openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Redis replication does not work with TLS"

Browse Source
This commit is contained in:
Zuul 2017-12-01 02:34:14 +00:00 committed by Gerrit Code Review
commit cc0a74d359
1 changed files with 26 additions and 67 deletions

93
docker/services/pacemaker/database/redis.yaml

@ -36,19 +36,9 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../../containers-common.yaml
RedisBase:
type: ../../../../puppet/services/database/redis.yaml
properties:
@ -84,8 +74,6 @@ outputs:
- 3124
- 6379
- 26379
tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes'
logging_source: {get_attr: [RedisBase, role_data, logging_source]}
logging_groups: {get_attr: [RedisBase, role_data, logging_groups]}
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
@ -122,13 +110,6 @@ outputs:
- path: /var/log/redis
owner: redis:redis
recurse: true
/var/lib/kolla/config_files/redis_tls_proxy.json:
command: stunnel /etc/stunnel/stunnel.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_1:
redis_image_tag:
@ -154,54 +135,32 @@ outputs:
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
map_merge:
- redis_init_bundle:
start_order: 2
detach: false
net: host
user: root
config_volume: 'redis_init_bundle'
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
image: *redis_config_image
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
- if:
- internal_tls_enabled
- redis_tls_proxy:
start_order: 3
image: *redis_image_pcmklatest
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
- /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
metadata_settings:
get_attr: [RedisBase, role_data, metadata_settings]
redis_init_bundle:
start_order: 2
detach: false
net: host
user: root
config_volume: 'redis_init_bundle'
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
image: *redis_config_image
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create /var/run/redis
file: