Merge "Use network-based fqdn entry from hiera instead of the custom fact"

[apex-tripleo-heat-templates.git] / puppet / services / apache-internal-tls-certmonger.yaml

heat_template_version: 2016-10-14

description: >
  Apache service TLS configurations.

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  # The following parameters are not needed by the template but are
  # required to pass the pep8 tests
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json

outputs:
  role_data:
    description: Role data for the Apache role.
    value:
      service_name: apache_internal_tls_certmonger
      config_settings:
        generate_service_certificates: true
        apache_certificates_specs:
          map_merge:
            repeat:
              template:
                httpd-NETWORK:
                  service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
                  service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
                  hostname: "%{hiera('fqdn_NETWORK')}"
                  principal: "HTTP/%{hiera('fqdn_NETWORK')}"
              for_each:
                NETWORK:
                  # NOTE(jaosorior) Get unique network names to create
                  # certificates for those. We skip the tenant network since
                  # we don't need a certificate for that, and the external
                  # network will be handled in another template.
                  yaql:
                    expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
                    data:
                      map:
                        get_param: ServiceNetMap