aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/cinder
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-14 23:01:54 +0000
committerGerrit Code Review <review@openstack.org>2017-08-14 23:01:54 +0000
commitadf6802f91986e33e9d6c5e710aca01db674dc40 (patch)
tree4a5c8f0b7529e09ec66113b865bd7a052493d984 /manifests/profile/base/cinder
parent8505a2dc0edeb4da8c02d68c7229c36800392cca (diff)
parent5ae3fab74381403cc76525ba3ff63a60836c17c1 (diff)
Merge "Fix legacy nova/cinder encryption key manager configuration"
Diffstat (limited to 'manifests/profile/base/cinder')
-rw-r--r--manifests/profile/base/cinder/api.pp11
1 files changed, 10 insertions, 1 deletions
diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp
index 54880ad..892e4ed 100644
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@@ -43,6 +43,12 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
+# [*keymgr_api_class*]
+# (Optional) The encryption key manager API class. The default value
+# ensures Cinder's legacy key manager is enabled when no hiera value is
+# specified.
+# Defaults to hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -53,6 +59,7 @@ class tripleo::profile::base::cinder::api (
$certificates_specs = hiera('apache_certificates_specs', {}),
$cinder_api_network = hiera('cinder_api_network', undef),
$enable_internal_tls = hiera('enable_internal_tls', false),
+ $keymgr_api_class = hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager'),
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -75,7 +82,9 @@ class tripleo::profile::base::cinder::api (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- include ::cinder::api
+ class { '::cinder::api':
+ keymgr_api_class => $keymgr_api_class,
+ }
include ::apache::mod::ssl
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,