diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-05-22 07:56:00 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-05-22 07:56:01 +0000 |
commit | 14276d79afe5b63f473dae95dceb820290eaf2cb (patch) | |
tree | fd5d5d02bd15a2b5472a910a249999fccda5cbce /puppet | |
parent | 0900c884281dc73dd3eccbb9ae9ea58efe5487ba (diff) | |
parent | b743b82815e1ed247ffc125af5761525f3c12cb0 (diff) |
Merge "TLS everywhere: configure mongodb's TLS settings"
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/services/database/mongodb.yaml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 5bd621d2..968d4355 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -40,6 +40,13 @@ parameters: format: >- /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4}) (?<message>.*)$/ + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: MongoDbBase: @@ -79,6 +86,28 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]} + - + if: + - internal_tls_enabled + - + generate_service_certificates: true + mongodb::server::ssl: true + mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem' + mongodb_certificate_specs: + service_pem: '/etc/pki/tls/certs/mongodb.pem' + service_certificate: '/etc/pki/tls/certs/mongodb.crt' + service_key: '/etc/pki/tls/private/mongodb.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]} + principal: + str_replace: + template: "mongodb/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]} + - {} step_config: | include ::tripleo::profile::base::database::mongodb upgrade_tasks: @@ -88,3 +117,11 @@ outputs: - name: Start mongodb service tags: step4 service: name=mongod state=started + metadata_settings: + if: + - internal_tls_enabled + - + - service: mongodb + network: {get_param: [ServiceNetMap, MongodbNetwork]} + type: node + - null |