From 1df5f72688d39490822137f5ac92f58ef70f6bc9 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 1 Aug 2017 16:10:27 +0300
Subject: Enable listening on TLS for the internal network for horizon

This sets the flag that tells the horizon manifest to use TLS for the
configuration.

bp tls-via-certmonger

Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
---
 puppet/services/horizon.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 63ab92eb..642a0f09 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -67,6 +67,14 @@ parameters:
   MonitoringSubscriptionHorizon:
     default: 'overcloud-horizon'
     type: string
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 conditions:
 
@@ -109,6 +117,14 @@ outputs:
                   - {get_param: [DefaultPasswords, horizon_secret]}
           horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
           memcached_ipv6: {get_param: MemcachedIPv6}
+          horizon::servername:
+            str_replace:
+              template:
+                "%{hiera('fqdn_$NETWORK')}"
+              params:
+                $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+          horizon::listen_ssl: {get_param: EnableInternalTLS}
+          horizon::horizon_ca: {get_param: InternalTLSCAFile}
         -
           if:
           - debug_unset
-- 
cgit 1.2.3-korg