From 2fda963fc73c17693669898fcd3ea3a94c1bf841 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 19 Apr 2017 10:58:11 +0000
Subject: containers: TLS in the internal network for telemetry services

This covers aodh, gnocchi and panko.

cp tls-via-certmonger-containers

Change-Id: I6dabb0d82755c28b8940c0baab0e23cfcc587c42
---
 docker/services/panko-api.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'docker/services/panko-api.yaml')

diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index 61bdf7ac..e87bb570 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -26,6 +26,13 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -104,5 +111,17 @@ outputs:
                     - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
                     - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
                     - /var/lib/config-data/panko/var/www/:/var/www/:ro
+                    -
+                      if:
+                        - internal_tls_enabled
+                        - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                        - ''
+                    -
+                      if:
+                        - internal_tls_enabled
+                        - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                        - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      metadata_settings:
+        get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
-- 
cgit 1.2.3-korg