summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/profile/base/aodh/api.pp1
-rw-r--r--manifests/profile/base/barbican/api.pp1
-rw-r--r--manifests/profile/base/ceilometer/api.pp1
-rw-r--r--manifests/profile/base/cinder/api.pp1
-rw-r--r--manifests/profile/base/gnocchi/api.pp1
-rw-r--r--manifests/profile/base/heat/api.pp1
-rw-r--r--manifests/profile/base/heat/api_cfn.pp1
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp1
-rw-r--r--manifests/profile/base/keystone.pp1
-rw-r--r--manifests/profile/base/nova/api.pp1
-rw-r--r--manifests/profile/base/nova/placement.pp1
-rw-r--r--manifests/profile/base/panko/api.pp1
-rw-r--r--manifests/profile/base/zaqar.pp1
-rw-r--r--releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml10
14 files changed, 23 insertions, 0 deletions
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 22fc000..5c539fc 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -68,6 +68,7 @@ class tripleo::profile::base::aodh::api (
if $step >= 3 {
include ::aodh::api
+ include ::apache::mod::ssl
class { '::aodh::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
index 71e4ea1..211e442 100644
--- a/manifests/profile/base/barbican/api.pp
+++ b/manifests/profile/base/barbican/api.pp
@@ -158,6 +158,7 @@ class tripleo::profile::base::barbican::api (
include ::barbican::api::logging
include ::barbican::keystone::notification
include ::barbican::quota
+ include ::apache::mod::ssl
class { '::barbican::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 1080355..0176380 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -65,6 +65,7 @@ class tripleo::profile::base::ceilometer::api (
if $step >= 3 {
include ::ceilometer::api
+ include ::apache::mod::ssl
class { '::ceilometer::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp
index c432fd6..2fd9a65 100644
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@@ -76,6 +76,7 @@ class tripleo::profile::base::cinder::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
include ::cinder::api
+ include ::apache::mod::ssl
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp
index ce04abf..4a47184 100644
--- a/manifests/profile/base/gnocchi/api.pp
+++ b/manifests/profile/base/gnocchi/api.pp
@@ -85,6 +85,7 @@ class tripleo::profile::base::gnocchi::api (
if $step >= 3 {
include ::gnocchi::api
+ include ::apache::mod::ssl
class { '::gnocchi::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index 8e2da7e..79eb77e 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -65,6 +65,7 @@ class tripleo::profile::base::heat::api (
if $step >= 3 {
include ::heat::api
+ include ::apache::mod::ssl
class { '::heat::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index 02eb82a..dad7b76 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cfn (
if $step >= 3 {
include ::heat::api_cfn
+ include ::apache::mod::ssl
class { '::heat::wsgi::apache_api_cfn':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 558d247..428bcf2 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
if $step >= 3 {
include ::heat::api_cloudwatch
+ include ::apache::mod::ssl
class { '::heat::wsgi::apache_api_cloudwatch':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 290abee..31f5c93 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -211,6 +211,7 @@ class tripleo::profile::base::keystone (
}
include ::keystone::config
+ include ::apache::mod::ssl
class { '::keystone::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 95a1721..bdb3007 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -94,6 +94,7 @@ class tripleo::profile::base::nova::api (
$tls_keyfile = undef
}
if $step >= 4 or ($step >= 3 and $sync_db) {
+ include ::apache::mod::ssl
class { '::nova::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index 16bfe17..c78b3c2 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -74,6 +74,7 @@ class tripleo::profile::base::nova::placement (
}
if $step >= 3 {
+ include ::apache::mod::ssl
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
index 90e80a2..165969f 100644
--- a/manifests/profile/base/panko/api.pp
+++ b/manifests/profile/base/panko/api.pp
@@ -79,6 +79,7 @@ class tripleo::profile::base::panko::api (
class { '::panko::api':
sync_db => $sync_db,
}
+ include ::apache::mod::ssl
class { '::panko::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index 89a03ad..7fbcd34 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -50,6 +50,7 @@ class tripleo::profile::base::zaqar (
uri => $database_connection,
}
include ::zaqar::transport::websocket
+ include ::apache::mod::ssl
include ::zaqar::transport::wsgi
# TODO (bcrochet): At some point, the transports should be split out to
diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml
new file mode 100644
index 0000000..92f2360
--- /dev/null
+++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+ - |
+ With having package mod_ssl by default installed in images we introduced
+ issue with mod_ssl package update. In case of SSL not being used or
+ provided by HAproxy the puppet-apache module by default purges the
+ ssl.conf file. The package update then recreates the file with default
+ Listen 443 option. This causes conflict on 443 port during httpd restart.
+ If we include ::apache::mod::ssl the ssl.conf file will be configured and
+ the Listen option will be used only if there is vhost set to use SSL.