Enable httpd to request certificates for the "external" network
Deployers can change the network that a service is running on through
the ServiceNetMap. A common change is to switch the keystone admin API
to run in the external network instead of the ctlplane network. Doing
this in a TLS everywhere environment breaks, since we were explicitly
skipping the external network.
This no longer skips that network, thus enabling this use-case.
Change-Id: I488517528a77a257dede2f59488bb95ffc77743b
Closes-Bug: #1732443
(cherry picked from commit 451020b72e
)
This commit is contained in:
parent
5a3db4ef87
commit
871b625a7b
|
@ -60,10 +60,9 @@ resources:
|
|||
value:
|
||||
# NOTE(jaosorior) Get unique network names to create
|
||||
# certificates for those. We skip the tenant network since
|
||||
# we don't need a certificate for that, and the external
|
||||
# is for HAProxy so it isn't used for apache either.
|
||||
# we don't need a certificate for that.
|
||||
yaql:
|
||||
expression: list($.data.map.items().map($1[1])).distinct().where($ != external and $ != tenant)
|
||||
expression: list($.data.map.items().map($1[1])).distinct().where($ != tenant)
|
||||
data:
|
||||
map:
|
||||
get_param: ServiceNetMap
|
||||
|
|
Loading…
Reference in New Issue