Browse Source

Add TLS options to oslo.cache

This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Train note: Test modifications are not ported to Train, since the
specific test that was modified doesn't exist in Train.

Depends-on: https://review.opendev.org/774120
Change-Id: I835641d402e6cbd6650efd0d7a1fb16fb361350e
(cherry picked from commit 7ae8aa377e)
changes/16/775616/1
Grzegorz Grasza 5 months ago
parent
commit
247cade883
2 changed files with 47 additions and 0 deletions
  1. +43
    -0
      manifests/init.pp
  2. +4
    -0
      releasenotes/notes/add_tls_options-8ed38a82af2f378f.yaml

+ 43
- 0
manifests/init.pp View File

@ -120,6 +120,39 @@
# cache_backend, cache_enabled and cache_memcache_servers is set.
# Default to $::os_service_default
#
# [*tls_enabled*]
# (Optional) Global toggle for TLS usage when comunicating with
# the caching servers.
# Default to $::os_service_default
#
# [*tls_cafile*]
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_certfile*]
# (Optional) Path to a single file in PEM format containing the
# client's certificate as well as any number of CA certificates
# needed to establish the certificate's authenticity. This file
# is only required when client side authentication is necessary.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_keyfile*]
# (Optional) Path to a single file containing the client's private
# key in. Otherwhise the private key will be taken from the file
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# Default to $::os_service_default
#
# [*tls_allowed_ciphers*]
# (Optional) Set the available ciphers for sockets created with
# the TLS context. It should be a string in the OpenSSL cipher
# list format. If not specified, all OpenSSL enabled ciphers will
# be available.
# Default to $::os_service_default
#
# [*manage_service*]
# (Optional) If Puppet should manage service startup / shutdown.
# Defaults to true.
@ -626,6 +659,11 @@ class keystone(
$cache_expiration_time = $::os_service_default,
$cache_proxies = $::os_service_default,
$token_caching = $::os_service_default,
$tls_enabled = $::os_service_default,
$tls_cafile = $::os_service_default,
$tls_certfile = $::os_service_default,
$tls_keyfile = $::os_service_default,
$tls_allowed_ciphers = $::os_service_default,
$enabled = true,
$database_connection = undef,
$database_idle_timeout = undef,
@ -871,6 +909,11 @@ admin_token will be removed in a later release")
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
manage_backend_package => $manage_backend_package,
tls_enabled => $tls_enabled,
tls_cafile => $tls_cafile,
tls_certfile => $tls_certfile,
tls_keyfile => $tls_keyfile,
tls_allowed_ciphers => $tls_allowed_ciphers,
}
oslo::middleware { 'keystone_config':


+ 4
- 0
releasenotes/notes/add_tls_options-8ed38a82af2f378f.yaml View File

@ -0,0 +1,4 @@
---
features:
- |
Add TLS options to oslo.cache

Loading…
Cancel
Save