diff options
-rw-r--r-- | manifests/profile/base/aodh/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/barbican/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/ceilometer/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/cinder/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/gnocchi/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/heat/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/heat/api_cfn.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/heat/api_cloudwatch.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/keystone.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/nova/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/nova/placement.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/panko/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/zaqar.pp | 1 | ||||
-rw-r--r-- | releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml | 10 |
14 files changed, 23 insertions, 0 deletions
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 22fc000..5c539fc 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -68,6 +68,7 @@ class tripleo::profile::base::aodh::api ( if $step >= 3 { include ::aodh::api + include ::apache::mod::ssl class { '::aodh::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 71e4ea1..211e442 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -158,6 +158,7 @@ class tripleo::profile::base::barbican::api ( include ::barbican::api::logging include ::barbican::keystone::notification include ::barbican::quota + include ::apache::mod::ssl class { '::barbican::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 1080355..0176380 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -65,6 +65,7 @@ class tripleo::profile::base::ceilometer::api ( if $step >= 3 { include ::ceilometer::api + include ::apache::mod::ssl class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index c432fd6..2fd9a65 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -76,6 +76,7 @@ class tripleo::profile::base::cinder::api ( if $step >= 4 or ($step >= 3 and $sync_db) { include ::cinder::api + include ::apache::mod::ssl class { '::cinder::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index ce04abf..4a47184 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -85,6 +85,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 3 { include ::gnocchi::api + include ::apache::mod::ssl class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 8e2da7e..79eb77e 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -65,6 +65,7 @@ class tripleo::profile::base::heat::api ( if $step >= 3 { include ::heat::api + include ::apache::mod::ssl class { '::heat::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index 02eb82a..dad7b76 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cfn ( if $step >= 3 { include ::heat::api_cfn + include ::apache::mod::ssl class { '::heat::wsgi::apache_api_cfn': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 558d247..428bcf2 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cloudwatch ( if $step >= 3 { include ::heat::api_cloudwatch + include ::apache::mod::ssl class { '::heat::wsgi::apache_api_cloudwatch': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 290abee..31f5c93 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -211,6 +211,7 @@ class tripleo::profile::base::keystone ( } include ::keystone::config + include ::apache::mod::ssl class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 95a1721..bdb3007 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -94,6 +94,7 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } if $step >= 4 or ($step >= 3 and $sync_db) { + include ::apache::mod::ssl class { '::nova::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 16bfe17..c78b3c2 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -74,6 +74,7 @@ class tripleo::profile::base::nova::placement ( } if $step >= 3 { + include ::apache::mod::ssl class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 90e80a2..165969f 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -79,6 +79,7 @@ class tripleo::profile::base::panko::api ( class { '::panko::api': sync_db => $sync_db, } + include ::apache::mod::ssl class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index 89a03ad..7fbcd34 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -50,6 +50,7 @@ class tripleo::profile::base::zaqar ( uri => $database_connection, } include ::zaqar::transport::websocket + include ::apache::mod::ssl include ::zaqar::transport::wsgi # TODO (bcrochet): At some point, the transports should be split out to diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml new file mode 100644 index 0000000..92f2360 --- /dev/null +++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + With having package mod_ssl by default installed in images we introduced + issue with mod_ssl package update. In case of SSL not being used or + provided by HAproxy the puppet-apache module by default purges the + ssl.conf file. The package update then recreates the file with default + Listen 443 option. This causes conflict on 443 port during httpd restart. + If we include ::apache::mod::ssl the ssl.conf file will be configured and + the Listen option will be used only if there is vhost set to use SSL. |