aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/loadbalancer.pp277
1 files changed, 64 insertions, 213 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index d5267bd..0b9fd5e 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -117,7 +117,6 @@
# [*service_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the public API endpoints using the specified file.
-# Any service-specific certificates take precedence over this one.
# Defaults to undef
#
# [*ssl_cipher_suite*]
@@ -130,80 +129,6 @@
# String that sets the default ssl options to force on all "bind" lines.
# Defaults to 'no-sslv3'
#
-# [*keystone_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Keystone public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*neutron_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Neutron public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*cinder_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Cinder public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*manila_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Manila public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*glance_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Glance public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*nova_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Nova public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*ceilometer_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Ceilometer public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*aodh_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Aodh public API endpoint using the specified file.
-#
-# [*sahara_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Sahara public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*trove_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Trove public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*gnocchi_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Gnocchi public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*swift_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Swift public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*heat_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Heat public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*horizon_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Horizon public API endpoint using the specified file.
-# Defaults to undef
-#
-# [*ironic_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the Ironic public API endpoint using the specified file.
-# Defaults to undef
-#
# [*haproxy_stats_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the haproxy stats endpoint using the specified file.
@@ -325,6 +250,8 @@
# [*service_ports*]
# (optional) Hash that contains the values to override from the service ports
# The available keys to modify the services' ports are:
+# 'aodh_api_port' (Defaults to 8042)
+# 'aodh_api_ssl_port' (Defaults to 13042)
# 'ceilometer_api_port' (Defaults to 8777)
# 'ceilometer_api_ssl_port' (Defaults to 13777)
# 'cinder_api_port' (Defaults to 8776)
@@ -332,6 +259,8 @@
# 'glance_api_port' (Defaults to 9292)
# 'glance_api_ssl_port' (Defaults to 13292)
# 'glance_registry_port' (Defaults to 9191)
+# 'gnocchi_api_port' (Defaults to 8041)
+# 'gnocchi_api_ssl_port' (Defaults to 13041)
# 'heat_api_port' (Defaults to 8004)
# 'heat_api_ssl_port' (Defaults to 13004)
# 'heat_cfn_port' (Defaults to 8000)
@@ -355,8 +284,12 @@
# 'nova_metadata_port' (Defaults to 8775)
# 'nova_novnc_port' (Defaults to 6080)
# 'nova_novnc_ssl_port' (Defaults to 13080)
+# 'sahara_api_port' (Defaults to 8386)
+# 'sahara_api_ssl_port' (Defaults to 13779)
# 'swift_proxy_port' (Defaults to 8080)
# 'swift_proxy_ssl_port' (Defaults to 13808)
+# 'trove_api_port' (Defaults to 8779)
+# 'trove_api_ssl_port' (Defaults to 13779)
# Defaults to {}
#
class tripleo::loadbalancer (
@@ -383,21 +316,6 @@ class tripleo::loadbalancer (
$service_certificate = undef,
$ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES',
$ssl_options = 'no-sslv3',
- $keystone_certificate = undef,
- $neutron_certificate = undef,
- $cinder_certificate = undef,
- $sahara_certificate = undef,
- $trove_certificate = undef,
- $manila_certificate = undef,
- $glance_certificate = undef,
- $nova_certificate = undef,
- $ceilometer_certificate = undef,
- $aodh_certificate = undef,
- $gnocchi_certificate = undef,
- $swift_certificate = undef,
- $heat_certificate = undef,
- $horizon_certificate = undef,
- $ironic_certificate = undef,
$haproxy_stats_certificate = undef,
$keystone_admin = false,
$keystone_public = false,
@@ -430,6 +348,8 @@ class tripleo::loadbalancer (
$service_ports = {}
) {
$default_service_ports = {
+ aodh_api_port => 8042,
+ aodh_api_ssl_port => 13042,
ceilometer_api_port => 8777,
ceilometer_api_ssl_port => 13777,
cinder_api_port => 8776,
@@ -437,6 +357,8 @@ class tripleo::loadbalancer (
glance_api_port => 9292,
glance_api_ssl_port => 13292,
glance_registry_port => 9191,
+ gnocchi_api_port => 8041,
+ gnocchi_api_ssl_port => 13041,
heat_api_port => 8004,
heat_api_ssl_port => 13004,
heat_cfn_port => 8000,
@@ -460,8 +382,12 @@ class tripleo::loadbalancer (
nova_metadata_port => 8775,
nova_novnc_port => 6080,
nova_novnc_ssl_port => 13080,
+ sahara_api_port => 8386,
+ sahara_api_ssl_port => 13786,
swift_proxy_port => 8080,
swift_proxy_ssl_port => 13808,
+ trove_api_port => 8779,
+ trove_api_ssl_port => 13779,
}
$ports = merge($default_service_ports, $service_ports)
