From 30bd4f5189087b2cabc2129da512895011cac88f Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 17 May 2017 12:24:22 +0300 Subject: [PATCH] Only set apache certificates if TLS everywhere is enabled The Apache certs were were being set even if TLS everywhere isn't enabled. This fixes that. Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f --- puppet/services/apache.yaml | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index ac3719274b..f30210608a 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -84,21 +84,24 @@ outputs: apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" - - - generate_service_certificates: true - tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' - tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' - apache_certificates_specs: - map_merge: - repeat: - template: - httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' - hostname: "%{hiera('fqdn_NETWORK')}" - principal: "HTTP/%{hiera('fqdn_NETWORK')}" - for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: {get_attr: [ApacheNetworks, value]} + - {} metadata_settings: if: - internal_tls_enabled