summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-07-28 15:46:58 +0000
committerGerrit Code Review <review@openstack.org>2017-07-28 15:46:58 +0000
commit9e74d2d0acdc44e90c3be7a907d194d6102a830c (patch)
tree83d112d20efc5a5c1f51fec4595e1549c15116e4
parent19e89d8d6e2c39c4b98edfba33613607e28e38ee (diff)
parent03af5f8f4d01fe40253b355252e05548d5f50777 (diff)
Merge "Enable Zaqar API SSL"
-rw-r--r--docker/services/zaqar.yaml17
-rw-r--r--puppet/services/zaqar.yaml4
2 files changed, 20 insertions, 1 deletions
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 061a4a70..df57ad6a 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -40,9 +40,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
+ internal_tls_enabled: {get_param: EnableInternalTLS}
resources:
@@ -58,6 +62,7 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
@@ -137,6 +142,16 @@ outputs:
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
zaqar_websocket:
@@ -162,3 +177,5 @@ outputs:
- name: Stop and disable zaqar service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [ZaqarBase, role_data, metadata_settings]
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 21857423..4a1ad179 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -105,7 +105,7 @@ outputs:
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
- zaqar::wsgi::apache::ssl: false
+ zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::unreliable: true
@@ -178,6 +178,8 @@ outputs:
- {}
step_config: |
include ::tripleo::profile::base::zaqar
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
yaql:
expression: $.data.apache_upgrade + $.data.zaqar_upgrade