openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Workaround for cinder A/A and etcd with TLS-everywhere" into stable/train

This commit is contained in:
Zuul 2020-04-09 03:36:18 +00:00 committed by Gerrit Code Review
parent 8de77560bb aeb5bc9b97
commit 8c952ec0a3
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
deployment/etcd/etcd-container-puppet.yaml
View File

@ -46,9 +46,18 @@ parameters:
EnableInternalTLS: EnableInternalTLS:
type: boolean type: boolean
default: false default: false
EnableEtcdInternalTLS:
description: Controls whether etcd and the cinder-volume service use TLS
for cinder's lock manager, even when the rest of the internal
API network is using TLS.
type: boolean
default: false
conditions: conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} internal_tls_enabled:
and:
- {equals: [{get_param: EnableInternalTLS}, true]}
- {equals: [{get_param: EnableEtcdInternalTLS}, true]}
outputs: outputs:
role_data: role_data:
@ -103,7 +112,10 @@ outputs:
template: "etcd/%{hiera('fqdn_NETWORK')}" template: "etcd/%{hiera('fqdn_NETWORK')}"
params: params:
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
- {} -
# Ensure etcd and cinder-volume aren't configured to use TLS
tripleo::profile::base::etcd::enable_internal_tls: false
tripleo::profile::base::cinder::volume::enable_internal_tls: false
# BEGIN DOCKER SETTINGS # BEGIN DOCKER SETTINGS
puppet_config: puppet_config:
config_volume: etcd config_volume: etcd