Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "DB connection: prevent src address from binding to a VIP"
[apex-tripleo-heat-templates.git] / puppet / services / nova-api.yaml
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 3cc238c..a4a487c 100644 (file)
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-10-14
+heat_template_version: ocata
 
 description: >
   OpenStack Nova API service configured with Puppet
@@ -51,6 +51,9 @@ parameters:
     default:
       tag: openstack.nova.api
       path: /var/log/nova/nova-api.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 conditions:
   nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
@@ -62,6 +65,7 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
 
   NovaBase:
     type: ./nova-base.yaml
@@ -83,8 +87,8 @@ outputs:
         map_merge:
         - get_attr: [NovaBase, role_data, config_settings]
         - get_attr: [ApacheServiceBase, role_data, config_settings]
-        - nova::cron::archive_deleted_rows::hour: '"*/12"'
-          nova::cron::archive_deleted_rows::destination: '"/dev/null"'
+        - nova::cron::archive_deleted_rows::hour: '*/12'
+          nova::cron::archive_deleted_rows::destination: '/dev/null'
           tripleo.nova_api.firewall_rules:
             '113 nova_api':
               dport:
@@ -101,21 +105,26 @@ outputs:
           nova::api::default_floating_pool: 'public'
           nova::api::sync_db_api: true
           nova::api::enable_proxy_headers_parsing: true
+          nova::api::api_bind_address:
+            str_replace:
+              template:
+                "%{hiera('fqdn_$NETWORK')}"
+              params:
+                $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+          nova::api::service_name: 'httpd'
+          nova::wsgi::apache::ssl: {get_param: EnableInternalTLS}
           # NOTE: bind IP is found in Heat replacing the network name with the local node IP
           # for the given network; replacement examples (eg. for internal_api):
           # internal_api -> IP
           # internal_api_uri -> [IP]
           # internal_api_subnet - > IP/CIDR
-          nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
-          nova::api::service_name: 'httpd'
-          nova::wsgi::apache::ssl: false
           nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
           nova::wsgi::apache::servername:
             str_replace:
               template:
-                '"%{::fqdn_$NETWORK}"'
+                "%{hiera('fqdn_$NETWORK')}"
               params:
-                $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
           nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
           nova::api::instance_name_template: {get_param: InstanceNameTemplate}
           nova_enable_db_purge: {get_param: NovaEnableDBPurge}