Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Enable TLS for nova api and placement containers
[apex-tripleo-heat-templates.git] / docker / services / nova-placement.yaml
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index 7350db2..26d1756 100644 (file)
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,12 +36,22 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
   ContainersCommon:
     type: ./containers-common.yaml
 
+  MySQLClient:
+    type: ../../puppet/services/database/mysql-client.yaml
+
   NovaPlacementBase:
     type: ../../puppet/services/nova-placement.yaml
     properties:
@@ -62,7 +72,10 @@ outputs:
           - get_attr: [NovaPlacementBase, role_data, config_settings]
           - apache::default_vhost: false
       step_config: &step_config
-        get_attr: [NovaPlacementBase, role_data, step_config]
+        list_join:
+          - "\n"
+          - - {get_attr: [NovaPlacementBase, role_data, step_config]}
+            - {get_attr: [MySQLClient, role_data, step_config]}
       service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:
@@ -98,8 +111,20 @@ outputs:
                   - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/nova:/var/log/nova
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      metadata_settings:
+        get_attr: [NovaPlacementBase, role_data, metadata_settings]
       host_prep_tasks:
         - name: create persistent logs directory
           file: