Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 91c5c47)
Ensure access to Redis is password protected
authorGiulio Fidente <gfidente@redhat.com>
Fri, 7 Aug 2015 11:03:05 +0000 (13:03 +0200)
committerGiulio Fidente <gfidente@redhat.com>
Wed, 9 Mar 2016 15:59:57 +0000 (16:59 +0100)
Depends-On: I1a8741b9e00775763911222cbe0af677b59e03a1
Change-Id: I373f97ada4e4101700a12b42dfb8ee4b2ff701f2

overcloud.yaml patch | blob | history
puppet/controller.yaml patch | blob | history

diff --git a/overcloud.yaml b/overcloud.yaml
index e540b9c..26a1754 100644 (file)
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -307,6 +307,10 @@ parameters:
     default: false
     description: Enable IPv6 in RabbitMQ
     type: boolean
+  RedisPassword:
+    description: The password for Redis
+    type: string
+    hidden: true
   SnmpdReadonlyUserName:
     default: ro_snmp_user
     description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@@ -988,6 +992,7 @@ resources:
           RabbitClientPort: {get_param: RabbitClientPort}
           RabbitFDLimit: {get_param: RabbitFDLimit}
           RabbitIPv6: {get_param: RabbitIPv6}
+          RedisPassword: {get_param: RedisPassword}
           SaharaPassword: {get_param: SaharaPassword}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 186dce6..0cc3fd7 100644 (file)
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -621,6 +621,10 @@ parameters:
     default: false
     description: Enable IPv6 in RabbitMQ
     type: boolean
+  RedisPassword:
+    type: string
+    description: The password to access the Redis service
+    hidden: true
   RedisVirtualIP:
     type: string
     default: ''  # Has to be here because of the ignored empty value bug
@@ -1149,7 +1153,8 @@ resources:
             - ''
             - - 'redis://'
               - {get_param: RedisVirtualIPUri}
-              - ':6379'
+              - ':6379/?password='
+              - {get_param: RedisPassword}
         ceilometer_dsn:
           list_join:
             - ''
@@ -1242,6 +1247,7 @@ resources:
         horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
         rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
         redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+        redis_password: {get_param: RedisPassword}
         redis_vip: {get_param: RedisVirtualIP}
         sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
         memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
@@ -1611,6 +1617,9 @@ resources:
                 rabbit_ipv6: {get_input: rabbit_ipv6}
                 # Redis
                 redis::bind: {get_input: redis_network}
+                redis::requirepass: {get_input: redis_password}
+                redis::masterauth: {get_input: redis_password}
+                redis::sentinel_auth_pass: {get_input: redis_password}
                 redis_vip: {get_input: redis_vip}
                 # Firewall
                 tripleo::firewall::manage_firewall: {get_input: manage_firewall}