aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/database/mongodb.yaml37
-rw-r--r--puppet/services/disabled/ceilometer-collector-disabled.yaml (renamed from puppet/services/disabled/ceilometer-collector.yaml)2
-rw-r--r--puppet/services/disabled/ceilometer-expirer-disabled.yaml (renamed from puppet/services/disabled/ceilometer-expirer.yaml)2
-rw-r--r--puppet/services/disabled/glance-registry-disabled.yaml (renamed from puppet/services/disabled/glance-registry.yaml)2
4 files changed, 40 insertions, 3 deletions
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 5bd621d2..968d4355 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -40,6 +40,13 @@ parameters:
format: >-
/(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
(?<message>.*)$/
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
MongoDbBase:
@@ -79,6 +86,28 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
+ -
+ if:
+ - internal_tls_enabled
+ -
+ generate_service_certificates: true
+ mongodb::server::ssl: true
+ mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+ mongodb_certificate_specs:
+ service_pem: '/etc/pki/tls/certs/mongodb.pem'
+ service_certificate: '/etc/pki/tls/certs/mongodb.crt'
+ service_key: '/etc/pki/tls/private/mongodb.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+ principal:
+ str_replace:
+ template: "mongodb/%{hiera('fqdn_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+ - {}
step_config: |
include ::tripleo::profile::base::database::mongodb
upgrade_tasks:
@@ -88,3 +117,11 @@ outputs:
- name: Start mongodb service
tags: step4
service: name=mongod state=started
+ metadata_settings:
+ if:
+ - internal_tls_enabled
+ -
+ - service: mongodb
+ network: {get_param: [ServiceNetMap, MongodbNetwork]}
+ type: node
+ - null
diff --git a/puppet/services/disabled/ceilometer-collector.yaml b/puppet/services/disabled/ceilometer-collector-disabled.yaml
index 64fd476d..18092a8f 100644
--- a/puppet/services/disabled/ceilometer-collector.yaml
+++ b/puppet/services/disabled/ceilometer-collector-disabled.yaml
@@ -31,7 +31,7 @@ outputs:
role_data:
description: Role data for the disabled Ceilometer Collector role.
value:
- service_name: ceilometer_collector
+ service_name: ceilometer_collector_disabled
upgrade_tasks:
- name: Stop and disable ceilometer_collector service on upgrade
tags: step1
diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
index 182193ec..e6d8ee6e 100644
--- a/puppet/services/disabled/ceilometer-expirer.yaml
+++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
@@ -31,7 +31,7 @@ outputs:
role_data:
description: Role data for the disabled Ceilometer Expirer role.
value:
- service_name: ceilometer_expirer
+ service_name: ceilometer_expirer_disabled
upgrade_tasks:
- name: Stop and disable ceilometer_expirer service on upgrade
tags: step1
diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry-disabled.yaml
index b2cd03ee..85a5c5ef 100644
--- a/puppet/services/disabled/glance-registry.yaml
+++ b/puppet/services/disabled/glance-registry-disabled.yaml
@@ -31,7 +31,7 @@ outputs:
role_data:
description: Role data for the disabled Glance Registry role.
value:
- service_name: glance_registry
+ service_name: glance_registry_disabled
upgrade_tasks:
- name: Stop and disable glance_registry service on upgrade
tags: step1