summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-01-27 19:22:15 +0000
committerGerrit Code Review <review@openstack.org>2017-01-27 19:22:15 +0000
commit2fe6bc760e06b44dca215a4b5eec6a03ac8b2784 (patch)
tree51aa345216df3481d55cdd79061a29cb0ffb7bf2 /puppet/services
parent61fd803c9a820a335c0e15c73dba19f49270a790 (diff)
parent12b0d72be682f1e6cc9e7b9a3b842a05aed1dd81 (diff)
Merge "Pass parameters for TLS proxy in front of neutron server"
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/neutron-api.yaml33
1 files changed, 32 insertions, 1 deletions
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 37368c8b..65fa0d8f 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -71,6 +71,9 @@ parameters:
removed in Ocata. Future releases will enable L3 HA by default if it is
appropriate for the deployment type. Alternate mechanisms will be
available to override.
+ EnableInternalTLS:
+ type: boolean
+ default: false
parameter_groups:
- label: deprecated
@@ -82,8 +85,19 @@ parameter_groups:
parameters:
- NeutronL3HA
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+
resources:
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
NeutronBase:
type: ./neutron-base.yaml
properties:
@@ -103,6 +117,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
+ - get_attr: [TLSProxyBase, role_data, config_settings]
- neutron::server::database_connection:
list_join:
- ''
@@ -140,7 +155,23 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, NeutronApiNetwork]
+ tripleo::profile::base::neutron::server::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ tripleo::profile::base::neutron::server::tls_proxy_port:
+ get_param: [EndpointMap, NeutronInternal, port]
+ # Bind to localhost if internal TLS is enabled, since we put a TLS
+ # proxy in front.
+ neutron::bind_host:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
step_config: |
include tripleo::profile::base::neutron::server