From 84c156e44b4b8c913315b42979b3136df77e3aae Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Tue, 10 May 2016 15:21:48 -0400
Subject: [PATCH] deploy neutron with SSL & IPv6

Starting from Newton, VMs can be deployed with a metadata server that
runs with SSL enabled.
This patch aims to activate the tests for that, so we'll have a better
coverage of Neutron in SSL & IPv6 environment.
Note: I could not enable SSl for neutron metadata agent, I found this
bug: https://bugs.launchpad.net/neutron/+bug/1514424 and I'm not sure it
actually works.

Change-Id: Ia5b19d22549fc0c891a46cf47a742b35eaec6276
---
 manifests/neutron.pp | 18 +++++++++++++++---
 manifests/nova.pp    |  2 +-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/manifests/neutron.pp b/manifests/neutron.pp
index ca254b411..d005103cb 100644
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@@ -10,6 +10,15 @@ class openstack_integration::neutron (
 ) {
 
   include ::openstack_integration::config
+  include ::openstack_integration::params
+
+  if $::openstack_integration::config::ssl {
+    openstack_integration::ssl_key { 'neutron':
+      notify  => Service['neutron-server'],
+      require => Package['neutron'],
+    }
+    Exec['update-ca-certificates'] ~> Service['neutron-server']
+  }
 
   rabbitmq_user { 'neutron':
     admin    => true,
@@ -86,9 +95,9 @@ class openstack_integration::neutron (
     password => 'neutron',
   }
   class { '::neutron::keystone::auth':
-    public_url   => "http://${::openstack_integration::config::ip_for_url}:9696",
-    internal_url => "http://${::openstack_integration::config::ip_for_url}:9696",
-    admin_url    => "http://${::openstack_integration::config::ip_for_url}:9696",
+    public_url   => "${::openstack_integration::config::base_url}:9696",
+    internal_url => "${::openstack_integration::config::base_url}:9696",
+    admin_url    => "${::openstack_integration::config::base_url}:9696",
     password     => 'a_big_secret',
   }
   class { '::neutron':
@@ -102,6 +111,9 @@ class openstack_integration::neutron (
     service_plugins       => ['router', 'metering', 'firewall'],
     debug                 => true,
     bind_host             => $::openstack_integration::config::host,
+    use_ssl               => $::openstack_integration::config::ssl,
+    cert_file             => $::openstack_integration::params::cert_path,
+    key_file              => "/etc/neutron/ssl/private/${::fqdn}.pem",
   }
   class { '::neutron::client': }
   class { '::neutron::server':
diff --git a/manifests/nova.pp b/manifests/nova.pp
index b114a8bf1..5fa8036fa 100644
--- a/manifests/nova.pp
+++ b/manifests/nova.pp
@@ -113,7 +113,7 @@ class openstack_integration::nova (
 
   class { '::nova::network::neutron':
     neutron_auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
-    neutron_url      => "http://${::openstack_integration::config::ip_for_url}:9696",
+    neutron_url      => "${::openstack_integration::config::base_url}:9696",
     neutron_password => 'a_big_secret',
   }