From d905ed08052ca5dc78b5f7f56f731394f19958ed Mon Sep 17 00:00:00 2001
From: Martin André <m.andre@redhat.com>
Date: Wed, 23 Aug 2017 12:44:42 +0200
Subject: Use TLS proxy for Redis' internal TLS

This uses the tls_proxy resource in front of the Redis server when
internal TLS is enabled.

bp tls-via-certmonger

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit 2d1d7875aa6f0b68005c84189627bc0716a7693f)
---
 manifests/profile/base/aodh/evaluator.pp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'manifests/profile/base/aodh')

diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp
index 1b25b37..9b3462f 100644
--- a/manifests/profile/base/aodh/evaluator.pp
+++ b/manifests/profile/base/aodh/evaluator.pp
@@ -18,20 +18,30 @@
 #
 # === Parameters
 #
+# [*enable_internal_tls*]
+#   (Optional) Whether TLS in the internal network is enabled or not.
+#   Defaults to hiera('enable_internal_tls', false)
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
 #   Defaults to hiera('step')
 #
 class tripleo::profile::base::aodh::evaluator (
-  $step = Integer(hiera('step')),
+  $enable_internal_tls = hiera('enable_internal_tls', false),
+  $step                = Integer(hiera('step')),
 ) {
 
   include ::tripleo::profile::base::aodh
+  if $enable_internal_tls {
+    $tls_query_param = '?ssl=true'
+  } else {
+    $tls_query_param = ''
+  }
 
   if $step >= 4 {
     class { '::aodh::evaluator':
-      coordination_url => join(['redis://:', hiera('aodh_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']),
+      coordination_url => join(['redis://:', hiera('aodh_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/', $tls_query_param]),
     }
   }
 
-- 
cgit 1.2.3-korg