summaryrefslogtreecommitdiffstats
path: root/puppet/services/nova-metadata.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services/nova-metadata.yaml')
-rw-r--r--puppet/services/nova-metadata.yaml37
1 files changed, 36 insertions, 1 deletions
diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml
index ca9eed09..3ac5f300 100644
--- a/puppet/services/nova-metadata.yaml
+++ b/puppet/services/nova-metadata.yaml
@@ -34,10 +34,26 @@ parameters:
default: 0
description: Number of workers for Nova services.
type: number
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+
+resources:
+
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
outputs:
role_data:
description: Role data for the Nova Metadata service.
@@ -45,10 +61,29 @@ outputs:
service_name: nova_metadata
config_settings:
map_merge:
- - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ - get_attr: [TLSProxyBase, role_data, config_settings]
+ - nova::api::metadata_listen:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, NovaMetadataNetwork]}
-
if:
- nova_workers_zero
- {}
- nova::api::metadata_workers: {get_param: NovaWorkers}
+ -
+ if:
+ - use_tls_proxy
+ - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, NovaMetadataNetwork]
+ tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ - {}
step_config: ""
+ metadata_settings:
+ get_attr: [TLSProxyBase, role_data, metadata_settings]