacheServiceBase config settings for Octavia API,
Horizon and Ironix PXE. This is needed to apply the base Apache
service hiera settings, including MPM module switches, for those
as well.
Related-bug: #1829062
Change-Id: Ia65af7a9d6ae106a61ec52912bebba72830d5f28
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
In OpenStack, httpd doesn't need to allow a directory listing to icons
directory. This fix sets 'None' to Options for icons directories of
all httpd servers.
Change-Id: I7c34901d6f3bb7f4c4bb2494b760bcd0cbcd97b2
Signed-off-by: Keigo Noha <knoha@redhat.com>
Move the apache service undercloud the deployment directory.
Change-Id: Iead4f910390cb75f56f96da2d24889a461275c9d
Related-Blueprint: services-yaml-flattening