From 33bc901670a952b626d303c91466a593d1310167 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Thu, 17 Aug 2017 17:30:57 +0000 Subject: Enable TLS for nova-metadata This also tells the neutron metadata agent to use TLS for contacting nova-metadata. bp tls-via-certmonger Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26 Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15 --- puppet/services/neutron-metadata.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'puppet/services/neutron-metadata.yaml') diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 81f12f01..30f34777 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -57,10 +57,15 @@ parameters: default: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log + EnableInternalTLS: + type: boolean + default: false conditions: neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + resources: NeutronBase: @@ -90,6 +95,17 @@ outputs: neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' - if: - neutron_workers_unset -- cgit 1.2.3-korg