Only set apache certificates if TLS everywhere is enabled

The Apache certs were were being set even if TLS everywhere isn't enabled. This fixes that. Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-05-17 12:24:22 +0300
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-05-17 12:26:57 +0300
commit: 30bd4f5189087b2cabc2129da512895011cac88f (patch)
tree: 24f118cace534e847cb56c879021971d99309a4a
parent: e4c07e2ab055481a0e3986122eca499659aebd33 (diff)
1 files changed, 18 insertions, 15 deletions
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index ac371927..f3021060 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -84,21 +84,24 @@ outputs:
             apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
             apache::mod::remoteip::proxy_ips:
               - "%{hiera('apache_remote_proxy_ips_network')}"
-          -
-            generate_service_certificates: true
-            tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
-            tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
-            apache_certificates_specs:
-              map_merge:
-                repeat:
-                  template:
-                    httpd-NETWORK:
-                      service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
-                      service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
-                      hostname: "%{hiera('fqdn_NETWORK')}"
-                      principal: "HTTP/%{hiera('fqdn_NETWORK')}"
-                  for_each:
-                    NETWORK: {get_attr: [ApacheNetworks, value]}
+          - if:
+            - internal_tls_enabled
+            -
+              generate_service_certificates: true
+              tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+              tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
+              apache_certificates_specs:
+                map_merge:
+                  repeat:
+                    template:
+                      httpd-NETWORK:
+                        service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+                        service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
+                        hostname: "%{hiera('fqdn_NETWORK')}"
+                        principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+                    for_each:
+                      NETWORK: {get_attr: [ApacheNetworks, value]}
+            - {}
       metadata_settings:
         if:
           - internal_tls_enabled
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-05-17 12:24:22 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-05-17 12:26:57 +0300
commit	30bd4f5189087b2cabc2129da512895011cac88f (patch)
tree	24f118cace534e847cb56c879021971d99309a4a
parent	e4c07e2ab055481a0e3986122eca499659aebd33 (diff)