diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-01 16:10:27 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-18 05:43:20 +0000 |
commit | 1df5f72688d39490822137f5ac92f58ef70f6bc9 (patch) | |
tree | 55e96ab263cdb053f4bde46bbb4e05af05bf141e /puppet/services | |
parent | fc4618593f3b1d21f58ce32c1b1db24e435a38f6 (diff) |
Enable listening on TLS for the internal network for horizon
This sets the flag that tells the horizon manifest to use TLS for the
configuration.
bp tls-via-certmonger
Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/horizon.yaml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset |