diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-05-17 15:37:49 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-05-17 15:37:49 +0000 |
commit | 1324f2f1c965a0ddf6a71c2075547b90b45306ba (patch) | |
tree | 3f2f258cf96140b76dbc97307b4afe944545ce43 /puppet | |
parent | 013e27fe0d52c7572676b939020c1d07980096db (diff) | |
parent | 30bd4f5189087b2cabc2129da512895011cac88f (diff) |
Merge "Only set apache certificates if TLS everywhere is enabled"
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/services/apache.yaml | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index ac371927..f3021060 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -84,21 +84,24 @@ outputs: apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" - - - generate_service_certificates: true - tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' - tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' - apache_certificates_specs: - map_merge: - repeat: - template: - httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' - hostname: "%{hiera('fqdn_NETWORK')}" - principal: "HTTP/%{hiera('fqdn_NETWORK')}" - for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: {get_attr: [ApacheNetworks, value]} + - {} metadata_settings: if: - internal_tls_enabled |