diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-01-27 19:22:15 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-01-27 19:22:15 +0000 |
commit | 2fe6bc760e06b44dca215a4b5eec6a03ac8b2784 (patch) | |
tree | 51aa345216df3481d55cdd79061a29cb0ffb7bf2 /puppet/services | |
parent | 61fd803c9a820a335c0e15c73dba19f49270a790 (diff) | |
parent | 12b0d72be682f1e6cc9e7b9a3b842a05aed1dd81 (diff) |
Merge "Pass parameters for TLS proxy in front of neutron server"
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/neutron-api.yaml | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 37368c8b..65fa0d8f 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -71,6 +71,9 @@ parameters: removed in Ocata. Future releases will enable L3 HA by default if it is appropriate for the deployment type. Alternate mechanisms will be available to override. + EnableInternalTLS: + type: boolean + default: false parameter_groups: - label: deprecated @@ -82,8 +85,19 @@ parameter_groups: parameters: - NeutronL3HA +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + resources: + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + NeutronBase: type: ./neutron-base.yaml properties: @@ -103,6 +117,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] + - get_attr: [TLSProxyBase, role_data, config_settings] - neutron::server::database_connection: list_join: - '' @@ -140,7 +155,23 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::tls_proxy_bind_ip: + get_param: [ServiceNetMap, NeutronApiNetwork] + tripleo::profile::base::neutron::server::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::tls_proxy_port: + get_param: [EndpointMap, NeutronInternal, port] + # Bind to localhost if internal TLS is enabled, since we put a TLS + # proxy in front. + neutron::bind_host: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NeutronApiNetwork]} tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} step_config: | include tripleo::profile::base::neutron::server |