@@ -561,81 +487,6 @@ class tripleo::loadbalancer (
}
- if $keystone_certificate {
- $keystone_bind_certificate = $keystone_certificate
- } else {
- $keystone_bind_certificate = $service_certificate
- }
- if $neutron_certificate {
- $neutron_bind_certificate = $neutron_certificate
- } else {
- $neutron_bind_certificate = $service_certificate
- }
- if $cinder_certificate {
- $cinder_bind_certificate = $cinder_certificate
- } else {
- $cinder_bind_certificate = $service_certificate
- }
- if $sahara_certificate {
- $sahara_bind_certificate = $sahara_certificate
- } else {
- $sahara_bind_certificate = $service_certificate
- }
- if $trove_certificate {
- $trove_bind_certificate = $trove_certificate
- } else {
- $trove_bind_certificate = $trove_certificate
- }
- if $manila_certificate {
- $manila_bind_certificate = $manila_certificate
- } else {
- $manila_bind_certificate = $service_certificate
- }
- if $glance_certificate {
- $glance_bind_certificate = $glance_certificate
- } else {
- $glance_bind_certificate = $service_certificate
- }
- if $nova_certificate {
- $nova_bind_certificate = $nova_certificate
- } else {
- $nova_bind_certificate = $service_certificate
- }
- if $ceilometer_certificate {
- $ceilometer_bind_certificate = $ceilometer_certificate
- } else {
- $ceilometer_bind_certificate = $service_certificate
- }
- if $aodh_certificate {
- $aodh_bind_certificate = $aodh_certificate
- } else {
- $aodh_bind_certificate = $service_certificate
- }
- if $gnocchi_certificate {
- $gnocchi_bind_certificate = $gnocchi_certificate
- } else {
- $gnocchi_bind_certificate = $service_certificate
- }
- if $swift_certificate {
- $swift_bind_certificate = $swift_certificate
- } else {
- $swift_bind_certificate = $service_certificate
- }
- if $heat_certificate {
- $heat_bind_certificate = $heat_certificate
- } else {
- $heat_bind_certificate = $service_certificate
- }
- if $horizon_certificate {
- $horizon_bind_certificate = $horizon_certificate
- } else {
- $horizon_bind_certificate = $service_certificate
- }
- if $ironic_certificate {
- $ironic_bind_certificate = $ironic_certificate
- } else {
- $ironic_bind_certificate = $service_certificate
- }
# TODO(bnemec): When we have support for SSL on private and admin endpoints,
# have the haproxy stats endpoint use that certificate by default.
if $haproxy_stats_certificate {
@@ -644,14 +495,14 @@ class tripleo::loadbalancer (
$keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip)
$keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip)
- if $keystone_bind_certificate {
+ if $service_certificate {
$keystone_public_bind_opts = {
"${keystone_public_api_vip}:${ports[keystone_public_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[keystone_public_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $keystone_bind_certificate]),
+ "${public_virtual_ip}:${ports[keystone_public_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$keystone_admin_bind_opts = {
"${keystone_admin_api_vip}:${ports[keystone_admin_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[keystone_admin_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $keystone_bind_certificate]),
+ "${public_virtual_ip}:${ports[keystone_admin_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$keystone_public_bind_opts = {
@@ -665,10 +516,10 @@ class tripleo::loadbalancer (
}
$neutron_api_vip = hiera('neutron_api_vip', $controller_virtual_ip)
- if $neutron_bind_certificate {
+ if $service_certificate {
$neutron_bind_opts = {
"${neutron_api_vip}:${ports[neutron_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[neutron_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $neutron_bind_certificate]),
+ "${public_virtual_ip}:${ports[neutron_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$neutron_bind_opts = {
@@ -678,10 +529,10 @@ class tripleo::loadbalancer (
}
$cinder_api_vip = hiera('cinder_api_vip', $controller_virtual_ip)
- if $cinder_bind_certificate {
+ if $service_certificate {
$cinder_bind_opts = {
"${cinder_api_vip}:${ports[cinder_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[cinder_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $cinder_bind_certificate]),
+ "${public_virtual_ip}:${ports[cinder_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$cinder_bind_opts = {
@@ -691,10 +542,10 @@ class tripleo::loadbalancer (
}
$manila_api_vip = hiera('manila_api_vip', $controller_virtual_ip)
