Add TLS options to oslo.cache
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.
Train note: Test modifications are not ported to Train, since the
specific test that was modified doesn't exist in Train.
Depends-on: https://review.opendev.org/774120
Change-Id: I835641d402e6cbd6650efd0d7a1fb16fb361350e
(cherry picked from commit 7ae8aa377e
)
This commit is contained in:
parent
8ab3db3862
commit
247cade883
|
@ -120,6 +120,39 @@
|
||||||
# cache_backend, cache_enabled and cache_memcache_servers is set.
|
# cache_backend, cache_enabled and cache_memcache_servers is set.
|
||||||
# Default to $::os_service_default
|
# Default to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*tls_enabled*]
|
||||||
|
# (Optional) Global toggle for TLS usage when comunicating with
|
||||||
|
# the caching servers.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*tls_cafile*]
|
||||||
|
# (Optional) Path to a file of concatenated CA certificates in PEM
|
||||||
|
# format necessary to establish the caching server's authenticity.
|
||||||
|
# If tls_enabled is False, this option is ignored.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*tls_certfile*]
|
||||||
|
# (Optional) Path to a single file in PEM format containing the
|
||||||
|
# client's certificate as well as any number of CA certificates
|
||||||
|
# needed to establish the certificate's authenticity. This file
|
||||||
|
# is only required when client side authentication is necessary.
|
||||||
|
# If tls_enabled is False, this option is ignored.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*tls_keyfile*]
|
||||||
|
# (Optional) Path to a single file containing the client's private
|
||||||
|
# key in. Otherwhise the private key will be taken from the file
|
||||||
|
# specified in tls_certfile. If tls_enabled is False, this option
|
||||||
|
# is ignored.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*tls_allowed_ciphers*]
|
||||||
|
# (Optional) Set the available ciphers for sockets created with
|
||||||
|
# the TLS context. It should be a string in the OpenSSL cipher
|
||||||
|
# list format. If not specified, all OpenSSL enabled ciphers will
|
||||||
|
# be available.
|
||||||
|
# Default to $::os_service_default
|
||||||
|
#
|
||||||
# [*manage_service*]
|
# [*manage_service*]
|
||||||
# (Optional) If Puppet should manage service startup / shutdown.
|
# (Optional) If Puppet should manage service startup / shutdown.
|
||||||
# Defaults to true.
|
# Defaults to true.
|
||||||
|
@ -626,6 +659,11 @@ class keystone(
|
||||||
$cache_expiration_time = $::os_service_default,
|
$cache_expiration_time = $::os_service_default,
|
||||||
$cache_proxies = $::os_service_default,
|
$cache_proxies = $::os_service_default,
|
||||||
$token_caching = $::os_service_default,
|
$token_caching = $::os_service_default,
|
||||||
|
$tls_enabled = $::os_service_default,
|
||||||
|
$tls_cafile = $::os_service_default,
|
||||||
|
$tls_certfile = $::os_service_default,
|
||||||
|
$tls_keyfile = $::os_service_default,
|
||||||
|
$tls_allowed_ciphers = $::os_service_default,
|
||||||
$enabled = true,
|
$enabled = true,
|
||||||
$database_connection = undef,
|
$database_connection = undef,
|
||||||
$database_idle_timeout = undef,
|
$database_idle_timeout = undef,
|
||||||
|
@ -871,6 +909,11 @@ admin_token will be removed in a later release")
|
||||||
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
||||||
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
|
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
|
||||||
manage_backend_package => $manage_backend_package,
|
manage_backend_package => $manage_backend_package,
|
||||||
|
tls_enabled => $tls_enabled,
|
||||||
|
tls_cafile => $tls_cafile,
|
||||||
|
tls_certfile => $tls_certfile,
|
||||||
|
tls_keyfile => $tls_keyfile,
|
||||||
|
tls_allowed_ciphers => $tls_allowed_ciphers,
|
||||||
}
|
}
|
||||||
|
|
||||||
oslo::middleware { 'keystone_config':
|
oslo::middleware { 'keystone_config':
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add TLS options to oslo.cache
|
Loading…
Reference in New Issue