Add authtoken security options
Add ability to specify the memcache_security_strategy and memcache_secret_key for keystone authtoken middleware. The keys for individual services are hashed with a salt, to isolate them. Change-Id: I8d558cac3c23c3c0708e7e00d7bb83ac91795bb7
This commit is contained in:
parent
bd491f47fc
commit
59b54b6f46
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::aodh::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::aodh::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+aodh")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'aodh::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', [])
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::barbican::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::barbican::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+barbican")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'barbican::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::cinder::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::cinder::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+cinder")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'cinder::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::designate::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::designate::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+designate")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'designate::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::glance::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::glance::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+glance")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'glance::api::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::gnocchi::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::gnocchi::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+gnocchi")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'gnocchi::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::heat::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::heat::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+heat")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'heat::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::ironic::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::ironic::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+ironic")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'ironic::api::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::ironic_inspector::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::ironic_inspector::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+ironic_inspector")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'ironic::inspector::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::manila::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::manila::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+manila")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'manila::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::mistral::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::mistral::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+mistral")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'mistral::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::neutron::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::neutron::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+neutron")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'neutron::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::nova::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::nova::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+nova")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'nova::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::novajoin::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::novajoin::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+novajoin")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'nova::metadata::novajoin::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::octavia::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::octavia::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+octavia")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'octavia::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::placement::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::placement::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+placement")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'placement::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,10 +29,21 @@
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to hiera('memcached_authtoken_port', 11211)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
||||
#
|
||||
class tripleo::profile::base::zaqar::authtoken (
|
||||
$step = Integer(hiera('step')),
|
||||
$memcached_ips = hiera('memcached_node_ips', []),
|
||||
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
||||
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
||||
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
@ -42,8 +53,16 @@ class tripleo::profile::base::zaqar::authtoken (
|
||||
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+zaqar")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'zaqar::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Add ability to specify the memcache_security_strategy and
|
||||
memcache_secret_key for keystone authtoken middleware. The keys
|
||||
used by individual services are hashed with a salt (the service
|
||||
name), to isolate them.
|
Loading…
x
Reference in New Issue
Block a user