Merge "Only set apache certificates if TLS everywhere is enabled"
This commit is contained in:
commit
1324f2f1c9
@ -84,21 +84,24 @@ outputs:
|
|||||||
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
|
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
|
||||||
apache::mod::remoteip::proxy_ips:
|
apache::mod::remoteip::proxy_ips:
|
||||||
- "%{hiera('apache_remote_proxy_ips_network')}"
|
- "%{hiera('apache_remote_proxy_ips_network')}"
|
||||||
-
|
- if:
|
||||||
generate_service_certificates: true
|
- internal_tls_enabled
|
||||||
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
-
|
||||||
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
generate_service_certificates: true
|
||||||
apache_certificates_specs:
|
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
||||||
map_merge:
|
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
||||||
repeat:
|
apache_certificates_specs:
|
||||||
template:
|
map_merge:
|
||||||
httpd-NETWORK:
|
repeat:
|
||||||
service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
|
template:
|
||||||
service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
|
httpd-NETWORK:
|
||||||
hostname: "%{hiera('fqdn_NETWORK')}"
|
service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
|
||||||
principal: "HTTP/%{hiera('fqdn_NETWORK')}"
|
service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
|
||||||
for_each:
|
hostname: "%{hiera('fqdn_NETWORK')}"
|
||||||
NETWORK: {get_attr: [ApacheNetworks, value]}
|
principal: "HTTP/%{hiera('fqdn_NETWORK')}"
|
||||||
|
for_each:
|
||||||
|
NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||||
|
- {}
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
if:
|
if:
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
|
Loading…
x
Reference in New Issue
Block a user