diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-04-21 09:17:59 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-04-21 09:17:59 +0000 |
| commit | 63bd7483196808d028b2e35d9cc4e4e1609969da (patch) | |
| tree | 1104d99e8c9b702cfd1e419f1215eb8929c7dbd1 /docker/services | |
| parent | fc8c51d5d50b2e33bc561b07b4a00b9651c6436a (diff) | |
| parent | 2fda963fc73c17693669898fcd3ea3a94c1bf841 (diff) | |
Merge "containers: TLS in the internal network for telemetry services"
Diffstat (limited to 'docker/services')
| -rw-r--r-- | docker/services/aodh-api.yaml | 19 | ||||
| -rw-r--r-- | docker/services/gnocchi-api.yaml | 19 | ||||
| -rw-r--r-- | docker/services/panko-api.yaml | 19 |
3 files changed, 57 insertions, 0 deletions
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 3181fad7..9480ce84 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -26,6 +26,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -104,9 +111,21 @@ outputs: - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/aodh/var/www/:/var/www/:ro - logs:/var/log + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable aodh service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [AodhApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 1c61fa3e..6cddcd54 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -26,6 +26,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -103,9 +110,21 @@ outputs: - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable httpd service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 61bdf7ac..e87bb570 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -26,6 +26,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -104,5 +111,17 @@ outputs: - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/panko/var/www/:/var/www/:ro + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [PankoApiPuppetBase, role_data, metadata_settings] |