diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-09-26 15:34:10 +0000 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-10-20 12:22:42 +0300 |
| commit | debbfbbf8fe8702fd3202f75e049496ee9bb3ddf (patch) | |
| tree | 1f9fa5dff8468427fbac54ef35bb80a2377f4eb9 /overcloud-resource-registry-puppet.j2.yaml | |
| parent | 81aa47d3143bf58cffdb0bd9fbacfd0e05e195e4 (diff) | |
Generate internal TLS hieradata for apache services
This adds an environment file that can be used to enable TLS in
the internal endpoints via certmonger if used. This will include
a nested stack that will create the hash that will be used to
create the certmonger certificates.
When setting up a service over apache via puppet, we used to disable
explicitly ssl (which sets modd_ssl-related fields for that vhost).
We now make this depend on the EnableInternalTLS flag. This has only
been done for keystone, but more services will be added as the
puppet code lands
bp tls-via-certmonger
Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039
Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
Diffstat (limited to 'overcloud-resource-registry-puppet.j2.yaml')
| -rw-r--r-- | overcloud-resource-registry-puppet.j2.yaml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 218cd2d3..9b9cd581 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -99,6 +99,7 @@ resource_registry: # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml + OS::TripleO::Services::ApacheTLS: OS::Heat::None OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephRgw: OS::Heat::None |