diff options
author | Jenkins <jenkins@review.openstack.org> | 2016-03-15 15:28:30 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2016-03-15 15:28:30 +0000 |
commit | 55fdec283916e4c133952a4ebfca1f548574cdc3 (patch) | |
tree | 544359868770fb2d8cc2597f49695f1cc674ce1a /puppet | |
parent | 0b5459c178b8fdbda36b2fd2c5362b06303b2b6d (diff) | |
parent | 9923ead009d89666234f8affdd560990c0e4e52d (diff) |
Merge "Ensure access to Redis is password protected"
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/controller.yaml | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 9e9a7644..a873ce8a 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -621,6 +621,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -1149,7 +1153,8 @@ resources: - '' - - 'redis://' - {get_param: RedisVirtualIPUri} - - ':6379' + - ':6379/?password=' + - {get_param: RedisPassword} ceilometer_dsn: list_join: - '' @@ -1242,6 +1247,7 @@ resources: horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1613,6 +1619,9 @@ resources: rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} |