X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fnova-metadata.yaml;h=3ac5f3005d790a518c353b6836f5a5bdb0b9e012;hb=8a1798c43684da879f3bace5104ece73afa76702;hp=ca9eed097b07210753273dd79f644d5c19ce5974;hpb=ad370ba063d4e5b97dc446b33abea44c61908cd1;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml
index ca9eed09..3ac5f300 100644
--- a/puppet/services/nova-metadata.yaml
+++ b/puppet/services/nova-metadata.yaml
@@ -34,10 +34,26 @@ parameters:
     default: 0
     description: Number of workers for Nova services.
     type: number
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 conditions:
   nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
 
+  use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+
+resources:
+
+  TLSProxyBase:
+    type: OS::TripleO::Services::TLSProxyBase
+    properties:
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
 outputs:
   role_data:
     description: Role data for the Nova Metadata service.
@@ -45,10 +61,29 @@ outputs:
       service_name: nova_metadata
       config_settings:
         map_merge:
-        - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+        - get_attr: [TLSProxyBase, role_data, config_settings]
+        - nova::api::metadata_listen:
+            if:
+            - use_tls_proxy
+            - 'localhost'
+            - {get_param: [ServiceNetMap, NovaMetadataNetwork]}
         -
           if:
           - nova_workers_zero
           - {}
           - nova::api::metadata_workers: {get_param: NovaWorkers}
+        -
+          if:
+          - use_tls_proxy
+          - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
+              get_param: [ServiceNetMap, NovaMetadataNetwork]
+            tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+          - {}
       step_config: ""
+      metadata_settings:
+        get_attr: [TLSProxyBase, role_data, metadata_settings]