diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-09-06 15:03:28 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-09-06 15:03:28 +0000 |
commit | 21be02962dbb03c4df9818f6b4be8f697cc98094 (patch) | |
tree | 745cbeb7b456e15e3fa27ae9482d4900e7c51274 /puppet/services/database/redis.yaml | |
parent | 0fd2fdaa9035d2af09b3eddd88b60c8f1a0e54f6 (diff) | |
parent | dc646db94395ce4ad29d430107f6cb19e7a44d31 (diff) |
Merge "TLS proxy for redis" into stable/pike
Diffstat (limited to 'puppet/services/database/redis.yaml')
-rw-r--r-- | puppet/services/database/redis.yaml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index bdcc4fcd..810e467e 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -30,8 +30,15 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: + RedisBase: type: ./redis-base.yaml properties: @@ -41,6 +48,7 @@ resources: EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -55,8 +63,41 @@ outputs: dport: - 6379 - 26379 + tripleo::profile::base::database::redis::tls_proxy_bind_ip: + get_param: [ServiceNetMap, RedisNetwork] + tripleo::profile::base::database::redis::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::base::database::redis::tls_proxy_port: 6379 + - if: + - use_tls_proxy + - redis_certificate_specs: + service_certificate: '/etc/pki/tls/certs/redis.crt' + service_key: '/etc/pki/tls/private/redis.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + principal: + str_replace: + template: "redis/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + - {} step_config: | include ::tripleo::profile::base::database::redis + metadata_settings: + if: + - use_tls_proxy + - + - service: redis + network: {get_param: [ServiceNetMap, RabbitmqNetwork]} + type: vip + - null upgrade_tasks: - name: Check if redis is deployed command: systemctl is-enabled redis |