summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-05-18 13:19:27 +0000
committerGerrit Code Review <review@openstack.org>2017-05-18 13:19:27 +0000
commitd0696b9a9b3685f8215c97111814d6f00932ca57 (patch)
tree228aaff11e104513582de8d08fe139f87067c8fc /puppet
parent8a099a91c250511ed3278e2c3548138a881ba689 (diff)
parent6bb2d9e5f82c57d708bff1d3c2bfb0c18dcec1d3 (diff)
Merge "TLS-everywhere: Configure CA for apache"
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/apache.yaml6
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index f3021060..12ecc7b5 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -38,6 +38,11 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -88,6 +93,7 @@ outputs:
- internal_tls_enabled
-
generate_service_certificates: true
+ apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
apache_certificates_specs: