openstack/puppet-tripleo
Code Issues Proposed changes
a1da18aed6
puppet-tripleo/manifests
History
Alan Bishop a1da18aed6 Fix etcd's support for internal TLS 
Fixes for etcd's certmonger cert and key generation:
- Do not chown the cert and key files generated on the host. In addition
  to the fact that "etcd" is not a valid user|grep name on the host, an
  ACL must be used to allow other services (such as cinder) to access
  the files. That ACL will be handled at the THT layer.
- New $dnsnames parameter supports adding a list of subject alternative
  name (SAN) to the cert.
- Remove obsolete default $postsave_cmd (see comment in the code), but
  make it a parameter so it can be overridden if necessary.

The cinder-volume service uses etcd when cinder is configured for
active/active mode. When internal TLS is enabled, the backend_url must
include references to etcd's cert and key files.

Partial-Bug: #1869955
Change-Id: Ifa7452ec15b81f48d7e5fb1252f20b5af1dff95c
(cherry picked from commit 63111546cd)
2020-05-11 14:47:49 +00:00
..
certmonger Fix etcd's support for internal TLS 2020-05-11 14:47:49 +00:00
firewall Add 'ipversion' to firewall/rule.pp 2019-09-25 18:36:44 +00:00
haproxy Ensure we set $haproxy_firewall_rules variable 2019-08-08 10:02:48 +02:00
host Use validate_legacy 2019-02-25 22:51:07 +01:00
network Remove Midonet, Cassandra and Zookeeper 2019-08-06 20:48:24 -04:00
pacemaker Allow VIP resource to have customized ops 2018-09-03 06:22:44 +00:00
packages packages: run upgrade at 'setup' stage 2016-10-14 18:17:30 -04:00
profile Fix etcd's support for internal TLS 2020-05-11 14:47:49 +00:00
releasenotes/notes New profile to configure libvirt-guests on compute host 2018-07-13 17:42:24 +02:00
stunnel Force stunnel to use TLSv1.2 2018-04-19 13:31:46 +00:00
config.pp Introduce tripleo::config 2019-06-04 18:07:21 +00:00
fencing.pp Make sure we create stonith resources before stonith levels 2020-03-11 06:26:51 +00:00
firewall.pp Revert "Replace hiera('service_names') by hiera('enabled_services')" 2019-12-11 18:42:10 +00:00
haproxy.pp CephRgw healthcheck aligned with ceph-ansible 2020-05-04 16:06:45 +02:00
init.pp Implement firewalling in tripleo::firewall 2015-07-15 11:58:46 +02:00
keepalived.pp Fix keepalived VIP monitoring script 2019-04-18 11:47:10 -06:00
masquerade_networks.pp Fix Undercloud masquerading firewall rules 2018-10-23 07:24:31 +00:00
noop.pp Add class to set noop on various puppet resources 2015-07-03 17:16:07 -04:00
packages.pp noop package installations inside containers 2019-01-26 11:19:17 +01:00
redis_notification.pp Loadbalancer: Add support for Redis 2015-04-16 21:13:40 +02:00
stunnel.pp Lower the default stunnel log level 2018-05-28 13:40:29 +02:00
tls_proxy.pp Support TLS deployments with KernelDisableIPv6 enabled 2019-07-08 20:59:13 +02:00
trusted_ca.pp Add manifests to inject and trust CA certificates 2016-08-23 14:36:20 +00:00
trusted_cas.pp Add manifests to inject and trust CA certificates 2016-08-23 14:36:20 +00:00