From 665fad1e4c4708dd5e19a6d489e86ebbd6fd87af Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 1 Nov 2016 12:13:32 +0200
Subject: Enable internal TLS for Cinder API

This adds the necessary hieradata for enabling TLS in the internal
network for Cinder API.

bp tls-via-certmonger
Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863

Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
---
 puppet/services/cinder-api.yaml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'puppet/services')

diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index fe48667a..803d8b83 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -43,6 +43,9 @@ parameters:
     type: string
     description: Set the number of workers for cinder::wsgi::apache
     default: '"%{::os_workers}"'
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 conditions:
   cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
@@ -55,6 +58,7 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
 
   CinderBase:
     type: ./cinder-base.yaml
@@ -94,21 +98,26 @@ outputs:
                 dport:
                   - 8776
                   - 13776
+            cinder::api::bind_host:
+              str_replace:
+                template:
+                  '"%{::fqdn_$NETWORK}"'
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
+            cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
+            cinder::api::service_name: 'httpd'
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
-            cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
-            cinder::api::service_name: 'httpd'
-            cinder::wsgi::apache::ssl: false
             cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
             cinder::wsgi::apache::servername:
               str_replace:
                 template:
                   '"%{::fqdn_$NETWORK}"'
                 params:
-                  $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                  $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
           -
             if:
             - cinder_workers_zero
-- 
cgit 1.2.3-korg