aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-01 16:10:27 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-18 05:43:20 +0000
commit1df5f72688d39490822137f5ac92f58ef70f6bc9 (patch)
tree55e96ab263cdb053f4bde46bbb4e05af05bf141e /puppet/services
parentfc4618593f3b1d21f58ce32c1b1db24e435a38f6 (diff)
Enable listening on TLS for the internal network for horizon
This sets the flag that tells the horizon manifest to use TLS for the configuration. bp tls-via-certmonger Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/horizon.yaml16
1 files changed, 16 insertions, 0 deletions
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 63ab92eb..642a0f09 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -67,6 +67,14 @@ parameters:
MonitoringSubscriptionHorizon:
default: 'overcloud-horizon'
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -109,6 +117,14 @@ outputs:
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
+ horizon::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::listen_ssl: {get_param: EnableInternalTLS}
+ horizon::horizon_ca: {get_param: InternalTLSCAFile}
-
if:
- debug_unset