From debbfbbf8fe8702fd3202f75e049496ee9bb3ddf Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 26 Sep 2016 15:34:10 +0000 Subject: Generate internal TLS hieradata for apache services This adds an environment file that can be used to enable TLS in the internal endpoints via certmonger if used. This will include a nested stack that will create the hash that will be used to create the certmonger certificates. When setting up a service over apache via puppet, we used to disable explicitly ssl (which sets modd_ssl-related fields for that vhost). We now make this depend on the EnableInternalTLS flag. This has only been done for keystone, but more services will be added as the puppet code lands bp tls-via-certmonger Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039 Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c --- overcloud-resource-registry-puppet.j2.yaml | 1 + 1 file changed, 1 insertion(+) (limited to 'overcloud-resource-registry-puppet.j2.yaml') diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 218cd2d3..9b9cd581 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -99,6 +99,7 @@ resource_registry: # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml + OS::TripleO::Services::ApacheTLS: OS::Heat::None OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephRgw: OS::Heat::None -- cgit 1.2.3-korg