From d905ed08052ca5dc78b5f7f56f731394f19958ed Mon Sep 17 00:00:00 2001
From: Martin André <m.andre@redhat.com>
Date: Wed, 23 Aug 2017 12:44:42 +0200
Subject: Use TLS proxy for Redis' internal TLS

This uses the tls_proxy resource in front of the Redis server when
internal TLS is enabled.

bp tls-via-certmonger

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit 2d1d7875aa6f0b68005c84189627bc0716a7693f)
---
 manifests/profile/base/certmonger_user.pp | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'manifests/profile/base/certmonger_user.pp')

diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index cc29cd5..54d9e15 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -78,6 +78,11 @@
 #   it will create.
 #   Defaults to hiera('tripleo::profile::base::rabbitmq::certificate_specs', {}).
 #
+# [*redis_certificate_specs*]
+#   (Optional) The specifications to give to certmonger for the certificate(s)
+#   it will create.
+#   Defaults to hiera('redis_certificate_specs', {}).
+#
 # [*etcd_certificate_specs*]
 #   (Optional) The specifications to give to certmonger for the certificate(s)
 #   it will create.
@@ -93,6 +98,7 @@ class tripleo::profile::base::certmonger_user (
   $mongodb_certificate_specs  = hiera('mongodb_certificate_specs',{}),
   $mysql_certificate_specs    = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
   $rabbitmq_certificate_specs = hiera('tripleo::profile::base::rabbitmq::certificate_specs', {}),
+  $redis_certificate_specs    = hiera('redis_certificate_specs', {}),
   $etcd_certificate_specs     = hiera('tripleo::profile::base::etcd::certificate_specs', {}),
 ) {
   unless empty($haproxy_certificates_specs) {
@@ -137,6 +143,9 @@ class tripleo::profile::base::certmonger_user (
   unless empty($rabbitmq_certificate_specs) {
     ensure_resource('class', 'tripleo::certmonger::rabbitmq', $rabbitmq_certificate_specs)
   }
+  unless empty($redis_certificate_specs) {
+    ensure_resource('class', 'tripleo::certmonger::redis', $redis_certificate_specs)
+  }
   unless empty($etcd_certificate_specs) {
     ensure_resource('class', 'tripleo::certmonger::etcd', $etcd_certificate_specs)
   }
-- 
cgit 1.2.3-korg