Browse Source

Allow rabbit mq kombu ssl configuration

Add the rest of the kombu ssl configuration options.

Change-Id: I9dc682a2a8e4df289b9c0bbca11208183d1ff71b
Partial-Bug: 1464706
Mark Vanderwiel 3 years ago
parent
commit
ba480c6a99
3 changed files with 66 additions and 27 deletions
  1. 1
    1
      metadata.rb
  2. 31
    11
      spec/cinder_common_spec.rb
  3. 34
    15
      templates/default/cinder.conf.erb

+ 1
- 1
metadata.rb View File

@@ -20,7 +20,7 @@ recipe 'openstack-block-storage::backup', 'Installs the cinder-backup service'
20 20
 end
21 21
 
22 22
 depends 'apt', '~> 2.6.1'
23
-depends 'openstack-common', '>= 11.2.0'
23
+depends 'openstack-common', '>= 11.4.0'
24 24
 depends 'openstack-identity', '>= 11.0.0'
25 25
 depends 'openstack-image', '>= 11.0.0'
26 26
 depends 'selinux', '~> 0.9.0'

+ 31
- 11
spec/cinder_common_spec.rb View File

@@ -370,7 +370,9 @@ describe 'openstack-block-storage::cinder-common' do
370 370
           it 'has default RPC/AMQP options set' do
371 371
             [/^rpc_conn_pool_size=30$/,
372 372
              /^amqp_durable_queues=false$/,
373
-             /^amqp_auto_delete=false$/].each do |line|
373
+             /^amqp_auto_delete=false$/,
374
+             /^heartbeat_timeout_threshold=0$/,
375
+             /^heartbeat_rate=2$/].each do |line|
374 376
               expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
375 377
             end
376 378
           end
@@ -411,11 +413,9 @@ describe 'openstack-block-storage::cinder-common' do
411 413
             end
412 414
           end
413 415
 
414
-          %w(use_ssl userid).each do |attr|
415
-            it "has rabbit_#{attr}" do
416
-              node.set['openstack']['mq']['block-storage']['rabbit'][attr] = "rabbit_#{attr}_value"
417
-              expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr}=rabbit_#{attr}_value$/)
418
-            end
416
+          it 'has rabbit_userid' do
417
+            node.set['openstack']['mq']['block-storage']['rabbit']['userid'] = 'rabbit_userid_value'
418
+            expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_userid=rabbit_userid_value$/)
419 419
           end
420 420
 
421 421
           it 'has rabbit_password' do
@@ -427,15 +427,35 @@ describe 'openstack-block-storage::cinder-common' do
427 427
             expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host=vhost_value$/)
428 428
           end
429 429
 
430
-          it 'does not have kombu ssl version set' do
431
-            expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/)
430
+          it 'does not have ssl config set' do
431
+            [/^rabbit_use_ssl=/,
432
+             /^kombu_ssl_version=/,
433
+             /^kombu_ssl_keyfile=/,
434
+             /^kombu_ssl_certfile=/,
435
+             /^kombu_ssl_ca_certs=/,
436
+             /^kombu_reconnect_delay=/,
437
+             /^kombu_reconnect_timeout=/].each do |line|
438
+              expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
439
+            end
432 440
           end
433 441
 
434
-          it 'sets kombu ssl version' do
442
+          it 'sets ssl config' do
435 443
             node.set['openstack']['mq']['block-storage']['rabbit']['use_ssl'] = true
436 444
             node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
437
-
438
-            expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/)
445
+            node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_keyfile'] = 'keyfile'
446
+            node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_certfile'] = 'certfile'
447
+            node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile'
448
+            node.set['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_delay'] = 123.123
449
+            node.set['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_timeout'] = 123
450
+            [/^rabbit_use_ssl=true/,
451
+             /^kombu_ssl_version=TLSv1.2$/,
452
+             /^kombu_ssl_keyfile=keyfile$/,
453
+             /^kombu_ssl_certfile=certfile$/,
454
+             /^kombu_ssl_ca_certs=certsfile$/,
455
+             /^kombu_reconnect_delay=123.123$/,
456
+             /^kombu_reconnect_timeout=123$/].each do |line|
457
+              expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
458
+            end
439 459
           end
440 460
 
