Browse Source

Support TLS deployments with KernelDisableIPv6 enabled

Bind to 127.0.0.1 in case ipv6 is disabled. Set a hiera value
localhost_address, so that it can be used in tls_proxy.pp to
unambiguously connect to those services.

Change-Id: Ide761c21dc87dadc722e27c9b8a7b68194164cb2
Related: rhbz#1703460
(cherry picked from commit d48d1bdb37)
tags/8.4.1
Grzegorz Grasza 2 months ago
parent
commit
e7a51ea1a1

+ 2
- 2
puppet/services/ec2-api.yaml View File

@@ -114,7 +114,7 @@ outputs:
114 114
           ec2api::api::ec2api_listen:
115 115
             if:
116 116
             - use_tls_proxy
117
-            - 'localhost'
117
+            - "%{hiera('localhost_address')}"
118 118
             - str_replace:
119 119
                 template:
120 120
                   "%{hiera('fqdn_$NETWORK')}"
@@ -123,7 +123,7 @@ outputs:
123 123
           ec2api::metadata::metadata_listen:
124 124
             if:
125 125
             - use_tls_proxy
126
-            - 'localhost'
126
+            - "%{hiera('localhost_address')}"
127 127
             - str_replace:
128 128
                 template:
129 129
                   "%{hiera('fqdn_$NETWORK')}"

+ 1
- 1
puppet/services/glance-api.yaml View File

@@ -286,7 +286,7 @@ outputs:
286 286
             glance::api::bind_host:
287 287
               if:
288 288
               - use_tls_proxy
289
-              - 'localhost'
289
+              - "%{hiera('localhost_address')}"
290 290
               - str_replace:
291 291
                   template:
292 292
                     "%{hiera('$NETWORK')}"

+ 8
- 0
puppet/services/kernel.yaml View File

@@ -85,6 +85,9 @@ parameters:
85 85
     tags:
86 86
       - role_specific
87 87
 
88
+conditions:
89
+  ipv6_disabled: {equals: [{get_param: KernelDisableIPv6}, 1]}
90
+
88 91
 resources:
89 92
   # Merging role-specific parameters (RoleParameters) with the default parameters.
90 93
   # RoleParameters will have the precedence over the default parameters.
@@ -108,6 +111,11 @@ outputs:
108 111
     value:
109 112
       service_name: kernel
110 113
       config_settings:
114
+        localhost_address:
115
+          if:
116
+          - ipv6_disabled
117
+          - '127.0.0.1'
118
+          - 'localhost'
111 119
         kernel_modules:
112 120
           map_merge:
113 121
             - nf_conntrack: {}

+ 1
- 1
puppet/services/neutron-api.yaml View File

@@ -199,7 +199,7 @@ outputs:
199 199
             neutron::bind_host:
200 200
               if:
201 201
               - use_tls_proxy
202
-              - 'localhost'
202
+              - "%{hiera('localhost_address')}"
203 203
               - str_replace:
204 204
                   template:
205 205
                     "%{hiera('$NETWORK')}"

+ 1
- 1
puppet/services/swift-proxy.yaml View File

@@ -231,7 +231,7 @@ outputs:
231 231
             swift::proxy::proxy_local_net_ip:
232 232
               if:
233 233
               - use_tls_proxy
234
-              - 'localhost'
234
+              - "%{hiera('localhost_address')}"
235 235
               - str_replace:
236 236
                   template:
237 237
                     "%{hiera('$NETWORK')}"

Loading…
Cancel
Save