rabbitmq ssl support

2014-02-23 12:22:34 -05:00
parent d4c9439e28
commit f3e8c22d95
3 changed files with 27 additions and 3 deletions
--- a/hooks/charmhelpers/contrib/openstack/context.py
+++ b/hooks/charmhelpers/contrib/openstack/context.py
@@ -213,6 +213,9 @@ class IdentityServiceContext(OSContextGenerator):
 class AMQPContext(OSContextGenerator):
    interfaces = ['amqp']

+    def __init__(self, ssl_dir=None):
+        self.ssl_dir = ssl_dir
+
    def __call__(self):
        log('Generating template context for amqp')
        conf = config()
@@ -223,7 +226,6 @@ class AMQPContext(OSContextGenerator):
            log('Could not generate shared_db context. '
                'Missing required charm config options: %s.' % e)
            raise OSContextError
-
        ctxt = {}
        for rid in relation_ids('amqp'):
            for unit in related_units(rid):
@@ -240,7 +242,20 @@ class AMQPContext(OSContextGenerator):
                                                      unit=unit),
                    'rabbitmq_virtual_host': vhost,
                })
+                ssl_port = relation_get('ssl_port', rid=rid, unit=unit)
+                if ssl_port:
+                    ctxt['rabbit_ssl_port'] = ssl_port
+                ssl_ca = relation_get('ssl_ca', rid=rid, unit=unit)
+                if ssl_ca:
+                    ctxt['rabbit_ssl_ca'] = ssl_ca
+
                if context_complete(ctxt):
+                    if 'rabbit_ssl_ca' in ctxt:
+                        ca_path = os.path.join(
+                            self.ssl_dir, 'rabbit-client-ca.pem')
+                        with open(ca_path, 'w') as fh:
+                            fh.write(b64decode(ctxt['rabbit_ssl_ca']))
+                            ctxt['rabbit_ssl_ca'] = ca_path
                    # Sufficient information found = break out!
                    break
            # Used for active/active rabbitmq >= grizzly
@@ -253,6 +268,8 @@ class AMQPContext(OSContextGenerator):
        if not context_complete(ctxt):
            return {}
        else:
+            ctxt.setdefault('rabbit_ssl_port', '')
+            ctxt.setdefault('rabbit_ssl_ca', '')
            return ctxt


--- a/hooks/cinder_utils.py
+++ b/hooks/cinder_utils.py
@@ -99,7 +99,7 @@ TEMPLATES = 'templates/'
 CONFIG_FILES = OrderedDict([
    (CINDER_CONF, {
        'hook_contexts': [context.SharedDBContext(ssl_dir=CINDER_CONF_DIR),
-                          context.AMQPContext(),
+                          context.AMQPContext(ssl_dir=CINDER_CONF_DIR),
                          context.ImageServiceContext(),
                          context.OSConfigFlagContext(),
                          cinder_contexts.CephContext(),
--- a/templates/cinder.conf
+++ b/templates/cinder.conf
@@ -17,9 +17,16 @@ volumes_dir = /var/lib/cinder/volumes
 {% if database_host -%}
 sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
 {% endif %}
-{% if rabbitmq_host -%}
+{% if rabbitmq_host %}
 notification_driver = cinder.openstack.common.notifier.rabbit_notifier
 control_exchange = cinder
+{% if rabbit_ssl_port %}
+rabbit_use_ssl=True
+rabbit_port={{ rabbit_ssl_port }}
+{% if rabbit_ssl_ca %}
+rabbit_ssl_ca_certs=rabbit_ssl_ca
+{% endif %}
+{% endif %}
 rabbit_host = {{ rabbitmq_host }}
 rabbit_userid = {{ rabbitmq_user }}
 rabbit_password = {{ rabbitmq_password }}