441 461
           it 'has the default rabbit_retry_interval set' do

+ 34
- 15
templates/default/cinder.conf.erb View File

@@ -1265,6 +1265,12 @@ notification_topics=<%= node["openstack"]["mq"]["block-storage"]["qpid"]["notifi
1265 1265
 # From oslo.messaging
1266 1266
 #
1267 1267
 
1268
+# Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
1269
+heartbeat_timeout_threshold=<%= node['openstack']['mq']['block-storage']['rabbit']['heartbeat_timeout_threshold'] %>
1270
+
1271
+# How often times during the heartbeat_timeout_threshold we check the heartbeat
1272
+heartbeat_rate=<%= node['openstack']['mq']['block-storage']['rabbit']['heartbeat_rate'] %>
1273
+
1268 1274
 # from oslo/messaging/_drivers/amqp.py
1269 1275
 amqp_durable_queues=<%= node['openstack']['mq']['block-storage']['durable_queues'] %>
1270 1276
 amqp_auto_delete=<%= node['openstack']['mq']['block-storage']['auto_delete'] %>
@@ -1278,20 +1284,36 @@ rpc_conn_pool_size=<%= node["openstack"]["block-storage"]["rpc_conn_pool_size"]
1278 1284
 
1279 1285
 ######## defined in cinder.openstack.common.rpc.impl_kombu ########
1280 1286
 
1281
-<% if node["openstack"]["mq"]["block-storage"]["rabbit"]["use_ssl"] && node["openstack"]["mq"]["block-storage"]["rabbit"]["kombu_ssl_version"] %>
1282
-kombu_ssl_version=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["kombu_ssl_version"] %>
1283
-#### (StrOpt) SSL version to use (valid only if SSL enabled)
1287
+<% if node['openstack']['mq']['block-storage']['rabbit']['use_ssl'] -%>
1288
+
1289
+# Connect over SSL for RabbitMQ. (boolean value)
1290
+rabbit_use_ssl=true
1291
+
1292
+<%   if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_version'] -%>
1293
+# SSL version to use (valid only if SSL enabled). valid values
1294
+# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on
1295
+# some distributions. (string value)
1296
+kombu_ssl_version=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_version'] %>
1297
+<%   end -%>
1298
+<%   if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_keyfile'] -%>
1299
+# SSL key file (valid only if SSL enabled)
1300
+kombu_ssl_keyfile=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_keyfile'] %>
1301
+<%   end -%>
1302
+<%   if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_certfile'] -%>
1303
+# SSL cert file (valid only if SSL enabled)
1304
+kombu_ssl_certfile=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_certfile'] %>
1305
+<%   end -%>
1306
+<%   if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_ca_certs'] -%>
1307
+# SSL certification authority file (valid only if SSL enabled)
1308
+kombu_ssl_ca_certs=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_ca_certs'] %>
1309
+<%   end -%>
1310
+# How long to wait before reconnecting in response to an AMQP consumer cancel notification
1311
+kombu_reconnect_delay=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_delay'] %>
1312
+# How long to wait before considering a reconnect attempt to have failed.
1313
+# This value should not be longer than rpc_response_timeout
1314
+kombu_reconnect_timeout=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_timeout'] %>
1284 1315
 <% end -%>
1285 1316
 
1286
-# kombu_ssl_keyfile=
1287
-#### (StrOpt) SSL key file (valid only if SSL enabled)
1288
-
1289
-# kombu_ssl_certfile=
1290
-#### (StrOpt) SSL cert file (valid only if SSL enabled)
1291
-
1292
-# kombu_ssl_ca_certs=
1293
-#### (StrOpt) SSL certification authority file (valid only if SSL enabled)
1294
-
1295 1317
 <% if node["openstack"]["mq"]["block-storage"]["rabbit"]["ha"] -%>
1296 1318
 rabbit_hosts=<%= @rabbit_hosts %>
1297 1319
 #### (ListOpt) RabbitMQ HA cluster host:port pairs
@@ -1310,9 +1332,6 @@ rabbit_port=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["port"] %>
1310 1332
 #### (IntOpt) The RabbitMQ broker port where a single node is used
1311 1333
 <% end -%>
1312 1334
 
1313
-rabbit_use_ssl=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["use_ssl"] %>
1314
-#### (BoolOpt) connect over SSL for RabbitMQ
1315
-
1316 1335
 rabbit_userid=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["userid"] %>
1317 1336
 #### (StrOpt) the RabbitMQ userid
1318 1337
 

Loading…
Cancel
Save