summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/heat
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile/base/heat')
-rw-r--r--manifests/profile/base/heat/api.pp16
-rw-r--r--manifests/profile/base/heat/api_cfn.pp16
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp16
3 files changed, 6 insertions, 42 deletions
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index 9ffba9c..79eb77e 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -34,14 +34,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
-# [*generate_service_certificates*]
-# (Optional) Whether or not certmonger will generate certificates for
-# HAProxy. This could be as many as specified by the $certificates_specs
-# variable.
-# Note that this doesn't configure the certificates in haproxy, it merely
-# creates the certificates.
-# Defaults to hiera('generate_service_certificate', false).
-#
# [*heat_api_network*]
# (Optional) The network name where the heat API endpoint is listening on.
# This is set by t-h-t.
@@ -55,17 +47,12 @@
class tripleo::profile::base::heat::api (
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
- $generate_service_certificates = hiera('generate_service_certificates', false),
$heat_api_network = hiera('heat_api_network', undef),
$step = hiera('step'),
) {
include ::tripleo::profile::base::heat
if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
if !$heat_api_network {
fail('heat_api_network is not set in the hieradata.')
}
@@ -76,8 +63,9 @@ class tripleo::profile::base::heat::api (
$tls_keyfile = undef
}
- if $step >= 4 {
+ if $step >= 3 {
include ::heat::api
+ include ::apache::mod::ssl
class { '::heat::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index 987d3b2..dad7b76 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -34,14 +34,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
-# [*generate_service_certificates*]
-# (Optional) Whether or not certmonger will generate certificates for
-# HAProxy. This could be as many as specified by the $certificates_specs
-# variable.
-# Note that this doesn't configure the certificates in haproxy, it merely
-# creates the certificates.
-# Defaults to hiera('generate_service_certificate', false).
-#
# [*heat_api_cfn_network*]
# (Optional) The network name where the heat cfn endpoint is listening on.
# This is set by t-h-t.
@@ -55,17 +47,12 @@
class tripleo::profile::base::heat::api_cfn (
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
- $generate_service_certificates = hiera('generate_service_certificates', false),
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
$step = hiera('step'),
) {
include ::tripleo::profile::base::heat
if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
if !$heat_api_cfn_network {
fail('heat_api_cfn_network is not set in the hieradata.')
}
@@ -76,9 +63,10 @@ class tripleo::profile::base::heat::api_cfn (
$tls_keyfile = undef
}
- if $step >= 4 {
+ if $step >= 3 {
include ::heat::api_cfn
+ include ::apache::mod::ssl
class { '::heat::wsgi::apache_api_cfn':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 4dd2607..428bcf2 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -34,14 +34,6 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
-# [*generate_service_certificates*]
-# (Optional) Whether or not certmonger will generate certificates for
-# HAProxy. This could be as many as specified by the $certificates_specs
-# variable.
-# Note that this doesn't configure the certificates in haproxy, it merely
-# creates the certificates.
-# Defaults to hiera('generate_service_certificate', false).
-#
# [*heat_api_cloudwatch_network*]
# (Optional) The network name where the heat cloudwatch endpoint is listening
# on. This is set by t-h-t.
@@ -55,17 +47,12 @@
class tripleo::profile::base::heat::api_cloudwatch (
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
- $generate_service_certificates = hiera('generate_service_certificates', false),
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
$step = hiera('step'),
) {
include ::tripleo::profile::base::heat
if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
if !$heat_api_cloudwatch_network {
fail('heat_api_cloudwatch_network is not set in the hieradata.')
}
@@ -76,9 +63,10 @@ class tripleo::profile::base::heat::api_cloudwatch (
$tls_keyfile = undef
}
- if $step >= 4 {
+ if $step >= 3 {
include ::heat::api_cloudwatch
+ include ::apache::mod::ssl
class { '::heat::wsgi::apache_api_cloudwatch':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,