Ensure access to Redis is password protected
Depends-On: I1a8741b9e00775763911222cbe0af677b59e03a1
Change-Id: I373f97ada4e4101700a12b42dfb8ee4b2ff701f2
(cherry picked from commit 9923ead009
)
This commit is contained in:
parent
099f6cd3ee
commit
1bb9f13bb2
@ -307,6 +307,10 @@ parameters:
|
|||||||
default: false
|
default: false
|
||||||
description: Enable IPv6 in RabbitMQ
|
description: Enable IPv6 in RabbitMQ
|
||||||
type: boolean
|
type: boolean
|
||||||
|
RedisPassword:
|
||||||
|
description: The password for Redis
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
SnmpdReadonlyUserName:
|
SnmpdReadonlyUserName:
|
||||||
default: ro_snmp_user
|
default: ro_snmp_user
|
||||||
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
|
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
|
||||||
@ -982,6 +986,7 @@ resources:
|
|||||||
RabbitClientPort: {get_param: RabbitClientPort}
|
RabbitClientPort: {get_param: RabbitClientPort}
|
||||||
RabbitFDLimit: {get_param: RabbitFDLimit}
|
RabbitFDLimit: {get_param: RabbitFDLimit}
|
||||||
RabbitIPv6: {get_param: RabbitIPv6}
|
RabbitIPv6: {get_param: RabbitIPv6}
|
||||||
|
RedisPassword: {get_param: RedisPassword}
|
||||||
SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
|
SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
|
||||||
SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
|
SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
|
||||||
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
|
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
|
||||||
|
@ -599,6 +599,10 @@ parameters:
|
|||||||
default: false
|
default: false
|
||||||
description: Enable IPv6 in RabbitMQ
|
description: Enable IPv6 in RabbitMQ
|
||||||
type: boolean
|
type: boolean
|
||||||
|
RedisPassword:
|
||||||
|
type: string
|
||||||
|
description: The password to access the Redis service
|
||||||
|
hidden: true
|
||||||
RedisVirtualIP:
|
RedisVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: '' # Has to be here because of the ignored empty value bug
|
default: '' # Has to be here because of the ignored empty value bug
|
||||||
@ -1127,7 +1131,8 @@ resources:
|
|||||||
- ''
|
- ''
|
||||||
- - 'redis://'
|
- - 'redis://'
|
||||||
- {get_param: RedisVirtualIPUri}
|
- {get_param: RedisVirtualIPUri}
|
||||||
- ':6379'
|
- ':6379/?password='
|
||||||
|
- {get_param: RedisPassword}
|
||||||
ceilometer_dsn:
|
ceilometer_dsn:
|
||||||
list_join:
|
list_join:
|
||||||
- ''
|
- ''
|
||||||
@ -1202,6 +1207,7 @@ resources:
|
|||||||
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
|
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
|
||||||
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
|
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
|
||||||
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
|
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
|
||||||
|
redis_password: {get_param: RedisPassword}
|
||||||
redis_vip: {get_param: RedisVirtualIP}
|
redis_vip: {get_param: RedisVirtualIP}
|
||||||
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
|
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
|
||||||
mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
|
mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
|
||||||
@ -1537,6 +1543,9 @@ resources:
|
|||||||
rabbit_ipv6: {get_input: rabbit_ipv6}
|
rabbit_ipv6: {get_input: rabbit_ipv6}
|
||||||
# Redis
|
# Redis
|
||||||
redis::bind: {get_input: redis_network}
|
redis::bind: {get_input: redis_network}
|
||||||
|
redis::requirepass: {get_input: redis_password}
|
||||||
|
redis::masterauth: {get_input: redis_password}
|
||||||
|
redis::sentinel_auth_pass: {get_input: redis_password}
|
||||||
redis_vip: {get_input: redis_vip}
|
redis_vip: {get_input: redis_vip}
|
||||||
# Firewall
|
# Firewall
|
||||||
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
|
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
|
||||||
|
Loading…
Reference in New Issue
Block a user