Use TLS proxy for neutron server's internal TLS

This uses the tls_proxy resource added in a previous commit [1] in
front of the neutron server when internal TLS is enabled. Right
now values are passed quite manually, but a subsequent commit will use
t-h-t to pass the appropriate hieradata, and then we'll be able to
clean it up from here.

Note that the proxy is only deployed when internal TLS is enabled.

[1] I82243fd3acfe4f23aab373116b78e1daf9d08467

bp tls-via-certmonger

Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e

1 files changed, 13 insertions, 0 deletions

diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp
index e6a32db..3de50c2 100644
--- a/manifests/profile/base/neutron.pp
+++ b/manifests/profile/base/neutron.pp
@@ -35,9 +35,22 @@ class tripleo::profile::base::neutron (
   $rabbit_hosts = hiera('rabbitmq_node_names', undef),
   $rabbit_port  = hiera('neutron::rabbit_port', 5672),
 ) {
+
+  # TODO(jaosorior): Remove this when we pass it via t-h-t
+  if hiera('enable_internal_tls', false) {
+    $bind_host = 'localhost'
+  } else {
+    # This is executed in all of the nodes that use something neutron-related,
+    # so we set the defalut, since the bind_host is only available in the
+    # controllers. Either way, this will be removed and set properly via t-h-t
+    # in a subsequent commit.
+    $bind_host = hiera('neutron::bind_host', $::os_service_default)
+  }
+
   if $step >= 3 {
     $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
     class { '::neutron' :
+      bind_host    => $bind_host,
       rabbit_hosts => $rabbit_endpoints,
     }
     include ::neutron::config