Merge "Enable listening on TLS for the internal network for horizon"

2017-08-18 15:25:44 +00:00 · 2017-08-18 15:25:44 +00:00 · 8865ab2985
commit 8865ab2985
parent 9adfd2fc2a 1df5f72688
1 changed files with 16 additions and 0 deletions
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@ -67,6 +67,14 @@ parameters:
  MonitoringSubscriptionHorizon:
    default: 'overcloud-horizon'
    type: string
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.

 conditions:

@ -109,6 +117,14 @@ outputs:
                  - {get_param: [DefaultPasswords, horizon_secret]}
          horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
          memcached_ipv6: {get_param: MemcachedIPv6}
+          horizon::servername:
+            str_replace:
+              template:
+                "%{hiera('fqdn_$NETWORK')}"
+              params:
+                $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+          horizon::listen_ssl: {get_param: EnableInternalTLS}
+          horizon::horizon_ca: {get_param: InternalTLSCAFile}
        -
          if:
          - debug_unset