diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2016-03-15 15:28:30 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2016-03-15 15:28:30 +0000 |
| commit | 55fdec283916e4c133952a4ebfca1f548574cdc3 (patch) | |
| tree | 544359868770fb2d8cc2597f49695f1cc674ce1a | |
| parent | 0b5459c178b8fdbda36b2fd2c5362b06303b2b6d (diff) | |
| parent | 9923ead009d89666234f8affdd560990c0e4e52d (diff) | |
Merge "Ensure access to Redis is password protected"
| -rw-r--r-- | overcloud.yaml | 5 | ||||
| -rw-r--r-- | puppet/controller.yaml | 11 |
2 files changed, 15 insertions, 1 deletions
diff --git a/overcloud.yaml b/overcloud.yaml index 0feeca9e..0e986dab 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -307,6 +307,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + description: The password for Redis + type: string + hidden: true SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -988,6 +992,7 @@ resources: RabbitClientPort: {get_param: RabbitClientPort} RabbitFDLimit: {get_param: RabbitFDLimit} RabbitIPv6: {get_param: RabbitIPv6} + RedisPassword: {get_param: RedisPassword} SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 9e9a7644..a873ce8a 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -621,6 +621,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -1149,7 +1153,8 @@ resources: - '' - - 'redis://' - {get_param: RedisVirtualIPUri} - - ':6379' + - ':6379/?password=' + - {get_param: RedisPassword} ceilometer_dsn: list_join: - '' @@ -1242,6 +1247,7 @@ resources: horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1613,6 +1619,9 @@ resources: rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} |