Merge "Workaround for cinder A/A and etcd with TLS-everywhere" into stable/train
This commit is contained in:
commit
8c952ec0a3
|
@ -46,9 +46,18 @@ parameters:
|
|||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
EnableEtcdInternalTLS:
|
||||
description: Controls whether etcd and the cinder-volume service use TLS
|
||||
for cinder's lock manager, even when the rest of the internal
|
||||
API network is using TLS.
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
internal_tls_enabled:
|
||||
and:
|
||||
- {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
- {equals: [{get_param: EnableEtcdInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -103,7 +112,10 @@ outputs:
|
|||
template: "etcd/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||
- {}
|
||||
-
|
||||
# Ensure etcd and cinder-volume aren't configured to use TLS
|
||||
tripleo::profile::base::etcd::enable_internal_tls: false
|
||||
tripleo::profile::base::cinder::volume::enable_internal_tls: false
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: etcd
|
||||
|
|
Loading…
Reference in New Issue