openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Ensure access to Redis is password protected 

Depends-On: I1a8741b9e00775763911222cbe0af677b59e03a1
Change-Id: I373f97ada4e4101700a12b42dfb8ee4b2ff701f2
(cherry picked from commit 9923ead009)
This commit is contained in:
Giulio Fidente 2015-08-07 13:03:05 +02:00
parent 099f6cd3ee
commit 1bb9f13bb2
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
overcloud.yaml
View File

@ -307,6 +307,10 @@ parameters:
default: false default: false
description: Enable IPv6 in RabbitMQ description: Enable IPv6 in RabbitMQ
type: boolean type: boolean
RedisPassword:
description: The password for Redis
type: string
hidden: true
SnmpdReadonlyUserName: SnmpdReadonlyUserName:
default: ro_snmp_user default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@ -982,6 +986,7 @@ resources:
RabbitClientPort: {get_param: RabbitClientPort} RabbitClientPort: {get_param: RabbitClientPort}
RabbitFDLimit: {get_param: RabbitFDLimit} RabbitFDLimit: {get_param: RabbitFDLimit}
RabbitIPv6: {get_param: RabbitIPv6} RabbitIPv6: {get_param: RabbitIPv6}
RedisPassword: {get_param: RedisPassword}
SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}

11
puppet/controller.yaml
View File

@ -599,6 +599,10 @@ parameters:
default: false default: false
description: Enable IPv6 in RabbitMQ description: Enable IPv6 in RabbitMQ
type: boolean type: boolean
RedisPassword:
type: string
description: The password to access the Redis service
hidden: true
RedisVirtualIP: RedisVirtualIP:
type: string type: string
default: '' # Has to be here because of the ignored empty value bug default: '' # Has to be here because of the ignored empty value bug
@ -1127,7 +1131,8 @@ resources:
- '' - ''
- - 'redis://' - - 'redis://'
- {get_param: RedisVirtualIPUri} - {get_param: RedisVirtualIPUri}
- ':6379' - ':6379/?password='
- {get_param: RedisPassword}
ceilometer_dsn: ceilometer_dsn:
list_join: list_join:
- '' - ''
@ -1202,6 +1207,7 @@ resources:
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_password: {get_param: RedisPassword}
redis_vip: {get_param: RedisVirtualIP} redis_vip: {get_param: RedisVirtualIP}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
@ -1537,6 +1543,9 @@ resources:
rabbit_ipv6: {get_input: rabbit_ipv6} rabbit_ipv6: {get_input: rabbit_ipv6}
# Redis # Redis
redis::bind: {get_input: redis_network} redis::bind: {get_input: redis_network}
redis::requirepass: {get_input: redis_password}
redis::masterauth: {get_input: redis_password}
redis::sentinel_auth_pass: {get_input: redis_password}
redis_vip: {get_input: redis_vip} redis_vip: {get_input: redis_vip}
# Firewall # Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::manage_firewall: {get_input: manage_firewall}