- if $manila_bind_certificate {
+ if $service_certificate {
$manila_bind_opts = {
"${manila_api_vip}:${ports[manila_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[manila_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $manila_bind_certificate]),
+ "${public_virtual_ip}:${ports[manila_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$manila_bind_opts = {
@@ -704,10 +555,10 @@ class tripleo::loadbalancer (
}
$glance_api_vip = hiera('glance_api_vip', $controller_virtual_ip)
- if $glance_bind_certificate {
+ if $service_certificate {
$glance_bind_opts = {
"${glance_api_vip}:${ports[glance_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[glance_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $glance_bind_certificate]),
+ "${public_virtual_ip}:${ports[glance_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$glance_bind_opts = {
@@ -722,44 +573,44 @@ class tripleo::loadbalancer (
}
$sahara_api_vip = hiera('sahara_api_vip', $controller_virtual_ip)
- if $sahara_bind_certificate {
+ if $service_certificate {
$sahara_bind_opts = {
- "${sahara_api_vip}:8386" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:13786" => union($haproxy_listen_bind_param, ['ssl', 'crt', $sahara_bind_certificate]),
+ "${sahara_api_vip}:${ports[sahara_api_port]}" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:${ports[sahara_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$sahara_bind_opts = {
- "${sahara_api_vip}:8386" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:8386" => $haproxy_listen_bind_param,
+ "${sahara_api_vip}:${ports[sahara_api_port]}" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:${ports[sahara_api_port]}" => $haproxy_listen_bind_param,
}
}
$trove_api_vip = hiera('$trove_api_vip', $controller_virtual_ip)
- if $trove_bind_certificate {
+ if $service_certificate {
$trove_bind_opts = {
- "${trove_api_vip}:8779" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:13779" => union($haproxy_listen_bind_param, ['ssl', 'crt', $trove_bind_certificate]),
+ "${trove_api_vip}:${ports[trove_api_port]}" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:${ports[trove_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$trove_bind_opts = {
- "${trove_api_vip}:8779" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:8779" => $haproxy_listen_bind_param,
+ "${trove_api_vip}:${ports[trove_api_port]}" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:${ports[trove_api_port]}" => $haproxy_listen_bind_param,
}
}
$nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip)
- if $nova_bind_certificate {
+ if $service_certificate {
$nova_osapi_bind_opts = {
"${nova_api_vip}:${ports[nova_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[nova_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $nova_bind_certificate]),
+ "${public_virtual_ip}:${ports[nova_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$nova_ec2_bind_opts = {
"${nova_api_vip}:${ports[nova_ec2_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[nova_ec2_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $nova_bind_certificate]),
+ "${public_virtual_ip}:${ports[nova_ec2_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$nova_novnc_bind_opts = {
"${nova_api_vip}:${ports[nova_novnc_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[nova_novnc_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $nova_bind_certificate]),
+ "${public_virtual_ip}:${ports[nova_novnc_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$nova_osapi_bind_opts = {
@@ -782,10 +633,10 @@ class tripleo::loadbalancer (
}
$ceilometer_api_vip = hiera('ceilometer_api_vip', $controller_virtual_ip)
- if $ceilometer_bind_certificate {
+ if $service_certificate {
$ceilometer_bind_opts = {
"${ceilometer_api_vip}:${ports[ceilometer_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[ceilometer_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $ceilometer_bind_certificate]),
+ "${public_virtual_ip}:${ports[ceilometer_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$ceilometer_bind_opts = {
@@ -795,36 +646,36 @@ class tripleo::loadbalancer (
}
$aodh_api_vip = hiera('aodh_api_vip', $controller_virtual_ip)
- if $aodh_bind_certificate {
+ if $service_certificate {
$aodh_bind_opts = {
- "${aodh_api_vip}:8042" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:13042" => union($haproxy_listen_bind_param, ['ssl', 'crt', $aodh_bind_certificate]),
