From ba480c6a99c613c74a3a84ab2a6abdda205a44de Mon Sep 17 00:00:00 2001 From: Mark Vanderwiel Date: Tue, 16 Jun 2015 10:07:35 -0500 Subject: [PATCH] Allow rabbit mq kombu ssl configuration Add the rest of the kombu ssl configuration options. Change-Id: I9dc682a2a8e4df289b9c0bbca11208183d1ff71b Partial-Bug: 1464706 --- metadata.rb | 2 +- spec/cinder_common_spec.rb | 42 +++++++++++++++++++------- templates/default/cinder.conf.erb | 49 +++++++++++++++++++++---------- 3 files changed, 66 insertions(+), 27 deletions(-) diff --git a/metadata.rb b/metadata.rb index 00ee632..3c9699b 100644 --- a/metadata.rb +++ b/metadata.rb @@ -20,7 +20,7 @@ recipe 'openstack-block-storage::backup', 'Installs the cinder-backup service' end depends 'apt', '~> 2.6.1' -depends 'openstack-common', '>= 11.2.0' +depends 'openstack-common', '>= 11.4.0' depends 'openstack-identity', '>= 11.0.0' depends 'openstack-image', '>= 11.0.0' depends 'selinux', '~> 0.9.0' diff --git a/spec/cinder_common_spec.rb b/spec/cinder_common_spec.rb index c935b3c..73b4179 100644 --- a/spec/cinder_common_spec.rb +++ b/spec/cinder_common_spec.rb @@ -370,7 +370,9 @@ describe 'openstack-block-storage::cinder-common' do it 'has default RPC/AMQP options set' do [/^rpc_conn_pool_size=30$/, /^amqp_durable_queues=false$/, - /^amqp_auto_delete=false$/].each do |line| + /^amqp_auto_delete=false$/, + /^heartbeat_timeout_threshold=0$/, + /^heartbeat_rate=2$/].each do |line| expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) end end @@ -411,11 +413,9 @@ describe 'openstack-block-storage::cinder-common' do end end - %w(use_ssl userid).each do |attr| - it "has rabbit_#{attr}" do - node.set['openstack']['mq']['block-storage']['rabbit'][attr] = "rabbit_#{attr}_value" - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr}=rabbit_#{attr}_value$/) - end + it 'has rabbit_userid' do + node.set['openstack']['mq']['block-storage']['rabbit']['userid'] = 'rabbit_userid_value' + expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_userid=rabbit_userid_value$/) end it 'has rabbit_password' do @@ -427,15 +427,35 @@ describe 'openstack-block-storage::cinder-common' do expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host=vhost_value$/) end - it 'does not have kombu ssl version set' do - expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/) + it 'does not have ssl config set' do + [/^rabbit_use_ssl=/, + /^kombu_ssl_version=/, + /^kombu_ssl_keyfile=/, + /^kombu_ssl_certfile=/, + /^kombu_ssl_ca_certs=/, + /^kombu_reconnect_delay=/, + /^kombu_reconnect_timeout=/].each do |line| + expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) + end end - it 'sets kombu ssl version' do + it 'sets ssl config' do node.set['openstack']['mq']['block-storage']['rabbit']['use_ssl'] = true node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_version'] = 'TLSv1.2' - - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/) + node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_keyfile'] = 'keyfile' + node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_certfile'] = 'certfile' + node.set['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile' + node.set['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_delay'] = 123.123 + node.set['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_timeout'] = 123 + [/^rabbit_use_ssl=true/, + /^kombu_ssl_version=TLSv1.2$/, + /^kombu_ssl_keyfile=keyfile$/, + /^kombu_ssl_certfile=certfile$/, + /^kombu_ssl_ca_certs=certsfile$/, + /^kombu_reconnect_delay=123.123$/, + /^kombu_reconnect_timeout=123$/].each do |line| + expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line) + end end it 'has the default rabbit_retry_interval set' do diff --git a/templates/default/cinder.conf.erb b/templates/default/cinder.conf.erb index f025949..14ec824 100644 --- a/templates/default/cinder.conf.erb +++ b/templates/default/cinder.conf.erb @@ -1265,6 +1265,12 @@ notification_topics=<%= node["openstack"]["mq"]["block-storage"]["qpid"]["notifi # From oslo.messaging # +# Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat) +heartbeat_timeout_threshold=<%= node['openstack']['mq']['block-storage']['rabbit']['heartbeat_timeout_threshold'] %> + +# How often times during the heartbeat_timeout_threshold we check the heartbeat +heartbeat_rate=<%= node['openstack']['mq']['block-storage']['rabbit']['heartbeat_rate'] %> + # from oslo/messaging/_drivers/amqp.py amqp_durable_queues=<%= node['openstack']['mq']['block-storage']['durable_queues'] %> amqp_auto_delete=<%= node['openstack']['mq']['block-storage']['auto_delete'] %> @@ -1278,20 +1284,36 @@ rpc_conn_pool_size=<%= node["openstack"]["block-storage"]["rpc_conn_pool_size"] ######## defined in cinder.openstack.common.rpc.impl_kombu ######## -<% if node["openstack"]["mq"]["block-storage"]["rabbit"]["use_ssl"] && node["openstack"]["mq"]["block-storage"]["rabbit"]["kombu_ssl_version"] %> -kombu_ssl_version=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["kombu_ssl_version"] %> -#### (StrOpt) SSL version to use (valid only if SSL enabled) +<% if node['openstack']['mq']['block-storage']['rabbit']['use_ssl'] -%> + +# Connect over SSL for RabbitMQ. (boolean value) +rabbit_use_ssl=true + +<% if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_version'] -%> +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on +# some distributions. (string value) +kombu_ssl_version=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_version'] %> +<% end -%> +<% if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_keyfile'] -%> +# SSL key file (valid only if SSL enabled) +kombu_ssl_keyfile=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_keyfile'] %> +<% end -%> +<% if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_certfile'] -%> +# SSL cert file (valid only if SSL enabled) +kombu_ssl_certfile=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_certfile'] %> +<% end -%> +<% if node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_ca_certs'] -%> +# SSL certification authority file (valid only if SSL enabled) +kombu_ssl_ca_certs=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_ssl_ca_certs'] %> +<% end -%> +# How long to wait before reconnecting in response to an AMQP consumer cancel notification +kombu_reconnect_delay=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_delay'] %> +# How long to wait before considering a reconnect attempt to have failed. +# This value should not be longer than rpc_response_timeout +kombu_reconnect_timeout=<%= node['openstack']['mq']['block-storage']['rabbit']['kombu_reconnect_timeout'] %> <% end -%> -# kombu_ssl_keyfile= -#### (StrOpt) SSL key file (valid only if SSL enabled) - -# kombu_ssl_certfile= -#### (StrOpt) SSL cert file (valid only if SSL enabled) - -# kombu_ssl_ca_certs= -#### (StrOpt) SSL certification authority file (valid only if SSL enabled) - <% if node["openstack"]["mq"]["block-storage"]["rabbit"]["ha"] -%> rabbit_hosts=<%= @rabbit_hosts %> #### (ListOpt) RabbitMQ HA cluster host:port pairs @@ -1310,9 +1332,6 @@ rabbit_port=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["port"] %> #### (IntOpt) The RabbitMQ broker port where a single node is used <% end -%> -rabbit_use_ssl=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["use_ssl"] %> -#### (BoolOpt) connect over SSL for RabbitMQ - rabbit_userid=<%= node["openstack"]["mq"]["block-storage"]["rabbit"]["userid"] %> #### (StrOpt) the RabbitMQ userid