From 20b2a54e7961c15a35cf326e2b60cc3ef2dd2020 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Thu, 8 Dec 2016 13:15:03 +0200 Subject: Clean TLS proxy-related setup for glance api profile Since the commit this depends on sets it up via hieradata, the conditions here are no longer needed. bp tls-via-certmonger Change-Id: I66956f0b85e8e3bf1ab9562221d51d51c230b88e Depends-On: I693213a1f35021b540202240e512d121cc1cd0eb --- manifests/profile/base/glance/api.pp | 40 ++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 11 deletions(-) (limited to 'manifests') diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp index 6134a87..e5807f6 100644 --- a/manifests/profile/base/glance/api.pp +++ b/manifests/profile/base/glance/api.pp @@ -72,6 +72,21 @@ # IP port for rabbitmq service # Defaults to hiera('glance::notify::rabbitmq::rabbit_port', 5672) # +# [*tls_proxy_bind_ip*] +# IP on which the TLS proxy will listen on. Required only if +# enable_internal_tls is set. +# Defaults to undef +# +# [*tls_proxy_fqdn*] +# fqdn on which the tls proxy will listen on. required only used if +# enable_internal_tls is set. +# defaults to undef +# +# [*tls_proxy_port*] +# port on which the tls proxy will listen on. Only used if +# enable_internal_tls is set. +# defaults to 9292 +# class tripleo::profile::base::glance::api ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), @@ -83,6 +98,9 @@ class tripleo::profile::base::glance::api ( $step = hiera('step'), $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672), + $tls_proxy_bind_ip = undef, + $tls_proxy_fqdn = undef, + $tls_proxy_port = 9292, ) { if $enable_internal_tls and $generate_service_certificates { ensure_resources('tripleo::certmonger::httpd', $certificates_specs) @@ -103,22 +121,23 @@ class tripleo::profile::base::glance::api ( if !$glance_network { fail('glance_api_network is not set in the hieradata.') } + if !$tls_proxy_bind_ip { + fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.') + } + if !$tls_proxy_fqdn { + fail('tls_proxy_fqdn is required if internal TLS is enabled.') + } $tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate'] $tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key'] ::tripleo::tls_proxy { 'glance-api': - servername => hiera("fqdn_${glance_network}"), - ip => hiera('glance::api::bind_host'), - port => hiera('glance::api::bind_port'), + servername => $tls_proxy_fqdn, + ip => $tls_proxy_bind_ip, + port => $tls_proxy_port, tls_cert => $tls_certfile, tls_key => $tls_keyfile, notify => Class['::glance::api'], } - # TODO(jaosorior): Remove this when we pass it via t-h-t - $bind_host = 'localhost' - } else { - # TODO(jaosorior): Remove this when we pass it via t-h-t - $bind_host = hiera('glance::api::bind_host') } case $glance_backend { 'swift': { $backend_store = 'glance.store.swift.Store' } @@ -134,9 +153,8 @@ class tripleo::profile::base::glance::api ( include ::glance::config # TODO(jaosorior): Remove bind_host when we set it up conditionally in t-h-t class { '::glance::api': - bind_host => $bind_host, - stores => $glance_store, - sync_db => $sync_db, + stores => $glance_store, + sync_db => $sync_db, } $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::glance::notify::rabbitmq' : -- cgit 1.2.3-korg