commit a75691c0d21cecda4c5469e168fd8d31f868f7d1
author Mykyta Karpin <mkarpin@mirantis.com> Tue Jul 31 09:49:49 2018 +0000
committer Mykyta Karpin <mkarpin@mirantis.com> Thu Aug 02 11:12:31 2018 +0000
tree e6fb931870c224d771b44ec6505a1fcc27f0dff9
parent 7f0eeea879c863278c78bc400a5b5eb0c90e7db5

[SSL] Sync new options for apache and nginx

Set the same options via apache[nginx]/files/_ssl.conf template for sites as
they were set by apache[nginx]/files/_ssl_secure.conf (deprecated) earlier.
By default the same set of ciphers was set in nginx and apache in _ssl_secure.conf
Now the same list of ciphers is set through pillar.

Change-Id: I64b6bfe0cbb23d204a50c6bde8d9de6ed6fac306
Related-Prod: https://mirantis.jira.com/browse/PROD-20921

classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml

diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml
index 6279073..8ad711d 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/openstack/telemetry.yml
@@ -14,6 +14,8 @@
 - service.redis.server.single
 - system.nginx.server.single
 - system.nginx.server.proxy.openstack.aodh
+- system.apache.server.ssl
+- system.nginx.server.proxy.ssl
 - system.gnocchi.server.cluster
 - system.gnocchi.common.storage.incoming.redis
 - system.gnocchi.common.storage.file
@@ -37,16 +39,17 @@
     nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
     nginx_proxy_openstack_aodh_host: 127.0.0.1
     nginx_proxy_ssl:
-      enabled: true
-      engine: salt
+      authority: "${_param:salt_minion_ca_authority}"
+      key_file: "/etc/ssl/private/internal_proxy.key"
+      cert_file: "/etc/ssl/certs/internal_proxy.crt"
+      chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
+    apache_ssl:
       authority: "${_param:salt_minion_ca_authority}"
       key_file: "/etc/ssl/private/internal_proxy.key"
       cert_file: "/etc/ssl/certs/internal_proxy.crt"
       chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
     apache_gnocchi_api_address: ${_param:single_address}
     apache_panko_api_address: ${_param:single_address}
-    apache_gnocchi_ssl: ${_param:nginx_proxy_ssl}
-    apache_panko_ssl: ${_param:nginx_proxy_ssl}
     cluster_node01_hostname: ${_param:openstack_telemetry_node01_hostname}
     cluster_node01_address: ${_param:openstack_telemetry_node01_address}
     cluster_node02_hostname: ${_param:openstack_telemetry_node02_hostname}