Merge "Manage Keycloak realm"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index c5464d3..af2ba0c 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -9,3 +9,7 @@
# Openstack memcache security
openstack_memcache_security_enabled: False
openstack_memcache_security_strategy: 'ENCRYPT'
+ # Neutron
+ neutron_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ neutron_memcache_secret_key: ''
+
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index da4b9e8..de8e9ae 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -6,6 +6,9 @@
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
+ _param:
+ glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ glance_memcache_secret_key: ''
linux:
system:
cron:
@@ -69,6 +72,11 @@
cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:glance_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:glance_memcache_secret_key}
storage:
engine: file
images: []
diff --git a/glance/control/single.yml b/glance/control/single.yml
index 34e3e96..ad6e1cb 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -3,6 +3,9 @@
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
+ _param:
+ glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ glance_memcache_secret_key: ''
linux:
system:
cron:
@@ -40,3 +43,8 @@
cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:glance_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:glance_memcache_secret_key}
diff --git a/linux/system/repo/duo.yml b/linux/system/repo/duo.yml
new file mode 100644
index 0000000..95db543
--- /dev/null
+++ b/linux/system/repo/duo.yml
@@ -0,0 +1,12 @@
+classes:
+- system.linux.system.repo.keystorage.duo
+parameters:
+ _param:
+ linux_system_repo_duo_url: http://pkg.duosecurity.com/Ubuntu
+ linux:
+ system:
+ repo:
+ duo:
+ key: ${_param:linux_system_repo_duo_key}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_duo_url} ${_param:linux_system_codename} main"
+ architectures: amd64
diff --git a/linux/system/repo/keystorage/duo.yml b/linux/system/repo/keystorage/duo.yml
new file mode 100644
index 0000000..19caa67
--- /dev/null
+++ b/linux/system/repo/keystorage/duo.yml
@@ -0,0 +1,46 @@
+parameters:
+ _param:
+ # pub 1024D/15D32EFC 2013-09-05 [expires: 2020-08-22]
+ linux_system_repo_duo_key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v2.0.22 (GNU/Linux)
+
+ mQGiBFIog+QRBACobW/uA1UTaWWDlAhwdQGi+KVOomTVsBA/POo/xXX24kU550o3
+ ngeM0ibqIc/ghLUkt4Q2j08x9NgNEzcSjdG5DboouqBrcF5CoN4DOFaiKGiMq1zL
+ 14ZmushOHE2Qb0gA0zzxo7GwD/6GSvsH3y1z49JJU5hcXNt9PINsE6KXbwCg+Ob+
+ qesaO7JhIPMiDLBrNh20bHsD/3KYrgGyLhbKKaYQtS9B7HUIyS3zagDmC9EU4OsW
+ Tgwo6oDm7OTZ0W9ZSmFJn9IYs7LLu4AeDJqL+pQ83CeHvT205zM6dlgLmUgGvp22
+ 4KJ0K9Wp54AP2NqX7ok2y5edI1CDejPm01ZZLd2POXkJgeS43oftvBtkAUl+W0dD
+ eHPfA/0ZSsV5CJ0qyaLCtnUsoWczXs460Zs4vxvKkuMdUBwZz9W1RyhBvWdsxn0l
+ 5cwk+rv/49VaYP97M2hPQtrAi7WkRtiU34ze/7Pkpv4+Qiwg9vQjZtMbwzYhWSXt
+ C3ps0SyuwkvcHWoCejnqkdlTeZpfeQMQAvjonMyBpdgH0sgf6LQyRHVvIFNlY3Vy
+ aXR5IFBhY2thZ2UgU2lnbmluZyA8ZGV2QGR1b3NlY3VyaXR5LmNvbT6IZgQTEQIA
+ JgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJbfxQqBQkNGPdGAAoJEBzJH8YV
+ 0y78WGMAoPSPCVhvfjJFj0c4UQgRHL9zApThAJ9W2f39jm6qCshHoltGRxFAPvel
+ y7kEDQRSKIVDEBAAiu/l6B3dn0jhLyQsszyAwA1RHh3u4a6a7B4niRX+8zQ8LkQh
+ VWADc9TXPgPiKxAZyivhgupk9CHkUaRpgyHm/jK5wIZCV6bgQ62QJymfE1FdF5m7
+ uuq9IvfY/GTWdVwLA/XOxMw6AJMR+WiwNTd0OvlxD1C8u3TZiwEjuPatWVhPfRlT
+ +ISgsntjf1DdnyjqLNsOFqj4IDV8nEPlzzNHAhS8axeJAnIMkDG6RyLK2cakZahw
+ R/2VYH4K0zjtguyfK/+w5Md9VlEsHgVKfef+Lwwbo/MJ6evsHoEYGr7CvzNxSlse
+ 2p+3J88YY7tcrlLQRlmhqf3YARS4mjPXnW3fIhlOjCcUStxIT6qvX1a9q7ap7yoP
+ KpmXiQKqivg8eWmTFp5UACWYdcX/FXDvamd/6fwEniOtvNcblP5jQcipUAepd9uK
+ A6hpN+uwJvp7kIqRvHB7OhZbjKLvkRishZAPvrRt6VUUdmX9fGj/KiqIVB1Xc7cE
+ 1JwybE+vtY4CSq2CGUYeo0A4a0mq1GCGE4U+00t6ci4xEBtp3+WYbyluZzyBf62l
+ m5mFmCZ4fqu19ULB6yzmzcFxmMtw3lYPIgs7VbVSF1GjJ1n1nyLZ6mc+mBdHkhrx
+ tueir0NP0yhwpjC+RngKdQCJkFaEbnNprZBi8PviuP7VKFCxSTePWYdwzaMAAwUP
+ /3e8bgmKChAzdQroO/4MI6xBe0rCKur11J6lWINsm7oqtvjixqbAViiCKKhpNEgS
+ XytDy77a9uUewjlhlVzKQV+4CZ58plxJd2ge0IvQagA5qW7/qr9QWd3h/cUWeuLb
+ eg5iHd/uXS5LePz/jzUHgzuDrrfv2AfvPMLR4fv6lt6mg0I8P2Su5rBWXpP+zybf
+ lj8CX+bt6ngxPIka8BOUwgfXfp4zwygB8YonpEV24dbgzeeT8cIJ9B67MNgprZjI
+ un/0qHMo47sQxATRcqJIO3n/d/m1Rrd6b33T40xVXWvKu9SEoJ94ZbugGCkgR8LT
+ 3ir42GCFIJUahkR5ObLa9d4H5Mo1FyKsp9MqZ2p0xji4eBsNDJegiJnW+BIzuBaI
+ io7kp9c8y+X1ew4MtRYsHaiaKybzINKHQeDNDgdKdno1bRSmuQ0pAa97bfgQRtNR
+ 4RbB9izjHrdz0FYzzSCCglUqwc4Fgc4Z/6gsIIl743MVJp6VKh8hOfQiE5JhzgxY
+ vuGS0zrdyPEtEBTgIdMviCabgZZQCMseajFoOfNfKdtVYunAS6+X+b1Qby4WDcIV
+ cde6FFvjvIM4HxS0OIob2ikXIltfIDoHli2QtsZa948QVrqGvqsfcQCjWcS8bVnb
+ KLlyAI2kz675GFDmj+BKJomA4z2VW5yXtWFMeYmDYYTliE8EGBECAA8CGwwFAlt/
+ FDoFCQ0Y9fcACgkQHMkfxhXTLvzPBwCgp38icsfj38GinpxMpGF02yxpemUAn1kr
+ WbTIiN63dr6gdz7hoZJ7PFmJ
+ =t1j7
+ -----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index a9cf9c1..0523c3f 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -38,3 +38,8 @@
cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 52a91ea..4a196fa 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -39,5 +39,10 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
role: ${_param:openstack_node_role}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
identity:
protocol: ${_param:cluster_internal_protocol}
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 40bdea3..8db8ead 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -34,3 +34,8 @@
enabled: ${_param:rabbitmq_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 8f84fa1..bc51ab9 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -31,3 +31,8 @@
cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}