Enable internal TLS for ceilometer

This adds the necessary hieradata for enabling TLS in the internal
network for ceilometer.

bp tls-via-certmonger

Depends-On: Ib5609f77a31b17ed12baea419ecfab5d5f676496
Change-Id: I3eb34efbc8489b23269f97f762d4a3d0fa69f666

1 files changed, 11 insertions, 3 deletions

diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index 27c32bfd..97b255a9 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -26,7 +26,9 @@ parameters:
     default:
       tag: openstack.ceilometer.api
       path: /var/log/ceilometer/api.log
-
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 resources:
   CeilometerServiceBase:
@@ -42,6 +44,7 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
   role_data:
@@ -69,9 +72,14 @@ outputs:
             # internal_api_subnet - > IP/CIDR
           - ceilometer::api::service_name: 'httpd'
             ceilometer::api::enable_proxy_headers_parsing: true
-            ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+            ceilometer::api::host:
+              str_replace:
+                template:
+                  '"%{::fqdn_$NETWORK}"'
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
             ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
-            ceilometer::wsgi::apache::ssl: false
+            ceilometer::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             ceilometer::wsgi::apache::servername:
               str_replace:
                 template: