X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fapache.yaml;h=2d950151c3773787aa395cd64b88e7f34ae49767;hb=0162749f71c6831f3078ef2c7277f208aac05042;hp=c9792019957d9c406f439a406e569e496f26ae25;hpb=75c20d5b5dabed936f86096829377b01f1c3d4b2;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index c9792019..2d950151 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-10-14
+heat_template_version: ocata
 
 description: >
   Apache service configured with Puppet. Note this is typically included
@@ -27,6 +27,17 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+
+resources:
+
+  ApacheTLS:
+    type: OS::TripleO::Services::ApacheTLS
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
 
 outputs:
   role_data:
@@ -34,19 +45,34 @@ outputs:
     value:
       service_name: apache
       config_settings:
-        # for the given network; replacement examples (eg. for internal_api):
-        # internal_api -> IP
-        # internal_api_uri -> [IP]
-        # internal_api_subnet - > IP/CIDR
-        apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
-        apache::server_signature: 'Off'
-        apache::server_tokens: 'Prod'
-        apache_remote_proxy_ips_network:
-          str_replace:
-            template: "NETWORK_subnet"
-            params:
-              NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
-        apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
-        apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
-        apache::mod::remoteip::proxy_ips:
-          - "%{hiera('apache_remote_proxy_ips_network')}"
+        map_merge:
+          - get_attr: [ApacheTLS, role_data, config_settings]
+          -
+            # for the given network; replacement examples (eg. for internal_api):
+            # internal_api -> IP
+            # internal_api_uri -> [IP]
+            # internal_api_subnet - > IP/CIDR
+            apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+            apache::server_signature: 'Off'
+            apache::server_tokens: 'Prod'
+            apache_remote_proxy_ips_network:
+              str_replace:
+                template: "NETWORK_subnet"
+                params:
+                  NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
+            apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
+            apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
+            apache::mod::remoteip::proxy_ips:
+              - "%{hiera('apache_remote_proxy_ips_network')}"
+      metadata_settings:
+        get_attr: [ApacheTLS, role_data, metadata_settings]
+      upgrade_tasks:
+        - name: Check if httpd is deployed
+          command: systemctl is-enabled httpd
+          tags: common
+          ignore_errors: True
+          register: httpd_enabled
+        - name: "PreUpgrade step0,validation: Check service httpd is running"
+          shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
+          when: httpd_enabled.rc == 0
+          tags: step0,validation