puppet-openstack-integration/manifests/horizon.pp

class openstack_integration::horizon {

  include ::openstack_integration::config
  include ::openstack_integration::params

  if $::openstack_integration::config::ssl {
    file { '/etc/openstack-dashboard/ssl':
      ensure                  => directory,
      owner                   => 'root',
      mode                    => '0755',
      selinux_ignore_defaults => true,
      require                 => Package['horizon'],
    }
    file { '/etc/openstack-dashboard/ssl/private':
      ensure                  => directory,
      owner                   => 'root',
      mode                    => '0755',
      selinux_ignore_defaults => true,
      require                 => File['/etc/openstack-dashboard/ssl'],
      before                  => File["/etc/openstack-dashboard/ssl/private/${::fqdn}.pem"],
    }
    openstack_integration::ssl_key { 'horizon':
      key_path  => "/etc/openstack-dashboard/ssl/private/${::fqdn}.pem",
      key_owner => 'root',
      require   => File['/etc/openstack-dashboard/ssl/private'],
      notify    => Service['httpd'],
    }
    Exec['update-ca-certificates'] ~> Service['httpd']
  }

  class { '::horizon':
    secret_key       => 'big_secret',
    servername       => $::openstack_integration::config::ip_for_url,
    allowed_hosts    => $::openstack_integration::config::ip_for_url,
    listen_ssl       => $::openstack_integration::config::ssl,
    ssl_redirect     => $::openstack_integration::config::ssl,
    horizon_cert     => $::openstack_integration::params::cert_path,
    horizon_key      => "/etc/openstack-dashboard/ssl/private/${::fqdn}.pem",
    horizon_ca       => $::openstack_integration::params::ca_bundle_cert_path,
    keystone_url     => "${::openstack_integration::config::keystone_auth_uri}/v3",
    # need to disable offline compression due to
    # https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1424042
    compress_offline => false,
  }

}