diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-01-04 16:43:34 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-01-04 16:43:34 +0000 |
| commit | 0bfe7c9279f407c525527103a79e5002adfdc01b (patch) | |
| tree | f075d9b5f9e3bf0d0321d6c96d0d9fd08b74d06c /puppet | |
| parent | d43d7579269a60e89eae0e23b6fecd7452265c6d (diff) | |
| parent | 56ebc7e58d117743363c4a251395d710bf511a2c (diff) | |
Merge "DB connection: prevent src address from binding to a VIP"
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/aodh-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/barbican-api.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/ceilometer-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/cinder-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/database/mysql.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/glance-api.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/glance-registry.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/gnocchi-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/heat-engine.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/ironic-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/keystone.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/manila-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/mistral-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/neutron-api.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/neutron-plugin-plumgrid.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/nova-base.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/panko-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/sahara-base.yaml | 2 |
18 files changed, 38 insertions, 0 deletions
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index e2b4d78c..8648a971 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -69,6 +69,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index b0ef6f7c..000a744c 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -105,6 +105,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" tripleo.barbican_api.firewall_rules: '117 barbican': dport: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 69c2fb70..0528368e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -101,6 +101,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 928d2425..be4b4af2 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -60,6 +60,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index c62c628d..5eefe6bd 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -90,6 +90,8 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client_bind_address: + {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql upgrade_tasks: diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 7b220776..36df724b 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -75,6 +75,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 43ebd518..1f7e6e3d 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -76,6 +76,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" glance::registry::authtoken::password: {get_param: GlancePassword} glance::registry::authtoken::project_name: 'service' glance::registry::pipeline: 'keystone' diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index be80774d..d92b1766 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -67,6 +67,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 12c131b9..1cf833d7 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -82,6 +82,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 28c5f161..ad7ef6ea 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -60,6 +60,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 48e81e74..f69e20b4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -148,6 +148,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 90ff0667..2a9745a2 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -67,6 +67,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index b4d20ce9..e678b14f 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -65,6 +65,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index c3552534..fa10cd94 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -112,6 +112,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index b7fe0a15..bd078074 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -100,6 +100,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 850a1bdc..bf8e46be 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -90,6 +90,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::api_database_connection: list_join: - '' @@ -99,6 +101,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 68283137..6e25d796 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -46,6 +46,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 90e2af67..b4307053 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -64,6 +64,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} |