Merge "Workaround for cinder A/A and etcd with TLS-everywhere" into stable/train
This commit is contained in:
commit
8c952ec0a3
|
@ -46,9 +46,18 @@ parameters:
|
||||||
EnableInternalTLS:
|
EnableInternalTLS:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
|
EnableEtcdInternalTLS:
|
||||||
|
description: Controls whether etcd and the cinder-volume service use TLS
|
||||||
|
for cinder's lock manager, even when the rest of the internal
|
||||||
|
API network is using TLS.
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
internal_tls_enabled:
|
||||||
|
and:
|
||||||
|
- {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
- {equals: [{get_param: EnableEtcdInternalTLS}, true]}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
|
@ -103,7 +112,10 @@ outputs:
|
||||||
template: "etcd/%{hiera('fqdn_NETWORK')}"
|
template: "etcd/%{hiera('fqdn_NETWORK')}"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
||||||
- {}
|
-
|
||||||
|
# Ensure etcd and cinder-volume aren't configured to use TLS
|
||||||
|
tripleo::profile::base::etcd::enable_internal_tls: false
|
||||||
|
tripleo::profile::base::cinder::volume::enable_internal_tls: false
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: etcd
|
config_volume: etcd
|
||||||
|
|
Loading…
Reference in New Issue