metadata: allow to configure insecure SSL
Add nova_metadata_insecure option, to allow deployments without valid SSL certificates. It should not be set to True in production. Disabled by default. Change-Id: I1688eae1369f6da2c7084dc3864d19708d15c78d
This commit is contained in:
parent
fe87852692
commit
afa1634d7f
@ -54,6 +54,10 @@
|
|||||||
# Set to 0 will cause cache entries to never expire.
|
# Set to 0 will cause cache entries to never expire.
|
||||||
# Set to $::os_service_default or false to disable cache.
|
# Set to $::os_service_default or false to disable cache.
|
||||||
#
|
#
|
||||||
|
# [*metadata_insecure*]
|
||||||
|
# (optional) Allow to perform insecure SSL (https) requests to nova metadata.
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
# [*purge_config*]
|
# [*purge_config*]
|
||||||
# (optional) Whether to set only the specified config options
|
# (optional) Whether to set only the specified config options
|
||||||
# in the metadata config.
|
# in the metadata config.
|
||||||
@ -73,6 +77,7 @@ class neutron::agents::metadata (
|
|||||||
$metadata_workers = $::os_workers,
|
$metadata_workers = $::os_workers,
|
||||||
$metadata_backlog = $::os_service_default,
|
$metadata_backlog = $::os_service_default,
|
||||||
$metadata_memory_cache_ttl = $::os_service_default,
|
$metadata_memory_cache_ttl = $::os_service_default,
|
||||||
|
$metadata_insecure = $::os_service_default,
|
||||||
$nova_client_cert = $::os_service_default,
|
$nova_client_cert = $::os_service_default,
|
||||||
$nova_client_priv_key = $::os_service_default,
|
$nova_client_priv_key = $::os_service_default,
|
||||||
$purge_config = false,
|
$purge_config = false,
|
||||||
@ -91,6 +96,7 @@ class neutron::agents::metadata (
|
|||||||
'DEFAULT/nova_metadata_ip': value => $metadata_ip;
|
'DEFAULT/nova_metadata_ip': value => $metadata_ip;
|
||||||
'DEFAULT/nova_metadata_port': value => $metadata_port;
|
'DEFAULT/nova_metadata_port': value => $metadata_port;
|
||||||
'DEFAULT/nova_metadata_protocol': value => $metadata_protocol;
|
'DEFAULT/nova_metadata_protocol': value => $metadata_protocol;
|
||||||
|
'DEFAULT/nova_metadata_insecure': value => $metadata_insecure;
|
||||||
'DEFAULT/metadata_proxy_shared_secret': value => $shared_secret;
|
'DEFAULT/metadata_proxy_shared_secret': value => $shared_secret;
|
||||||
'DEFAULT/metadata_workers': value => $metadata_workers;
|
'DEFAULT/metadata_workers': value => $metadata_workers;
|
||||||
'DEFAULT/metadata_backlog': value => $metadata_backlog;
|
'DEFAULT/metadata_backlog': value => $metadata_backlog;
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Add nova_metadata_insecure option, to allow deployments without valid
|
||||||
|
SSL certificates.
|
@ -61,6 +61,7 @@ describe 'neutron::agents::metadata' do
|
|||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_metadata_protocol').with(:value => '<SERVICE DEFAULT>')
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_metadata_protocol').with(:value => '<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/metadata_workers').with(:value => facts[:os_workers])
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/metadata_workers').with(:value => facts[:os_workers])
|
||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/metadata_backlog').with(:value => '<SERVICE DEFAULT>')
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/metadata_backlog').with(:value => '<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_metadata_insecure').with(:value => '<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/metadata_proxy_shared_secret').with(:value => params[:shared_secret])
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/metadata_proxy_shared_secret').with(:value => params[:shared_secret])
|
||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/cache_url').with(:ensure => 'absent')
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/cache_url').with(:ensure => 'absent')
|
||||||
end
|
end
|
||||||
@ -72,6 +73,7 @@ describe 'neutron::agents::metadata' do
|
|||||||
:shared_secret => '42',
|
:shared_secret => '42',
|
||||||
:nova_client_cert => '/nova/cert',
|
:nova_client_cert => '/nova/cert',
|
||||||
:nova_client_priv_key => '/nova/key',
|
:nova_client_priv_key => '/nova/key',
|
||||||
|
:metadata_insecure => true,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -79,6 +81,7 @@ describe 'neutron::agents::metadata' do
|
|||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/auth_ca_cert').with_value('/some/cert')
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/auth_ca_cert').with_value('/some/cert')
|
||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_client_cert').with_value('/nova/cert')
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_client_cert').with_value('/nova/cert')
|
||||||
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_client_priv_key').with_value('/nova/key')
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_client_priv_key').with_value('/nova/key')
|
||||||
|
is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_metadata_insecure').with_value(true)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user