diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-09-06 09:37:27 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-09-06 09:37:27 +0000 |
| commit | 08677754f9622bc9264fda00251cf6bb3f00cc24 (patch) | |
| tree | 04c2da4da7cd45dc0ec30c715bec60a6961e8413 /manifests/profile/base/ceilometer/agent | |
| parent | 46a34f0a6fbf73b555d70ecd828222a325763a01 (diff) | |
| parent | d905ed08052ca5dc78b5f7f56f731394f19958ed (diff) | |
Merge "Use TLS proxy for Redis' internal TLS" into stable/pike
Diffstat (limited to 'manifests/profile/base/ceilometer/agent')
| -rw-r--r-- | manifests/profile/base/ceilometer/agent/central.pp | 15 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/agent/polling.pp | 13 |
2 files changed, 25 insertions, 3 deletions
diff --git a/manifests/profile/base/ceilometer/agent/central.pp b/manifests/profile/base/ceilometer/agent/central.pp index b8f5d07..955917c 100644 --- a/manifests/profile/base/ceilometer/agent/central.pp +++ b/manifests/profile/base/ceilometer/agent/central.pp @@ -18,20 +18,31 @@ # # === Parameters # +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::ceilometer::agent::central ( - $step = Integer(hiera('step')), + $enable_internal_tls = hiera('enable_internal_tls', false), + $step = Integer(hiera('step')), ) { include ::tripleo::profile::base::ceilometer + if $enable_internal_tls { + $tls_query_param = '?ssl=true' + } else { + $tls_query_param = '' + } + if $step >= 4 { include ::ceilometer::agent::auth class { '::ceilometer::agent::central': - coordination_url => join(['redis://:', hiera('ceilometer_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + coordination_url => join(['redis://:', hiera('ceilometer_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/', $tls_query_param]), } } diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp index 84f5e46..043b5cd 100644 --- a/manifests/profile/base/ceilometer/agent/polling.pp +++ b/manifests/profile/base/ceilometer/agent/polling.pp @@ -26,6 +26,10 @@ # (Optional) Use compute namespace for polling agent. # Defaults to false. # +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# # [*ipmi_namespace*] # (Optional) Use ipmi namespace for polling agent. # Defaults to false. @@ -44,6 +48,7 @@ class tripleo::profile::base::ceilometer::agent::polling ( $central_namespace = hiera('central_namespace', false), $compute_namespace = hiera('compute_namespace', false), + $enable_internal_tls = hiera('enable_internal_tls', false), $ipmi_namespace = hiera('ipmi_namespace', false), $ceilometer_redis_password = hiera('ceilometer_redis_password', undef), $redis_vip = hiera('redis_vip', undef), @@ -55,13 +60,19 @@ class tripleo::profile::base::ceilometer::agent::polling ( include ::tripleo::profile::base::ceilometer::upgrade } + if $enable_internal_tls { + $tls_query_param = '?ssl=true' + } else { + $tls_query_param = '' + } + if $step >= 4 { include ::ceilometer::agent::auth class { '::ceilometer::agent::polling': central_namespace => $central_namespace, compute_namespace => $compute_namespace, ipmi_namespace => $ipmi_namespace, - coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), } } } |