Merge "Redis: Share the same base class"
This commit is contained in:
commit
13fe297288
|
@ -43,6 +43,16 @@
|
|||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*pacemaker_managed*]
|
||||
# (Optional) Whether the redis service is managed by Pacemaker
|
||||
# Defaults to false
|
||||
#
|
||||
# [*tls_tunnel_local_name*]
|
||||
# (Optional) When TLS proxy is in use, name of the localhost to forward
|
||||
# unencryption Redis traffic to.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to 'localhost'
|
||||
#
|
||||
# [*tls_proxy_bind_ip*]
|
||||
# IP on which the TLS proxy will listen on. Required only if
|
||||
# enable_internal_tls is set.
|
||||
|
@ -59,15 +69,25 @@
|
|||
# defaults to 6379
|
||||
#
|
||||
class tripleo::profile::base::database::redis (
|
||||
$certificate_specs = lookup('redis_certificate_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$redis_network = lookup('redis_network', undef, undef, undef),
|
||||
$step = Integer(lookup('step')),
|
||||
$tls_proxy_bind_ip = undef,
|
||||
$tls_proxy_fqdn = undef,
|
||||
$tls_proxy_port = 6379,
|
||||
$certificate_specs = lookup('redis_certificate_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$redis_network = lookup('redis_network', undef, undef, undef),
|
||||
$step = Integer(lookup('step')),
|
||||
$pacemaker_managed = false,
|
||||
$tls_tunnel_local_name = 'localhost',
|
||||
$tls_proxy_bind_ip = undef,
|
||||
$tls_proxy_fqdn = undef,
|
||||
$tls_proxy_port = 6379,
|
||||
) {
|
||||
if $step >= 2 {
|
||||
|
||||
# When Redis is managed by pacemaker then the configuration is generated
|
||||
# before cluster is being set up.
|
||||
if $pacemaker_managed {
|
||||
$redis_step = 1
|
||||
} else {
|
||||
$redis_step = 2
|
||||
}
|
||||
if $step >= $redis_step {
|
||||
if $enable_internal_tls {
|
||||
if !$redis_network {
|
||||
fail('redis_network is not set in the hieradata.')
|
||||
|
@ -86,12 +106,14 @@ class tripleo::profile::base::database::redis (
|
|||
tripleo::stunnel::service_proxy { 'redis':
|
||||
accept_host => $tls_proxy_bind_ip,
|
||||
accept_port => $tls_proxy_port,
|
||||
connect_host => $tls_tunnel_local_name,
|
||||
connect_port => $tls_proxy_port,
|
||||
certificate => $tls_certfile,
|
||||
key => $tls_keyfile,
|
||||
notify => Class['redis'],
|
||||
}
|
||||
}
|
||||
|
||||
include redis
|
||||
}
|
||||
}
|
||||
|
|
|
@ -148,44 +148,27 @@ class tripleo::profile::pacemaker::database::redis_bundle (
|
|||
} else {
|
||||
$log_file_real = ''
|
||||
}
|
||||
if $enable_internal_tls {
|
||||
if !$redis_network {
|
||||
fail('redis_network is not set in the hieradata.')
|
||||
}
|
||||
if !$tls_proxy_bind_ip {
|
||||
fail('tls_proxy_bind_ip is not set in the hieradata.')
|
||||
}
|
||||
if !$tls_proxy_fqdn {
|
||||
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
|
||||
}
|
||||
|
||||
$redis_node_names = hiera('redis_short_node_names', [$::hostname])
|
||||
$redis_node_ips = hiera('redis_node_ips', [$tls_proxy_bind_ip])
|
||||
|
||||
# keep a mapping of [node name, node ip, replication port]
|
||||
$replication_tuples = zip($redis_node_names, $redis_node_ips).map |$index, $pair| {
|
||||
$pair.concat($tls_tunnel_base_port+$index)
|
||||
}
|
||||
} else {
|
||||
$replication_tuples = []
|
||||
class { 'tripleo::profile::base::database::redis':
|
||||
pacemaker_managed => true,
|
||||
tls_tunnel_local_name => $tls_tunnel_local_name,
|
||||
tls_proxy_bind_ip => $tls_proxy_bind_ip,
|
||||
tls_proxy_fqdn => $tls_proxy_fqdn,
|
||||
tls_proxy_port => $tls_proxy_port,
|
||||
}
|
||||
|
||||
if $step >= 1 {
|
||||
if $enable_internal_tls {
|
||||
# certificate_specs is validated by the base redis class
|
||||
$tls_certfile = $certificate_specs['service_certificate']
|
||||
$tls_keyfile = $certificate_specs['service_key']
|
||||
|
||||
include tripleo::stunnel
|
||||
$redis_node_names = hiera('redis_short_node_names', [$::hostname])
|
||||
$redis_node_ips = hiera('redis_node_ips', [$tls_proxy_bind_ip])
|
||||
|
||||
# encrypted endpoint for incoming redis service
|
||||
tripleo::stunnel::service_proxy { 'redis':
|
||||
accept_host => $tls_proxy_bind_ip,
|
||||
accept_port => $tls_proxy_port,
|
||||
connect_host => $tls_tunnel_local_name,
|
||||
connect_port => $tls_proxy_port,
|
||||
certificate => $tls_certfile,
|
||||
key => $tls_keyfile,
|
||||
notify => Class['redis'],
|
||||
# keep a mapping of [node name, node ip, replication port]
|
||||
$replication_tuples = zip($redis_node_names, $redis_node_ips).map |$index, $pair| {
|
||||
$pair.concat($tls_tunnel_base_port+$index)
|
||||
}
|
||||
|
||||
# encrypted endpoints for outgoing redis replication traffic
|
||||
|
@ -228,17 +211,8 @@ slave-announce-ip ${tls_tunnel_local_name}
|
|||
slave-announce-port ${local_tuple[0][2]}
|
||||
",
|
||||
}
|
||||
}
|
||||
# If the old hiera key exists we use that to set the ulimit in order not to break
|
||||
# operators which set it. We might remove this in a later release (post pike anyway)
|
||||
$old_redis_file_limit = hiera('redis_file_limit', undef)
|
||||
if $old_redis_file_limit != undef {
|
||||
warning('redis_file_limit parameter is deprecated, use redis::ulimit in hiera.')
|
||||
class { 'redis':
|
||||
ulimit => $old_redis_file_limit,
|
||||
}
|
||||
} else {
|
||||
include redis
|
||||
$replication_tuples = []
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue