openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
c3aa3c3623
openstack-ansible-os_keystone/tests/os_keystone-overrides.yml
Andrew Bonney dfa253d72c Adjust default configuration to support TLS v1.3 
This adds a new variable to manage TLS v1.3 cipher suites.

The old variable for TLS v1.2 and below ciphers is renamed for
consistency, but is still supported as a default where overridden
by deployments.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823943
Change-Id: If857ec3e2e3728f6bea9740ff43dcb2df45429d2
2022-01-10 13:49:45 +00:00

61 lines
2.2 KiB
YAML
Raw Blame History

---
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
tempest_run: yes
tempest_plugins:
- name: keystone-tempest-plugin
repo: https://opendev.org/openstack/keystone-tempest-plugin
branch: master
tempest_test_whitelist:
- keystone_tempest_plugin.tests.api.identity*
external_lb_vip_address: 10.1.0.1
internal_lb_vip_address: 10.1.0.1
test_keystone_host: "{{ external_lb_vip_address }}"
# For upgrades we need haproxy variables
haproxy_default_services:
- service:
haproxy_service_name: galera
haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
haproxy_port: 3306
haproxy_balance_type: tcp
haproxy_timeout_client: 5000s
haproxy_timeout_server: 5000s
haproxy_backend_options:
- "mysql-check user {{ galera_monitoring_user }}"
haproxy_whitelist_networks:
- 192.168.0.0/16
- 172.16.0.0/12
- 10.0.0.0/8
- service:
haproxy_service_name: keystone_service
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
haproxy_port: 5000
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: "http"
haproxy_backend_options:
- "httpchk HEAD /"
ssl_cipher_suite_tls12: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
ssl_cipher_suite_tls13: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
haproxy_ssl: false
View Git Blame Copy Permalink