5 files changed, 16 insertions, 6 deletions

diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 9e9a7644..a873ce8a 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -621,6 +621,10 @@ parameters:
     default: false
     description: Enable IPv6 in RabbitMQ
     type: boolean
+  RedisPassword:
+    type: string
+    description: The password to access the Redis service
+    hidden: true
   RedisVirtualIP:
     type: string
     default: ''  # Has to be here because of the ignored empty value bug
@@ -1149,7 +1153,8 @@ resources:
             - ''
             - - 'redis://'
               - {get_param: RedisVirtualIPUri}
-              - ':6379'
+              - ':6379/?password='
+              - {get_param: RedisPassword}
         ceilometer_dsn:
           list_join:
             - ''
@@ -1242,6 +1247,7 @@ resources:
         horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
         rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
         redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+        redis_password: {get_param: RedisPassword}
         redis_vip: {get_param: RedisVirtualIP}
         sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
         memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
@@ -1613,6 +1619,9 @@ resources:
                 rabbit_ipv6: {get_input: rabbit_ipv6}
                 # Redis
                 redis::bind: {get_input: redis_network}
+                redis::requirepass: {get_input: redis_password}
+                redis::masterauth: {get_input: redis_password}
+                redis::sentinel_auth_pass: {get_input: redis_password}
                 redis_vip: {get_input: redis_vip}
                 # Firewall
                 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index aab42849..f955034d 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -4,7 +4,7 @@ description: >
   This is a template which will inject the trusted anchor.
 
 parameters:
-  # Can be overriden via parameter_defaults in the environment
+  # Can be overridden via parameter_defaults in the environment
   SSLRootCertificate:
     description: >
       The content of a CA's SSL certificate file in PEM format.
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 20bb3737..77b11378 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -5,7 +5,7 @@ description: >
   for the load balancer using the given parameters.
 
 parameters:
-  # Can be overriden via parameter_defaults in the environment
+  # Can be overridden via parameter_defaults in the environment
   SSLCertificate:
     description: >
       The content of the SSL certificate (without Key) in PEM format.
@@ -21,7 +21,7 @@ parameters:
     type: string
     hidden: true
 
-  # Can be overriden by parameter_defaults if the user wants to try deploying
+  # Can be overridden by parameter_defaults if the user wants to try deploying
   # this in a distro that doesn't support this path.
   DeployedSSLCertificatePath:
     default: '/etc/pki/tls/private/overcloud_endpoint.pem'
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 9e5c556a..5556a40c 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -46,7 +46,7 @@ if hiera('step') >= 2 {
   # MongoDB
   if downcase(hiera('ceilometer_backend')) == 'mongodb' {
     include ::mongodb::globals
-
+    include ::mongodb::client
     include ::mongodb::server
     # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and
     # without the brackets as 'members' argument for the 'mongodb_replset'
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 402a3bc8..db3d8652 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -34,7 +34,7 @@ $enable_load_balancer = hiera('enable_load_balancer', true)
 
 # When to start and enable services which haven't been Pacemakerized
 # FIXME: remove when we start all OpenStack services using Pacemaker
-# (occurences of this variable will be gradually replaced with false)
+# (occurrences of this variable will be gradually replaced with false)
 $non_pcmk_start = hiera('step') >= 4
 
 if hiera('step') >= 1 {
@@ -127,6 +127,7 @@ if hiera('step') >= 1 {
 
   if downcase(hiera('ceilometer_backend')) == 'mongodb' {
     include ::mongodb::globals
+    include ::mongodb::client
     class { '::mongodb::server' :
       service_manage => false,
     }