From d905ed08052ca5dc78b5f7f56f731394f19958ed Mon Sep 17 00:00:00 2001 From: Martin André Date: Wed, 23 Aug 2017 12:44:42 +0200 Subject: Use TLS proxy for Redis' internal TLS This uses the tls_proxy resource in front of the Redis server when internal TLS is enabled. bp tls-via-certmonger Co-Authored-By: Juan Antonio Osorio Robles Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147 (cherry picked from commit 2d1d7875aa6f0b68005c84189627bc0716a7693f) --- manifests/profile/base/gnocchi/api.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'manifests/profile/base/gnocchi/api.pp') diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 88177fd..c958359 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -84,9 +84,11 @@ class tripleo::profile::base::gnocchi::api ( } $tls_certfile = $certificates_specs["httpd-${gnocchi_network}"]['service_certificate'] $tls_keyfile = $certificates_specs["httpd-${gnocchi_network}"]['service_key'] + $tls_query_param = '?ssl=true' } else { $tls_certfile = undef $tls_keyfile = undef + $tls_query_param = '' } if $step >= 4 and $sync_db { @@ -104,11 +106,11 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 4 { class { '::gnocchi::storage': - coordination_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + coordination_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), } class { '::gnocchi::storage::incoming::redis': - redis_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + redis_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), } case $gnocchi_backend { -- cgit 1.2.3-korg