1 heat_template_version: ocata
4 Apache service TLS configurations.
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
13 # The following parameters are not needed by the template but are
14 # required to pass the pep8 tests
20 description: Mapping of service endpoint -> protocol. Typically set
21 via parameter_defaults in the resource registry.
30 # NOTE(jaosorior) Get unique network names to create
31 # certificates for those. We skip the tenant network since
32 # we don't need a certificate for that, and the external
33 # network will be handled in another template.
35 expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
38 get_param: ServiceNetMap
42 description: Role data for the Apache role.
44 service_name: apache_internal_tls_certmonger
46 generate_service_certificates: true
47 apache_certificates_specs:
52 service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
53 service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
54 hostname: "%{hiera('fqdn_NETWORK')}"
55 principal: "HTTP/%{hiera('fqdn_NETWORK')}"
57 NETWORK: {get_attr: [ApacheNetworks, value]}
65 $NETWORK: {get_attr: [ApacheNetworks, value]}
67 - name: Check if httpd is deployed
68 command: systemctl is-enabled httpd
71 register: httpd_enabled
72 - name: "PreUpgrade step0,validation: Check service httpd is running"
73 shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
74 when: httpd_enabled.rc == 0
75 tags: step0,validation