+ "${aodh_api_vip}:${ports[aodh_api_port]}" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:${ports[aodh_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$aodh_bind_opts = {
- "${aodh_api_vip}:8042" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:8042" => $haproxy_listen_bind_param,
+ "${aodh_api_vip}:${ports[aodh_api_port]}" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:${ports[aodh_api_port]}" => $haproxy_listen_bind_param,
}
}
$gnocchi_api_vip = hiera('gnocchi_api_vip', $controller_virtual_ip)
- if $gnocchi_bind_certificate {
+ if $service_certificate {
$gnocchi_bind_opts = {
- "${gnocchi_api_vip}:8041" => [],
- "${public_virtual_ip}:13041" => ['ssl', 'crt', $gnocchi_bind_certificate],
+ "${gnocchi_api_vip}:${ports[gnocchi_api_port]}" => [],
+ "${public_virtual_ip}:${ports[gnocchi_api_ssl_port]}" => ['ssl', 'crt', $service_certificate],
}
} else {
$gnocchi_bind_opts = {
- "${gnocchi_api_vip}:8041" => [],
- "${public_virtual_ip}:8041" => [],
+ "${gnocchi_api_vip}:${ports[gnocchi_api_port]}" => [],
+ "${public_virtual_ip}:${ports[gnocchi_api_port]}" => [],
}
}
$swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip)
- if $swift_bind_certificate {
+ if $service_certificate {
$swift_bind_opts = {
"${swift_proxy_vip}:${ports[swift_proxy_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[swift_proxy_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $swift_bind_certificate]),
+ "${public_virtual_ip}:${ports[swift_proxy_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$swift_bind_opts = {
@@ -838,10 +689,10 @@ class tripleo::loadbalancer (
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
'set-header X-Forwarded-Proto http if !{ ssl_fc }']}
- if $heat_bind_certificate {
+ if $service_certificate {
$heat_bind_opts = {
"${heat_api_vip}:${ports[heat_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[heat_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $heat_bind_certificate]),
+ "${public_virtual_ip}:${ports[heat_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$heat_ssl_options = {
'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1",
@@ -849,11 +700,11 @@ class tripleo::loadbalancer (
$heat_options = merge($heat_base_options, $heat_ssl_options)
$heat_cw_bind_opts = {
"${heat_api_vip}:${ports[heat_cw_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[heat_cw_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $heat_bind_certificate]),
+ "${public_virtual_ip}:${ports[heat_cw_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$heat_cfn_bind_opts = {
"${heat_api_vip}:${ports[heat_cfn_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[heat_cfn_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $heat_bind_certificate]),
+ "${public_virtual_ip}:${ports[heat_cfn_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$heat_bind_opts = {
@@ -872,7 +723,7 @@ class tripleo::loadbalancer (
}
$horizon_vip = hiera('horizon_vip', $controller_virtual_ip)
- if $horizon_bind_certificate {
+ if $service_certificate {
# NOTE(jaosorior): If the horizon_vip and the public_virtual_ip are the
# same, the first option takes precedence. Which is the case when network
# isolation is not enabled. This is not a problem as both options are
@@ -883,9 +734,9 @@ class tripleo::loadbalancer (
# redirect to https in the horizon_options below.
$horizon_bind_opts = {
"${horizon_vip}:80" => $haproxy_listen_bind_param,
- "${horizon_vip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $horizon_bind_certificate]),
+ "${horizon_vip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
"${public_virtual_ip}:80" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $horizon_bind_certificate]),
+ "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$horizon_options = {
'cookie' => 'SERVERID insert indirect nocache',
@@ -904,10 +755,10 @@ class tripleo::loadbalancer (
}
$ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip)
- if $ironic_bind_certificate {
+ if $service_certificate {
$ironic_bind_opts = {
"${ironic_api_vip}:${ports[ironic_api_port]}" => $haproxy_listen_bind_param,
- "${public_virtual_ip}:${ports[ironic_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $ironic_bind_certificate]),
+ "${public_virtual_ip}:${ports[ironic_api_ssl_port]}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
} else {
$ironic_bind_opts = {