summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2016-03-15 15:28:30 +0000
committerGerrit Code Review <review@openstack.org>2016-03-15 15:28:30 +0000
commit55fdec283916e4c133952a4ebfca1f548574cdc3 (patch)
tree544359868770fb2d8cc2597f49695f1cc674ce1a /puppet
parent0b5459c178b8fdbda36b2fd2c5362b06303b2b6d (diff)
parent9923ead009d89666234f8affdd560990c0e4e52d (diff)
Merge "Ensure access to Redis is password protected"
Diffstat (limited to 'puppet')
-rw-r--r--puppet/controller.yaml11
1 files changed, 10 insertions, 1 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 9e9a7644..a873ce8a 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -621,6 +621,10 @@ parameters:
default: false
description: Enable IPv6 in RabbitMQ
type: boolean
+ RedisPassword:
+ type: string
+ description: The password to access the Redis service
+ hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -1149,7 +1153,8 @@ resources:
- ''
- - 'redis://'
- {get_param: RedisVirtualIPUri}
- - ':6379'
+ - ':6379/?password='
+ - {get_param: RedisPassword}
ceilometer_dsn:
list_join:
- ''
@@ -1242,6 +1247,7 @@ resources:
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+ redis_password: {get_param: RedisPassword}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
@@ -1613,6 +1619,9 @@ resources:
rabbit_ipv6: {get_input: rabbit_ipv6}
# Redis
redis::bind: {get_input: redis_network}
+ redis::requirepass: {get_input: redis_password}
+ redis::masterauth: {get_input: redis_password}
+ redis::sentinel_auth_pass: {get_input: redis_password}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}