diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-08-19 03:13:49 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-08-19 03:13:49 +0000 |
commit | 17e79c8b15d7746ce95f90a0b259481d6bd9302c (patch) | |
tree | 09ca99fb9c19bd28752662dd74156eac2476c0a0 /puppet/services/nova-metadata.yaml | |
parent | 0b7c9a13ef977d50939a9a697c370d2ec26ed4b3 (diff) | |
parent | 33bc901670a952b626d303c91466a593d1310167 (diff) |
Merge "Enable TLS for nova-metadata"
Diffstat (limited to 'puppet/services/nova-metadata.yaml')
-rw-r--r-- | puppet/services/nova-metadata.yaml | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index ca9eed09..3ac5f300 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -34,10 +34,26 @@ parameters: default: 0 description: Number of workers for Nova services. type: number + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + +resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + outputs: role_data: description: Role data for the Nova Metadata service. @@ -45,10 +61,29 @@ outputs: service_name: nova_metadata config_settings: map_merge: - - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - nova::api::metadata_listen: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero - {} - nova::api::metadata_workers: {get_param: NovaWorkers} + - + if: + - use_tls_proxy + - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: + get_param: [ServiceNetMap, NovaMetadataNetwork] + tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - {} step_config: "" + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] |