Clean TLS proxy-related setup for neutron-server profile

Since the commit this depends on sets it up via hieradata, the
conditionals here are no longer needed.

bp tls-via-certmonger
Depends-On: I9252512dbf9cf2e3eec50c41bf10629d36070bbd

Change-Id: I37275e42763e103b81878b6af07c750a524c5697

diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp
index 3de50c2..e6a32db 100644 (file)
--- a/manifests/profile/base/neutron.pp
+++ b/manifests/profile/base/neutron.pp
@@ -35,22 +35,9 @@ class tripleo::profile::base::neutron (
   $rabbit_hosts = hiera('rabbitmq_node_names', undef),
   $rabbit_port  = hiera('neutron::rabbit_port', 5672),
 ) {
-
-  # TODO(jaosorior): Remove this when we pass it via t-h-t
-  if hiera('enable_internal_tls', false) {
-    $bind_host = 'localhost'
-  } else {
-    # This is executed in all of the nodes that use something neutron-related,
-    # so we set the defalut, since the bind_host is only available in the
-    # controllers. Either way, this will be removed and set properly via t-h-t
-    # in a subsequent commit.
-    $bind_host = hiera('neutron::bind_host', $::os_service_default)
-  }
-
   if $step >= 3 {
     $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
     class { '::neutron' :
-      bind_host    => $bind_host,
       rabbit_hosts => $rabbit_endpoints,
     }
     include ::neutron::config

diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 5a98f66..5d6909f 100644 (file)
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -75,6 +75,21 @@
 #   for more details.
 #   Defaults to hiera('step')
 #
+# [*tls_proxy_bind_ip*]
+#   IP on which the TLS proxy will listen on. Required only if
+#   enable_internal_tls is set.
+#   Defaults to undef
+#
+# [*tls_proxy_fqdn*]
+#   fqdn on which the tls proxy will listen on. required only used if
+#   enable_internal_tls is set.
+#   defaults to undef
+#
+# [*tls_proxy_port*]
+#   port on which the tls proxy will listen on. Only used if
+#   enable_internal_tls is set.
+#   defaults to 9696
+#
 class tripleo::profile::base::neutron::server (
   $bootstrap_node                = hiera('bootstrap_nodeid', undef),
   $certificates_specs            = hiera('apache_certificates_specs', {}),
@@ -85,6 +100,9 @@ class tripleo::profile::base::neutron::server (
   $l3_nodes                      = hiera('neutron_l3_short_node_names', []),
   $neutron_network               = hiera('neutron_api_network', undef),
   $step                          = hiera('step'),
+  $tls_proxy_bind_ip             = undef,
+  $tls_proxy_fqdn                = undef,
+  $tls_proxy_port                = 9696,
 ) {
   if $enable_internal_tls and $generate_service_certificates {
     ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
@@ -120,9 +138,9 @@ class tripleo::profile::base::neutron::server (
       $tls_keyfile = $certificates_specs["httpd-${neutron_network}"]['service_key']
 
       ::tripleo::tls_proxy { 'neutron-api':
-        servername => hiera("fqdn_${neutron_network}"),
-        ip         => hiera('neutron::bind_host'),  # This will be cleaned out
-        port       => 9696,  # This will be cleaned out
+        servername => $tls_proxy_fqdn,
+        ip         => $tls_proxy_bind_ip,
+        port       => $tls_proxy_port,
         tls_cert   => $tls_certfile,
         tls_key    => $tls_keyfile,
         notify     => Class['::neutron::server'],