09d7754a5f
When Memcached uses IPv6 network, the memcache_servers parameter should be formatted as is described in the following example. inet6:[<host>]:<port> This change ensures the proper format is applied even when hostnames are used to define servers. Also, this change fixes the timing to apply any2array. The function should be applied before we check the first memcache server by [0], otherwise the logic to detect IPv6 address does not work as intended. Backport note to wallaby: This change covers novajoin which was already removed in master. Backport note to victoria: - Resolved the conflicts caused by [1] - Mistral and Zaqar are additionally covered by this backport - Fixed wrongly named spec file for zaqar::authtoken [1]34d78c5827Conflicts: manifests/profile/base/aodh/authtoken.pp manifests/profile/base/barbican/authtoken.pp manifests/profile/base/cinder/authtoken.pp manifests/profile/base/designate/authtoken.pp manifests/profile/base/glance/authtoken.pp manifests/profile/base/gnocchi/authtoken.pp manifests/profile/base/heat/authtoken.pp manifests/profile/base/ironic/authtoken.pp manifests/profile/base/ironic_inspector/authtoken.pp manifests/profile/base/manila/authtoken.pp manifests/profile/base/neutron/authtoken.pp manifests/profile/base/nova/authtoken.pp manifests/profile/base/novajoin/authtoken.pp manifests/profile/base/octavia/authtoken.pp manifests/profile/base/placement/authtoken.pp Backport note to ussuri: Resolved conflict caused by missing spec file for the zaqar authtoken class. The file was added during Victoria cycle. Conflicts: spec/classes/tripleo_profile_base_zaqar_authtoken_spec.rb Backport note to train: Resolved conflict caused by mistral/novajoin/zaqar manifest which were excluded when the previous change[2] was backported to stable/train for unknown reason. Also, this backport covers Panko, which is no longer supported in ussuri and later. [2] https://review.opendev.org/c/openstack/puppet-tripleo/+/803205 Conflicts: manifests/profile/base/mistral/authtoken.pp manifests/profile/base/novajoin/authtoken.pp manifests/profile/base/zaqar/authtoken.pp spec/classes/tripleo_profile_base_mistral_authtoken_spec.rb spec/classes/tripleo_profile_base_novajoin_authtoken_spec.rb spec/classes/tripleo_profile_base_panko_authtoken_spec.rb Partial-Bug: #1964824 Depends-on: https://review.opendev.org/834597 Change-Id: I18537ab819996cfb0f2705d8c49666d4b9bfff22 (cherry picked from commit1e63b4c5f5) (cherry picked from commitc868cbde88) (cherry picked from commit90f8544576) (cherry picked from commit564e844c38)
85 lines
2.9 KiB
Puppet
85 lines
2.9 KiB
Puppet
# Copyright 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::cinder::authtoken
|
|
#
|
|
# Cinder authtoken profile for TripleO
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*step*]
|
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
# for more details.
|
|
# Defaults to hiera('step')
|
|
#
|
|
# [*memcached_hosts*]
|
|
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
# Defaults to hiera('memcached_node_names', [])
|
|
#
|
|
# [*memcached_port*]
|
|
# (Optional) Memcached port to use.
|
|
# Defaults to hiera('memcached_authtoken_port', 11211)
|
|
#
|
|
# [*memcached_ipv6*]
|
|
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
# Defauls to hiera('memcached_ipv6', false)
|
|
#
|
|
# [*security_strategy*]
|
|
# (Optional) Memcached (authtoken) security strategy.
|
|
# Defaults to hiera('memcached_authtoken_security_strategy', undef)
|
|
#
|
|
# [*secret_key*]
|
|
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
|
# The key is hashed with a salt, to isolate services.
|
|
# Defaults to hiera('memcached_authtoken_secret_key', undef)
|
|
#
|
|
# DEPRECATED PARAMETERS
|
|
#
|
|
# [*memcached_ips*]
|
|
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
|
# Defaults to undef
|
|
#
|
|
class tripleo::profile::base::cinder::authtoken (
|
|
$step = Integer(hiera('step')),
|
|
$memcached_hosts = hiera('memcached_node_names', []),
|
|
$memcached_port = hiera('memcached_authtoken_port', 11211),
|
|
$memcached_ipv6 = hiera('memcached_ipv6', false),
|
|
$security_strategy = hiera('memcached_authtoken_security_strategy', undef),
|
|
$secret_key = hiera('memcached_authtoken_secret_key', undef),
|
|
# DEPRECATED PARAMETERS
|
|
$memcached_ips = undef
|
|
) {
|
|
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
|
|
|
if $step >= 3 {
|
|
if $memcached_ipv6 or is_ipv6_address($memcached_hosts_real[0]) {
|
|
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
} else {
|
|
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
|
}
|
|
|
|
if $secret_key {
|
|
$hashed_secret_key = sha256("${secret_key}+cinder")
|
|
} else {
|
|
$hashed_secret_key = undef
|
|
}
|
|
|
|
class { '::cinder::keystone::authtoken':
|
|
memcached_servers => $memcache_servers,
|
|
memcache_security_strategy => $security_strategy,
|
|
memcache_secret_key => $hashed_secret_key,
|
|
}
|
|
}
|
|
}
|