diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-01-25 20:49:40 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-01-25 20:49:40 +0000 |
| commit | 74a97cb69a7822b620eb35527f5a1a48d94d7221 (patch) | |
| tree | 1c27ffd5562faaf4119774c46b7dc6254ca41ad8 /puppet/services/apache-internal-tls-certmonger.yaml | |
| parent | f81ab70a585b5c6c0e52cbbfc654873d00722fb9 (diff) | |
| parent | 80086fd342032ec448a84ecf7c5dbe98d381450a (diff) | |
Merge "Add metadata settings for needed kerberos principals"
Diffstat (limited to 'puppet/services/apache-internal-tls-certmonger.yaml')
| -rw-r--r-- | puppet/services/apache-internal-tls-certmonger.yaml | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 07ec1b3c..97d6ff8e 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -21,6 +21,22 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + + ApacheNetworks: + type: OS::Heat::Value + properties: + value: + # NOTE(jaosorior) Get unique network names to create + # certificates for those. We skip the tenant network since + # we don't need a certificate for that, and the external + # network will be handled in another template. + yaql: + expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant) + data: + map: + get_param: ServiceNetMap + outputs: role_data: description: Role data for the Apache role. @@ -38,13 +54,12 @@ outputs: hostname: "%{hiera('fqdn_NETWORK')}" principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: - NETWORK: - # NOTE(jaosorior) Get unique network names to create - # certificates for those. We skip the tenant network since - # we don't need a certificate for that, and the external - # network will be handled in another template. - yaql: - expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant) - data: - map: - get_param: ServiceNetMap + NETWORK: {get_attr: [ApacheNetworks, value]} + metadata_settings: + repeat: + template: + - service: HTTP + network: $NETWORK + type: node + for_each: + $NETWORK: {get_attr: [ApacheNetworks, value]} |