Browse Source

Merge "Workaround for cinder A/A and etcd with TLS-everywhere" into stable/train

changes/40/718640/1
Zuul 3 months ago
committed by Gerrit Code Review
parent
commit
8c952ec0a3
1 changed files with 14 additions and 2 deletions
  1. +14
    -2
      deployment/etcd/etcd-container-puppet.yaml

+ 14
- 2
deployment/etcd/etcd-container-puppet.yaml View File

@@ -46,9 +46,18 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
EnableEtcdInternalTLS:
description: Controls whether etcd and the cinder-volume service use TLS
for cinder's lock manager, even when the rest of the internal
API network is using TLS.
type: boolean
default: false

conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
internal_tls_enabled:
and:
- {equals: [{get_param: EnableInternalTLS}, true]}
- {equals: [{get_param: EnableEtcdInternalTLS}, true]}

outputs:
role_data:
@@ -103,7 +112,10 @@ outputs:
template: "etcd/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
- {}
-
# Ensure etcd and cinder-volume aren't configured to use TLS
tripleo::profile::base::etcd::enable_internal_tls: false
tripleo::profile::base::cinder::volume::enable_internal_tls: false
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: etcd


Loading…
Cancel
Save