From 61ed3e519830d10dee144b4352c937066d1a67c4 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Thu, 11 Feb 2016 20:15:07 -0800
Subject: [PATCH] Update InfraCloud SSL configuration

Update the system-config manifest to support the simplifying changes
made in the puppet-infracloud module.

This patch will require updates to hiera. We need keys
hpuswest_ssl_cert_file_contents and ssl_key_file_contents added, and
hpuswest_ssl_cert_file_contents must be in the 'infracloud' hiera group
since it is shared to the compute nodes.

Change-Id: I39c70b1077e8b467e0a7e123a694d037ffc77f7a
Depends-On: Ibeea608e965e58c496a95b2f02a4bf6b13e15f0e
---
 manifests/site.pp                             | 12 +++-------
 .../manifests/infracloud/compute.pp           |  2 ++
 .../manifests/infracloud/controller.pp        | 22 ++++---------------
 3 files changed, 9 insertions(+), 27 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index cb719f798b..26363f59e7 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1163,15 +1163,8 @@ node 'controller00.hpuswest.ic.openstack.org' {
     neutron_admin_password           => hiera('neutron_admin_password'),
     nova_admin_password              => hiera('nova_admin_password'),
     keystone_admin_token             => hiera('keystone_admin_token'),
-    ssl_chain_file_contents          => hiera('ssl_chain_file_contents'),
-    keystone_ssl_key_file_contents   => hiera('keystone_ssl_key_file_contents'),
-    keystone_ssl_cert_file_contents  => hiera('keystone_ssl_cert_file_contents'),
-    glance_ssl_key_file_contents     => hiera('glance_ssl_key_file_contents'),
-    glance_ssl_cert_file_contents    => hiera('glance_ssl_cert_file_contents'),
-    neutron_ssl_key_file_contents    => hiera('neutron_ssl_key_file_contents'),
-    neutron_ssl_cert_file_contents   => hiera('neutron_ssl_cert_file_contents'),
-    nova_ssl_key_file_contents       => hiera('nova_ssl_key_file_contents'),
-    nova_ssl_cert_file_contents      => hiera('nova_ssl_cert_file_contents'),
+    ssl_key_file_contents            => hiera('ssl_key_file_contents'),
+    ssl_cert_file_contents           => hiera('hpuswest_ssl_cert_file_contents'),
     br_name                          => 'br-vlan25',
     controller_management_address    => '10.10.16.146',
     controller_public_address        => $::fqdn,
@@ -1188,6 +1181,7 @@ node /^compute\d{3}\.hpuswest\.ic\.openstack\.org$/ {
     nova_rabbit_password             => hiera('nova_rabbit_password'),
     neutron_rabbit_password          => hiera('neutron_rabbit_password'),
     neutron_admin_password           => hiera('neutron_admin_password'),
+    ssl_cert_file_contents           => hiera('hpuswest_ssl_cert_file_contents'),
     br_name                          => 'br-vlan25',
     controller_management_address    => '10.10.16.146',
     controller_public_address        => 'controller00.hpuswest.ic.openstack.org',
diff --git a/modules/openstack_project/manifests/infracloud/compute.pp b/modules/openstack_project/manifests/infracloud/compute.pp
index c2bf5f25f8..5c82f78631 100644
--- a/modules/openstack_project/manifests/infracloud/compute.pp
+++ b/modules/openstack_project/manifests/infracloud/compute.pp
@@ -2,6 +2,7 @@ class openstack_project::infracloud::compute (
   $nova_rabbit_password,
   $neutron_rabbit_password,
   $neutron_admin_password,
+  $ssl_cert_file_contents,
   $br_name,
   $controller_management_address,
   $controller_public_address,
@@ -10,6 +11,7 @@ class openstack_project::infracloud::compute (
     nova_rabbit_password          => $nova_rabbit_password,
     neutron_rabbit_password       => $neutron_rabbit_password,
     neutron_admin_password        => $neutron_admin_password,
+    ssl_cert_file_contents        => $ssl_cert_file_contents,
     br_name                       => $br_name,
     controller_management_address => $controller_management_address,
     controller_public_address     => $controller_public_address,
diff --git a/modules/openstack_project/manifests/infracloud/controller.pp b/modules/openstack_project/manifests/infracloud/controller.pp
index 4ac4e2a006..9ca3e750f7 100644
--- a/modules/openstack_project/manifests/infracloud/controller.pp
+++ b/modules/openstack_project/manifests/infracloud/controller.pp
@@ -12,15 +12,8 @@ class openstack_project::infracloud::controller (
   $neutron_admin_password,
   $nova_admin_password,
   $keystone_admin_token,
-  $ssl_chain_file_contents,
-  $keystone_ssl_key_file_contents,
-  $keystone_ssl_cert_file_contents,
-  $neutron_ssl_key_file_contents,
-  $neutron_ssl_cert_file_contents,
-  $glance_ssl_key_file_contents,
-  $glance_ssl_cert_file_contents,
-  $nova_ssl_key_file_contents,
-  $nova_ssl_cert_file_contents,
+  $ssl_key_file_contents,
+  $ssl_cert_file_contents,
   $br_name,
   $controller_management_address,
   $controller_public_address = $::fqdn,
@@ -39,15 +32,8 @@ class openstack_project::infracloud::controller (
     neutron_admin_password           => $neutron_admin_password,
     nova_admin_password              => $nova_admin_password,
     keystone_admin_token             => $keystone_admin_token,
-    ssl_chain_file_contents          => $ssl_chain_file_contents,
-    keystone_ssl_key_file_contents   => $keystone_ssl_key_file_contents,
-    keystone_ssl_cert_file_contents  => $keystone_ssl_cert_file_contents,
-    glance_ssl_key_file_contents     => $neutron_ssl_key_file_contents,
-    glance_ssl_cert_file_contents    => $neutron_ssl_cert_file_contents,
-    neutron_ssl_key_file_contents    => $glance_ssl_key_file_contents,
-    neutron_ssl_cert_file_contents   => $glance_ssl_cert_file_contents,
-    nova_ssl_key_file_contents       => $nova_ssl_key_file_contents,
-    nova_ssl_cert_file_contents      => $nova_ssl_cert_file_contents,
+    ssl_key_file_contents            => $ssl_key_file_contents,
+    ssl_cert_file_contents           => $ssl_cert_file_contents,
     br_name                          => $br_name,
     controller_management_address    => $controller_management_address,
     controller_public_address        => $controller_public_address,