This sets the flag that tells the horizon manifest to use TLS for the
configuration.
bp tls-via-certmonger
Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
MonitoringSubscriptionHorizon:
default: 'overcloud-horizon'
type: string
MonitoringSubscriptionHorizon:
default: 'overcloud-horizon'
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
+ horizon::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::listen_ssl: {get_param: EnableInternalTLS}
+ horizon::horizon_ca: {get_param: InternalTLSCAFile}