Support TLS deployments with KernelDisableIPv6 enabled
Bind to 127.0.0.1 in case ipv6 is disabled. Set a hiera value
localhost_address, so that it can be used in tls_proxy.pp to
unambiguously connect to those services.
Change-Id: Ide761c21dc87dadc722e27c9b8a7b68194164cb2
Related: rhbz#1703460
(cherry picked from commit d48d1bdb37
)
This commit is contained in:
parent
1e87d16eed
commit
e7a51ea1a1
|
@ -114,7 +114,7 @@ outputs:
|
||||||
ec2api::api::ec2api_listen:
|
ec2api::api::ec2api_listen:
|
||||||
if:
|
if:
|
||||||
- use_tls_proxy
|
- use_tls_proxy
|
||||||
- 'localhost'
|
- "%{hiera('localhost_address')}"
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('fqdn_$NETWORK')}"
|
"%{hiera('fqdn_$NETWORK')}"
|
||||||
|
@ -123,7 +123,7 @@ outputs:
|
||||||
ec2api::metadata::metadata_listen:
|
ec2api::metadata::metadata_listen:
|
||||||
if:
|
if:
|
||||||
- use_tls_proxy
|
- use_tls_proxy
|
||||||
- 'localhost'
|
- "%{hiera('localhost_address')}"
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('fqdn_$NETWORK')}"
|
"%{hiera('fqdn_$NETWORK')}"
|
||||||
|
|
|
@ -286,7 +286,7 @@ outputs:
|
||||||
glance::api::bind_host:
|
glance::api::bind_host:
|
||||||
if:
|
if:
|
||||||
- use_tls_proxy
|
- use_tls_proxy
|
||||||
- 'localhost'
|
- "%{hiera('localhost_address')}"
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('$NETWORK')}"
|
"%{hiera('$NETWORK')}"
|
||||||
|
|
|
@ -85,6 +85,9 @@ parameters:
|
||||||
tags:
|
tags:
|
||||||
- role_specific
|
- role_specific
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
ipv6_disabled: {equals: [{get_param: KernelDisableIPv6}, 1]}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
||||||
# RoleParameters will have the precedence over the default parameters.
|
# RoleParameters will have the precedence over the default parameters.
|
||||||
|
@ -108,6 +111,11 @@ outputs:
|
||||||
value:
|
value:
|
||||||
service_name: kernel
|
service_name: kernel
|
||||||
config_settings:
|
config_settings:
|
||||||
|
localhost_address:
|
||||||
|
if:
|
||||||
|
- ipv6_disabled
|
||||||
|
- '127.0.0.1'
|
||||||
|
- 'localhost'
|
||||||
kernel_modules:
|
kernel_modules:
|
||||||
map_merge:
|
map_merge:
|
||||||
- nf_conntrack: {}
|
- nf_conntrack: {}
|
||||||
|
|
|
@ -199,7 +199,7 @@ outputs:
|
||||||
neutron::bind_host:
|
neutron::bind_host:
|
||||||
if:
|
if:
|
||||||
- use_tls_proxy
|
- use_tls_proxy
|
||||||
- 'localhost'
|
- "%{hiera('localhost_address')}"
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('$NETWORK')}"
|
"%{hiera('$NETWORK')}"
|
||||||
|
|
|
@ -231,7 +231,7 @@ outputs:
|
||||||
swift::proxy::proxy_local_net_ip:
|
swift::proxy::proxy_local_net_ip:
|
||||||
if:
|
if:
|
||||||
- use_tls_proxy
|
- use_tls_proxy
|
||||||
- 'localhost'
|
- "%{hiera('localhost_address')}"
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('$NETWORK')}"
|
"%{hiera('$NETWORK')}"
|
||||||
|
|
Loading…
Reference in New Issue