Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Change flat network name for nosdn fdio scenario
[apex-tripleo-heat-templates.git] / puppet / services / apache.yaml
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index a2c3c7a..6c55fde 100644 (file)
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Apache service configured with Puppet. Note this is typically included
@@ -13,6 +13,10 @@ parameters:
     default: 256
     description: Maximum number of Apache processes.
     type: number
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -22,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +42,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 conditions:
 
@@ -76,21 +93,25 @@ outputs:
             apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
             apache::mod::remoteip::proxy_ips:
               - "%{hiera('apache_remote_proxy_ips_network')}"
-          -
-            generate_service_certificates: true
-            tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
-            tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
-            apache_certificates_specs:
-              map_merge:
-                repeat:
-                  template:
-                    httpd-NETWORK:
-                      service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
-                      service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
-                      hostname: "%{hiera('fqdn_NETWORK')}"
-                      principal: "HTTP/%{hiera('fqdn_NETWORK')}"
-                  for_each:
-                    NETWORK: {get_attr: [ApacheNetworks, value]}
+          - if:
+            - internal_tls_enabled
+            -
+              generate_service_certificates: true
+              apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
+              tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+              tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
+              apache_certificates_specs:
+                map_merge:
+                  repeat:
+                    template:
+                      httpd-NETWORK:
+                        service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+                        service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
+                        hostname: "%{hiera('fqdn_NETWORK')}"
+                        principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+                    for_each:
+                      NETWORK: {get_attr: [ApacheNetworks, value]}
+            - {}
       metadata_settings:
         if:
           - internal_tls_enabled