Add TLS options for oslo.cache
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.
Depends-on: https://review.opendev.org/774120
Change-Id: I66df247543f28b4343c15f4e151231c0e100d00a
(cherry picked from commit 44fc5d25c1
)
This commit is contained in:
parent
d502884411
commit
701e6ce749
|
@ -129,6 +129,39 @@
|
||||||
# (Optional) A list of memcached server(s) to use for caching. (list value)
|
# (Optional) A list of memcached server(s) to use for caching. (list value)
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*cache_tls_enabled*]
|
||||||
|
# (Optional) Global toggle for TLS usage when comunicating with
|
||||||
|
# the caching servers.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*cache_tls_cafile*]
|
||||||
|
# (Optional) Path to a file of concatenated CA certificates in PEM
|
||||||
|
# format necessary to establish the caching server's authenticity.
|
||||||
|
# If tls_enabled is False, this option is ignored.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*cache_tls_certfile*]
|
||||||
|
# (Optional) Path to a single file in PEM format containing the
|
||||||
|
# client's certificate as well as any number of CA certificates
|
||||||
|
# needed to establish the certificate's authenticity. This file
|
||||||
|
# is only required when client side authentication is necessary.
|
||||||
|
# If tls_enabled is False, this option is ignored.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*cache_tls_keyfile*]
|
||||||
|
# (Optional) Path to a single file containing the client's private
|
||||||
|
# key in. Otherwhise the private key will be taken from the file
|
||||||
|
# specified in tls_certfile. If tls_enabled is False, this option
|
||||||
|
# is ignored.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*cache_tls_allowed_ciphers*]
|
||||||
|
# (Optional) Set the available ciphers for sockets created with
|
||||||
|
# the TLS context. It should be a string in the OpenSSL cipher
|
||||||
|
# list format. If not specified, all OpenSSL enabled ciphers will
|
||||||
|
# be available.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
# [*manage_backend_package*]
|
# [*manage_backend_package*]
|
||||||
# (Optional) If we should install the cache backend package.
|
# (Optional) If we should install the cache backend package.
|
||||||
# Defaults to true
|
# Defaults to true
|
||||||
|
@ -249,6 +282,11 @@ class ceilometer(
|
||||||
$kombu_compression = $::os_service_default,
|
$kombu_compression = $::os_service_default,
|
||||||
$cache_backend = $::os_service_default,
|
$cache_backend = $::os_service_default,
|
||||||
$memcache_servers = $::os_service_default,
|
$memcache_servers = $::os_service_default,
|
||||||
|
$cache_tls_enabled = $::os_service_default,
|
||||||
|
$cache_tls_cafile = $::os_service_default,
|
||||||
|
$cache_tls_certfile = $::os_service_default,
|
||||||
|
$cache_tls_keyfile = $::os_service_default,
|
||||||
|
$cache_tls_allowed_ciphers = $::os_service_default,
|
||||||
$manage_backend_package = true,
|
$manage_backend_package = true,
|
||||||
$amqp_server_request_prefix = $::os_service_default,
|
$amqp_server_request_prefix = $::os_service_default,
|
||||||
$amqp_broadcast_prefix = $::os_service_default,
|
$amqp_broadcast_prefix = $::os_service_default,
|
||||||
|
@ -363,6 +401,11 @@ class ceilometer(
|
||||||
oslo::cache { 'ceilometer_config':
|
oslo::cache { 'ceilometer_config':
|
||||||
backend => $cache_backend,
|
backend => $cache_backend,
|
||||||
memcache_servers => $memcache_servers,
|
memcache_servers => $memcache_servers,
|
||||||
|
tls_enabled => $cache_tls_enabled,
|
||||||
|
tls_cafile => $cache_tls_cafile,
|
||||||
|
tls_certfile => $cache_tls_certfile,
|
||||||
|
tls_keyfile => $cache_tls_keyfile,
|
||||||
|
tls_allowed_ciphers => $cache_tls_allowed_ciphers,
|
||||||
manage_backend_package => $manage_backend_package,
|
manage_backend_package => $manage_backend_package,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add TLS options for oslo.cache
|
|
@ -125,6 +125,11 @@ describe 'ceilometer' do
|
||||||
is_expected.to contain_oslo__cache('ceilometer_config').with(
|
is_expected.to contain_oslo__cache('ceilometer_config').with(
|
||||||
:backend => '<SERVICE DEFAULT>',
|
:backend => '<SERVICE DEFAULT>',
|
||||||
:memcache_servers => '<SERVICE DEFAULT>',
|
:memcache_servers => '<SERVICE DEFAULT>',
|
||||||
|
:tls_enabled => '<SERVICE DEFAULT>',
|
||||||
|
:tls_cafile => '<SERVICE DEFAULT>',
|
||||||
|
:tls_certfile => '<SERVICE DEFAULT>',
|
||||||
|
:tls_keyfile => '<SERVICE DEFAULT>',
|
||||||
|
:tls_allowed_ciphers => '<SERVICE DEFAULT>',
|
||||||
:manage_backend_package => true,
|
:manage_backend_package => true,
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
@ -155,6 +160,7 @@ describe 'ceilometer' do
|
||||||
params.merge!(
|
params.merge!(
|
||||||
:cache_backend => 'memcache',
|
:cache_backend => 'memcache',
|
||||||
:memcache_servers => 'host1:11211,host2:11211',
|
:memcache_servers => 'host1:11211,host2:11211',
|
||||||
|
:cache_tls_enabled => true,
|
||||||
:manage_backend_package => false,
|
:manage_backend_package => false,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -163,6 +169,7 @@ describe 'ceilometer' do
|
||||||
is_expected.to contain_oslo__cache('ceilometer_config').with(
|
is_expected.to contain_oslo__cache('ceilometer_config').with(
|
||||||
:backend => 'memcache',
|
:backend => 'memcache',
|
||||||
:memcache_servers => 'host1:11211,host2:11211',
|
:memcache_servers => 'host1:11211,host2:11211',
|
||||||
|
:tls_enabled => true,
|
||||||
:manage_backend_package => false,
|
:manage_backend_package => false,
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue