Add redis password parameter
Redis server API was not protected with a password
by default.
To fix this issue we need to provide a way to
configure redis with authentification in salt-formula.
This patch addresses the problem for redis used
by contrail analytics.
If redis password is not set in the model then redis
will be configured without password.
Co-Authored-By Gleb Zimin <gzimin@mirantis.com>
Co-Authored-By Pavel Svimbersky <psvimbersky@mirantis.com>
Change-Id: I05813169be38ece1bd592d73a3ba1f4c7502d602
Related-Prod: PROD-22096
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index 51e3694..b51a1fe 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -9,6 +9,7 @@
opencontrail_identity_version: '2.0'
keystone_admin_password: 'none'
keystone_service_token: 'none'
+ redis_password: 'none'
openstack_region: RegionOne
opencontrail:
common:
@@ -32,6 +33,11 @@
port: 9081
master:
host: ${_param:cluster_local_address}
+ contrail_cache:
+ engine: redis
+ host: ${_param:cluster_local_address}
+ port: 6379
+ password: ${_param:redis_password}
discovery:
host: ${_param:network_vip_address}
data_ttl: 1
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index dedcc1f..df3aa74 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -9,6 +9,7 @@
opencontrail_identity_version: '2.0'
keystone_admin_password: 'none'
keystone_service_token: 'none'
+ redis_password: 'none'
openstack_region: RegionOne
opencontrail:
common:
@@ -94,6 +95,11 @@
port: 9081
master:
host: ${_param:cluster_local_address}
+ contrail_cache:
+ engine: redis
+ host: ${_param:cluster_local_address}
+ port: 6379
+ password: ${_param:redis_password}
discovery:
host: ${_param:cluster_vip_address}
data_ttl: 1
@@ -160,6 +166,7 @@
engine: redis
host: ${_param:cluster_local_address}
port: 6379
+ password: ${_param:redis_password}
members:
- host: ${_param:cluster_node01_address}
id: 1
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index c3bb5d1..079e222 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -10,6 +10,7 @@
keystone_admin_password: 'none'
keystone_service_token: 'none'
openstack_region: RegionOne
+ redis_password: 'none'
opencontrail:
common:
version: ${_param:opencontrail_version}
@@ -125,6 +126,7 @@
cache:
engine: redis
host: ${_param:cluster_local_address}
+ password: ${_param:redis_password}
port: 6379
members:
- host: ${_param:cluster_node01_address}
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index f17d610..a63f28a 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -10,6 +10,7 @@
keystone_admin_password: 'none'
keystone_service_token: 'none'
openstack_region: RegionOne
+ redis_password: 'none'
opencontrail:
common:
version: ${_param:opencontrail_version}
@@ -85,6 +86,11 @@
port: 9081
master:
host: ${_param:single_address}
+ contrail_cache:
+ engine: redis
+ host: ${_param:single_address}
+ port: 6379
+ password: ${_param:redis_password}
discovery:
host: ${_param:single_address}
data_ttl: 1
@@ -141,6 +147,7 @@
engine: redis
host: ${_param:single_address}
port: 6379
+ password: ${_param:redis_password}
members:
- host: ${_param:single_address}
id: 1