RETIRED, Lightweight composition layer for Puppet TripleO

Go to file

Damien Ciabrini 32cce5f150 Fix Redis TLS setup, including replication traffic This patch reverts the revert of Redis TLS [1], and fixes the encryption of Redis replication traffic for HA deployments. In order to encrypt replication traffic, Redis is configured to drive outgoing replication traffic to a stunnel endpoint on <localhost:port_xxx>. Stunnel then manages the encryption up to the peer Redis master. Likewise, slave Redis nodes advertise themselves as coming from <localhost:port_yyy> in order to let the Master initiate connection the Slave over its own stunnel endpoint, should it needs to. Each redis node is assigned a unique replication port, and has dedicated stunnels to each one of its peer. This port mapping info is used by the redis resource agent to manage A/P failover. The regular Redis port is unchanged, so Redis clients (OpenStack services, HAproxy, CLI, firewall) are not impacted by this change. Only SELinux needs to be adapted. [1] I37501c4c983c87e3a38841272eb176ebbe626a65 Change-Id: I6cc818973fab25b4cd6f7a0d040aaa05a35c5bb1 Related-bug: #1737707		2018-02-09 09:18:19 +00:00
files	Add manifests to install and configure stunnel	2017-08-25 10:11:08 +00:00
lib	hw ovs offload - On some machines representor ports not created after reboot	2018-01-29 11:32:24 +00:00
manifests	Fix Redis TLS setup, including replication traffic	2018-02-09 09:18:19 +00:00
releasenotes	Merge "Adds missing Neutron TLS certificate/key generation"	2018-02-08 07:49:14 +00:00
spec	Merge "Add incoming storage driver param"	2018-02-08 21:38:08 +00:00
templates	hw ovs offload - On some machines representor ports not created after reboot	2018-01-29 11:32:24 +00:00
zuul.d	Zuul: Remove project name	2018-01-31 16:51:36 -08:00
.gitignore	Update gitignore not to exclude fixture hieradata	2017-05-17 14:45:35 -06:00
.gitreview	Update .gitreview file for project rename	2015-06-12 23:12:30 +00:00
.sync.yml	Initial msync run for all Puppet OpenStack modules	2015-08-18 14:30:54 +02:00
Gemfile	Update tox configuration	2017-05-17 17:04:02 +00:00
LICENSE	Add basic structure for a Puppet module	2015-02-02 11:39:21 -05:00
Puppetfile_extras	Merge "Add PTP service"	2017-12-23 01:24:12 +00:00
README.md	Update the doc link	2017-12-16 02:49:05 +00:00
Rakefile	Composable HA	2017-01-25 19:32:31 +00:00
bindep.txt	Add Puppet package to bindep, for module build	2017-10-27 13:50:15 -07:00
metadata.json	Prepare Queens milestone 3	2018-01-16 16:43:25 -08:00
setup.cfg	Fixes license to explicitly be Apache 2.0	2017-10-09 11:06:29 -04:00
setup.py	chmod +x setup.py	2017-10-06 12:28:56 -07:00
test-requirements.txt	Remove pinned versions from test-requirements.txt	2018-01-16 12:29:50 +08:00
tox.ini	Add environment variable	2017-06-12 16:06:48 +08:00

README.md

Team and repository tags

puppet-tripleo

Lightweight composition layer for Puppet TripleO.

Contributing

Free software: Apache License (2.0)
Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
Documentation:
- TripleO: https://docs.openstack.org/tripleo-docs/latest/
- Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html