summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-09-27 08:59:40 +0000
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-10-20 12:22:51 +0300
commitbf97a0fb636b9af03074b02645c2a4cfcb1b4b5f (patch)
tree65ea116f5950bd7407f2224d2c6377498e8ac913
parenteb114773ace4179e9e3ed74ca40cd5acbef11d38 (diff)
Enable internal TLS for gnocchi
This adds the necessary hieradata for enabling TLS in the internal network for gnocchi. bp tls-via-certmonger Depends-On: Ie983933e062ac6a7f0af4d88b32634e6ce17838b Change-Id: Iad8d4949ada8b8fd52e0d0bd345b6fb1ca65827b
-rw-r--r--puppet/services/gnocchi-api.yaml13
1 files changed, 11 insertions, 2 deletions
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index e3397769..ac15de4f 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -41,6 +41,9 @@ parameters:
default:
tag: openstack.gnocchi.api
path: /var/log/gnocchi/app.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
@@ -57,6 +60,7 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
@@ -83,7 +87,7 @@ outputs:
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::keystone::authtoken::project_name: 'service'
- gnocchi::wsgi::apache::ssl: false
+ gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
gnocchi::wsgi::apache::servername:
str_replace:
template:
@@ -98,7 +102,12 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
- gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+ gnocchi::api::host:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}