Browse Source

Merge "Optimize conditions for TLS support"

changes/93/763193/14
Zuul 6 months ago
committed by Gerrit Code Review
parent
commit
d80d8ab57b
  1. 3
      deployment/ceilometer/ceilometer-base-container-puppet.yaml
  2. 4
      deployment/heat/heat-base-puppet.yaml
  3. 8
      deployment/keystone/keystone-container-puppet.yaml
  4. 2
      deployment/memcached/memcached-container-puppet.yaml
  5. 5
      deployment/nova/nova-base-puppet.yaml

3
deployment/ceilometer/ceilometer-base-container-puppet.yaml

@ -99,7 +99,6 @@ parameter_groups:
conditions:
service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']}
ceilometer_qdr_publish: {equals: [{get_param: CeilometerQdrPublish}, true]}
memcached_tls: {equals: [{get_param: MemcachedTLS}, true]}
outputs:
role_data:
@ -129,7 +128,7 @@ outputs:
ceilometer::snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
ceilometer::host: "%{hiera('fqdn_canonical')}"
- if:
- memcached_tls
- {get_param: MemcachedTLS}
- ceilometer::cache_backend: 'dogpile.cache.pymemcache'
ceilometer::cache_tls_enabled: true
- {}

4
deployment/heat/heat-base-puppet.yaml

@ -142,8 +142,8 @@ conditions:
service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
tls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, true]}
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
cors_allowed_origin_unset: {equals : [{get_param: HeatCorsAllowedOrigin}, '']}
outputs:

8
deployment/keystone/keystone-container-puppet.yaml

@ -356,12 +356,12 @@ conditions:
service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
nontls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, false]}
- {get_param: EnableCache}
- not: {get_param: MemcachedTLS}
tls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, true]}
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
# Security compliance

2
deployment/memcached/memcached-container-puppet.yaml

@ -89,7 +89,7 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: MemcachedTLS}, true]}
internal_tls_enabled: {get_param: MemcachedTLS}
# NOTE: A non-tls port is necessary while there are still services
# consuming Memcached that do not support TLS. Once all services
# do support TLS, this config should be dropped.

5
deployment/nova/nova-base-puppet.yaml

@ -255,9 +255,8 @@ conditions:
service_debug_unset: {equals : [{get_param: NovaDebug}, '']}
tls_cache_enabled:
and:
- {equals : [{get_param: EnableCache}, true]}
- {equals : [{get_param: MemcachedTLS}, true]}
cache_disabled: {equals : [{get_param: EnableCache}, false]}
- {get_param: EnableCache}
- {get_param: MemcachedTLS}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
resources:

Loading…
Cancel
Save