aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-17 12:24:22 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-17 12:26:57 +0300
commit30bd4f5189087b2cabc2129da512895011cac88f (patch)
tree24f118cace534e847cb56c879021971d99309a4a /puppet
parente4c07e2ab055481a0e3986122eca499659aebd33 (diff)
Only set apache certificates if TLS everywhere is enabled
The Apache certs were were being set even if TLS everywhere isn't enabled. This fixes that. Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/apache.yaml33
1 files changed, 18 insertions, 15 deletions
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index ac371927..f3021060 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -84,21 +84,24 @@ outputs:
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"
- -
- generate_service_certificates: true
- tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
- tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
- apache_certificates_specs:
- map_merge:
- repeat:
- template:
- httpd-NETWORK:
- service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
- service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
- hostname: "%{hiera('fqdn_NETWORK')}"
- principal: "HTTP/%{hiera('fqdn_NETWORK')}"
- for_each:
- NETWORK: {get_attr: [ApacheNetworks, value]}
+ - if:
+ - internal_tls_enabled
+ -
+ generate_service_certificates: true
+ tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+ tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
+ apache_certificates_specs:
+ map_merge:
+ repeat:
+ template:
+ httpd-NETWORK:
+ service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
+ hostname: "%{hiera('fqdn_NETWORK')}"
+ principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+ for_each:
+ NETWORK: {get_attr: [ApacheNetworks, value]}
+ - {}
metadata_settings:
if:
- internal_tls_enabled