Use SSL options from nova::

Currently they are set using nova_config in vncproxy.pp but now
they have been properly implemented in puppet-nova [1].

[1] https://review.openstack.org/#/c/582881/

Change-Id: Ifec1dd09eb9ae1acb80001cb0ede1c5efb118d17
This commit is contained in:
Alfredo Moralejo 2018-07-18 17:57:42 +02:00
parent bb28296d5e
commit e93db2cc85
2 changed files with 14 additions and 8 deletions

View File

@ -47,6 +47,16 @@ class packstack::nova ()
$novahost = undef
}
if hiera('CONFIG_HORIZON_SSL') == 'y' {
$ssl_only = true
$cert = hiera('CONFIG_VNC_SSL_CERT')
$key = hiera('CONFIG_VNC_SSL_KEY')
} else {
$ssl_only = false
$cert = undef
$key = undef
}
class { '::nova':
glance_api_servers => "http://${nova_common_rabbitmq_cfg_storage_host}:9292",
default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/",
@ -65,5 +75,9 @@ class packstack::nova ()
cpu_allocation_ratio => hiera('CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO'),
ram_allocation_ratio => hiera('CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'),
host => $novahost,
ssl_only => $ssl_only,
cert => $cert,
key => $key,
}
}

View File

@ -1,13 +1,5 @@
class packstack::nova::vncproxy ()
{
if hiera('CONFIG_HORIZON_SSL') == 'y' {
nova_config {
'DEFAULT/ssl_only': value => true;
'DEFAULT/cert': value => hiera('CONFIG_VNC_SSL_CERT');
'DEFAULT/key': value => hiera('CONFIG_VNC_SSL_KEY');
}
}
$vnc_bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',