From dc646db94395ce4ad29d430107f6cb19e7a44d31 Mon Sep 17 00:00:00 2001 From: Martin André Date: Wed, 23 Aug 2017 08:53:12 +0200 Subject: TLS proxy for redis Redis does not have TLS out of the box. Let's use a proxy container for TLS termination. bp tls-via-certmonger Co-Authored-By: Juan Antonio Osorio Robles Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9 Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147 (cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc) --- puppet/services/pacemaker/database/redis.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'puppet/services/pacemaker') diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index 66eb4b2a..e466f304 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -53,5 +53,16 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true + tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip: + get_param: [ServiceNetMap, RedisNetwork] + tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::pacemaker::database::redis::tls_proxy_port: 6379 step_config: | include ::tripleo::profile::pacemaker::database::redis + metadata_settings: + get_attr: [RedisBase, role_data, metadata_settings] -- cgit 1.2.3-korg