X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fapache-internal-tls-certmonger.yaml;h=4c94f440751ff6c20fb4f2e65be2264e7b549388;hb=82db6ab608b29e455fb2036aeb36537148b97cf9;hp=87e53f13a719a6ac5601b455fe361e775a6b751e;hpb=d106161466ca158e4b663a89beda7af1d5b67d72;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml
index 87e53f13..4c94f440 100644
--- a/puppet/services/apache-internal-tls-certmonger.yaml
+++ b/puppet/services/apache-internal-tls-certmonger.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-10-14
+heat_template_version: ocata
 
 description: >
   Apache service TLS configurations.
@@ -21,6 +21,22 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
 
+resources:
+
+  ApacheNetworks:
+    type: OS::Heat::Value
+    properties:
+      value:
+        # NOTE(jaosorior) Get unique network names to create
+        # certificates for those. We skip the tenant network since
+        # we don't need a certificate for that, and the external
+        # network will be handled in another template.
+        yaql:
+          expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
+          data:
+            map:
+              get_param: ServiceNetMap
+
 outputs:
   role_data:
     description: Role data for the Apache role.
@@ -35,16 +51,25 @@ outputs:
                 httpd-NETWORK:
                   service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
                   service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
-                  hostname: "%{::fqdn_NETWORK}"
-                  principal: "HTTP/%{::fqdn_NETWORK}"
+                  hostname: "%{hiera('fqdn_NETWORK')}"
+                  principal: "HTTP/%{hiera('fqdn_NETWORK')}"
               for_each:
-                NETWORK:
-                  # NOTE(jaosorior) Get unique network names to create
-                  # certificates for those. We skip the tenant network since
-                  # we don't need a certificate for that, and the external
-                  # network will be handled in another template.
-                  yaql:
-                    expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
-                    data:
-                      map:
-                        get_param: ServiceNetMap
+                NETWORK: {get_attr: [ApacheNetworks, value]}
+      metadata_settings:
+        repeat:
+          template:
+            - service: HTTP
+              network: $NETWORK
+              type: node
+          for_each:
+            $NETWORK: {get_attr: [ApacheNetworks, value]}
+      upgrade_tasks:
+        - name: Check if httpd is deployed
+          command: systemctl is-enabled httpd
+          tags: common
+          ignore_errors: True
+          register: httpd_enabled
+        - name: "PreUpgrade step0,validation: Check service httpd is running"
+          shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+          when: httpd_enabled.rc == 0
+          tags: step0,validation