Add TLS options for oslo.cache

This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Depends-on: https://review.opendev.org/774120
Change-Id: I66df247543f28b4343c15f4e151231c0e100d00a
(cherry picked from commit 44fc5d25c1)
This commit is contained in:
Grzegorz Grasza 2020-12-02 11:34:36 +01:00
parent d502884411
commit 701e6ce749
3 changed files with 54 additions and 0 deletions

View File

@ -129,6 +129,39 @@
# (Optional) A list of memcached server(s) to use for caching. (list value) # (Optional) A list of memcached server(s) to use for caching. (list value)
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*cache_tls_enabled*]
# (Optional) Global toggle for TLS usage when comunicating with
# the caching servers.
# Default to $::os_service_default
#
# [*cache_tls_cafile*]
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*cache_tls_certfile*]
# (Optional) Path to a single file in PEM format containing the
# client's certificate as well as any number of CA certificates
# needed to establish the certificate's authenticity. This file
# is only required when client side authentication is necessary.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*cache_tls_keyfile*]
# (Optional) Path to a single file containing the client's private
# key in. Otherwhise the private key will be taken from the file
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# Default to $::os_service_default
#
# [*cache_tls_allowed_ciphers*]
# (Optional) Set the available ciphers for sockets created with
# the TLS context. It should be a string in the OpenSSL cipher
# list format. If not specified, all OpenSSL enabled ciphers will
# be available.
# Default to $::os_service_default
#
# [*manage_backend_package*] # [*manage_backend_package*]
# (Optional) If we should install the cache backend package. # (Optional) If we should install the cache backend package.
# Defaults to true # Defaults to true
@ -249,6 +282,11 @@ class ceilometer(
$kombu_compression = $::os_service_default, $kombu_compression = $::os_service_default,
$cache_backend = $::os_service_default, $cache_backend = $::os_service_default,
$memcache_servers = $::os_service_default, $memcache_servers = $::os_service_default,
$cache_tls_enabled = $::os_service_default,
$cache_tls_cafile = $::os_service_default,
$cache_tls_certfile = $::os_service_default,
$cache_tls_keyfile = $::os_service_default,
$cache_tls_allowed_ciphers = $::os_service_default,
$manage_backend_package = true, $manage_backend_package = true,
$amqp_server_request_prefix = $::os_service_default, $amqp_server_request_prefix = $::os_service_default,
$amqp_broadcast_prefix = $::os_service_default, $amqp_broadcast_prefix = $::os_service_default,
@ -363,6 +401,11 @@ class ceilometer(
oslo::cache { 'ceilometer_config': oslo::cache { 'ceilometer_config':
backend => $cache_backend, backend => $cache_backend,
memcache_servers => $memcache_servers, memcache_servers => $memcache_servers,
tls_enabled => $cache_tls_enabled,
tls_cafile => $cache_tls_cafile,
tls_certfile => $cache_tls_certfile,
tls_keyfile => $cache_tls_keyfile,
tls_allowed_ciphers => $cache_tls_allowed_ciphers,
manage_backend_package => $manage_backend_package, manage_backend_package => $manage_backend_package,
} }
} }

View File

@ -0,0 +1,4 @@
---
features:
- |
Add TLS options for oslo.cache

View File

@ -125,6 +125,11 @@ describe 'ceilometer' do
is_expected.to contain_oslo__cache('ceilometer_config').with( is_expected.to contain_oslo__cache('ceilometer_config').with(
:backend => '<SERVICE DEFAULT>', :backend => '<SERVICE DEFAULT>',
:memcache_servers => '<SERVICE DEFAULT>', :memcache_servers => '<SERVICE DEFAULT>',
:tls_enabled => '<SERVICE DEFAULT>',
:tls_cafile => '<SERVICE DEFAULT>',
:tls_certfile => '<SERVICE DEFAULT>',
:tls_keyfile => '<SERVICE DEFAULT>',
:tls_allowed_ciphers => '<SERVICE DEFAULT>',
:manage_backend_package => true, :manage_backend_package => true,
) )
end end
@ -155,6 +160,7 @@ describe 'ceilometer' do
params.merge!( params.merge!(
:cache_backend => 'memcache', :cache_backend => 'memcache',
:memcache_servers => 'host1:11211,host2:11211', :memcache_servers => 'host1:11211,host2:11211',
:cache_tls_enabled => true,
:manage_backend_package => false, :manage_backend_package => false,
) )
} }
@ -163,6 +169,7 @@ describe 'ceilometer' do
is_expected.to contain_oslo__cache('ceilometer_config').with( is_expected.to contain_oslo__cache('ceilometer_config').with(
:backend => 'memcache', :backend => 'memcache',
:memcache_servers => 'host1:11211,host2:11211', :memcache_servers => 'host1:11211,host2:11211',
:tls_enabled => true,
:manage_backend_package => false, :manage_backend_package => false,
) )
end end