diff options
| -rw-r--r-- | capabilities-map.yaml | 4 | ||||
| -rw-r--r-- | network/management.yaml | 2 | ||||
| -rw-r--r-- | network/ports/external_from_pool.yaml | 2 | ||||
| -rw-r--r-- | network/ports/from_service.yaml | 8 | ||||
| -rw-r--r-- | network/ports/internal_api_from_pool.yaml | 2 | ||||
| -rw-r--r-- | network/ports/storage_from_pool.yaml | 2 | ||||
| -rw-r--r-- | network/ports/storage_mgmt_from_pool.yaml | 2 | ||||
| -rw-r--r-- | network/ports/tenant_from_pool.yaml | 2 | ||||
| -rw-r--r-- | overcloud.yaml | 5 | ||||
| -rw-r--r-- | puppet/controller.yaml | 11 | ||||
| -rw-r--r-- | puppet/extraconfig/tls/ca-inject.yaml | 2 | ||||
| -rw-r--r-- | puppet/extraconfig/tls/tls-cert-inject.yaml | 4 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 2 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 3 |
14 files changed, 33 insertions, 18 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index f47eb9ad..c7816b7e 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -5,7 +5,7 @@ # root_template: identifies repository's root template # root_environment: identifies root_environment, this one is special in terms of # order in which the environments are merged before deploying. This one serves as -# a base and it's parameters/resource_registry gets overriden by other environments +# a base and it's parameters/resource_registry gets overridden by other environments # if used. # topics: @@ -21,7 +21,7 @@ # Attributes: # title: (optional) # description: (optional) -# tags: a list of tags to provide aditional information for e.g. filtering (optional) +# tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) # environments: diff --git a/network/management.yaml b/network/management.yaml index 9bfaafa2..1800b57a 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -16,7 +16,7 @@ parameters: type: string ManagementNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ManagementNetEnableDHCP: default: false diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index 98f2aa35..867176e3 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml index 359d77a7..3d61910e 100644 --- a/network/ports/from_service.yaml +++ b/network/ports/from_service.yaml @@ -8,19 +8,19 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: # Here for compatability with ctlplane_vip.yaml + NetworkName: # Here for compatibility with ctlplane_vip.yaml description: Name of the network where the VIP will be created default: ctlplane type: string - PortName: # Here for compatability with ctlplane_vip.yaml + PortName: # Here for compatibility with ctlplane_vip.yaml description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with ctlplane_vip.yaml + ControlPlaneIP: # Here for compatibility with ctlplane_vip.yaml description: IP address on the control plane default: '' type: string - ControlPlaneNetwork: # Here for compatability with ctlplane_vip.yaml + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml description: The name of the undercloud Neutron control plane default: ctlplane type: string diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index c7b04847..d7b67e26 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index dfc9e752..0a3d394c 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index 9c757a6e..c3f0f4e2 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index d5f3156e..d5fd7080 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -12,7 +12,7 @@ parameters: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string diff --git a/overcloud.yaml b/overcloud.yaml index 0feeca9e..0e986dab 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -307,6 +307,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + description: The password for Redis + type: string + hidden: true SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -988,6 +992,7 @@ resources: RabbitClientPort: {get_param: RabbitClientPort} RabbitFDLimit: {get_param: RabbitFDLimit} RabbitIPv6: {get_param: RabbitIPv6} + RedisPassword: {get_param: RedisPassword} SaharaPassword: {get_param: SaharaPassword} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 9e9a7644..a873ce8a 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -621,6 +621,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -1149,7 +1153,8 @@ resources: - '' - - 'redis://' - {get_param: RedisVirtualIPUri} - - ':6379' + - ':6379/?password=' + - {get_param: RedisPassword} ceilometer_dsn: list_join: - '' @@ -1242,6 +1247,7 @@ resources: horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1613,6 +1619,9 @@ resources: rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index aab42849..f955034d 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -4,7 +4,7 @@ description: > This is a template which will inject the trusted anchor. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLRootCertificate: description: > The content of a CA's SSL certificate file in PEM format. diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 20bb3737..77b11378 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -5,7 +5,7 @@ description: > for the load balancer using the given parameters. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLCertificate: description: > The content of the SSL certificate (without Key) in PEM format. @@ -21,7 +21,7 @@ parameters: type: string hidden: true - # Can be overriden by parameter_defaults if the user wants to try deploying + # Can be overridden by parameter_defaults if the user wants to try deploying # this in a distro that doesn't support this path. DeployedSSLCertificatePath: default: '/etc/pki/tls/private/overcloud_endpoint.pem' diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 9e5c556a..5556a40c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -46,7 +46,7 @@ if hiera('step') >= 2 { # MongoDB if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals - + include ::mongodb::client include ::mongodb::server # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and # without the brackets as 'members' argument for the 'mongodb_replset' diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 402a3bc8..db3d8652 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -34,7 +34,7 @@ $enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker -# (occurences of this variable will be gradually replaced with false) +# (occurrences of this variable will be gradually replaced with false) $non_pcmk_start = hiera('step') >= 4 if hiera('step') >= 1 { @@ -127,6 +127,7 @@ if hiera('step') >= 1 { if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals + include ::mongodb::client class { '::mongodb::server' : service_manage => false, } |