Allow rabbit mq kombu ssl configuration
Add the rest of the kombu ssl configuration options. Change-Id: I720aea02ea26d7a64aeb5c92575a7a6f77458918 Partial-Bug: 1464706
This commit is contained in:
parent
9e62dd901c
commit
df5bec0b0a
|
@ -21,6 +21,6 @@ recipe 'openstack-telemetry::identity_registration', 'Registers the endpoints, t
|
||||||
supports os
|
supports os
|
||||||
end
|
end
|
||||||
|
|
||||||
depends 'openstack-common', '>= 11.2.0'
|
depends 'openstack-common', '>= 11.4.0'
|
||||||
depends 'openstack-identity', '>= 11.0.0'
|
depends 'openstack-identity', '>= 11.0.0'
|
||||||
depends 'openstack-compute', '>= 11.0.0'
|
depends 'openstack-compute', '>= 11.0.0'
|
||||||
|
|
|
@ -113,7 +113,6 @@ describe 'openstack-telemetry::common' do
|
||||||
/^rabbit_port = 5672$/,
|
/^rabbit_port = 5672$/,
|
||||||
/^rabbit_host = 127.0.0.1$/,
|
/^rabbit_host = 127.0.0.1$/,
|
||||||
/^rabbit_virtual_host = \/$/,
|
/^rabbit_virtual_host = \/$/,
|
||||||
/^rabbit_use_ssl = false$/,
|
|
||||||
/^rabbit_max_retries = 0$/,
|
/^rabbit_max_retries = 0$/,
|
||||||
/^rabbit_retry_interval = 1$/
|
/^rabbit_retry_interval = 1$/
|
||||||
].each do |line|
|
].each do |line|
|
||||||
|
@ -140,8 +139,7 @@ describe 'openstack-telemetry::common' do
|
||||||
/^rabbit_password = mq-pass$/,
|
/^rabbit_password = mq-pass$/,
|
||||||
/^rabbit_hosts = 1.1.1.1:5672,2.2.2.2:5672$/,
|
/^rabbit_hosts = 1.1.1.1:5672,2.2.2.2:5672$/,
|
||||||
/^rabbit_ha_queues = True$/,
|
/^rabbit_ha_queues = True$/,
|
||||||
/^rabbit_virtual_host = \/$/,
|
/^rabbit_virtual_host = \/$/
|
||||||
/^rabbit_use_ssl = false$/
|
|
||||||
].each do |line|
|
].each do |line|
|
||||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||||
end
|
end
|
||||||
|
@ -155,15 +153,35 @@ describe 'openstack-telemetry::common' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not have kombu ssl version set' do
|
it 'does not have ssl config set' do
|
||||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/)
|
[/^rabbit_use_ssl=/,
|
||||||
|
/^kombu_ssl_version=/,
|
||||||
|
/^kombu_ssl_keyfile=/,
|
||||||
|
/^kombu_ssl_certfile=/,
|
||||||
|
/^kombu_ssl_ca_certs=/,
|
||||||
|
/^kombu_reconnect_delay=/,
|
||||||
|
/^kombu_reconnect_timeout=/].each do |line|
|
||||||
|
expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'sets kombu ssl version' do
|
it 'sets ssl config' do
|
||||||
node.set['openstack']['mq']['telemetry']['rabbit']['use_ssl'] = true
|
node.set['openstack']['mq']['telemetry']['rabbit']['use_ssl'] = true
|
||||||
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
|
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
|
||||||
|
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_keyfile'] = 'keyfile'
|
||||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/)
|
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_certfile'] = 'certfile'
|
||||||
|
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile'
|
||||||
|
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_reconnect_delay'] = 123.123
|
||||||
|
node.set['openstack']['mq']['telemetry']['rabbit']['kombu_reconnect_timeout'] = 123
|
||||||
|
[/^rabbit_use_ssl=true/,
|
||||||
|
/^kombu_ssl_version=TLSv1.2$/,
|
||||||
|
/^kombu_ssl_keyfile=keyfile$/,
|
||||||
|
/^kombu_ssl_certfile=certfile$/,
|
||||||
|
/^kombu_ssl_ca_certs=certsfile$/,
|
||||||
|
/^kombu_reconnect_delay=123.123$/,
|
||||||
|
/^kombu_reconnect_timeout=123$/].each do |line|
|
||||||
|
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -117,9 +117,36 @@ amqp_durable_queues=<%= node["openstack"]["mq"]["telemetry"]["durable_queues"] %
|
||||||
# Auto-delete queues in AMQP. (boolean value)
|
# Auto-delete queues in AMQP. (boolean value)
|
||||||
amqp_auto_delete=<%= node["openstack"]["mq"]["telemetry"]["auto_delete"] %>
|
amqp_auto_delete=<%= node["openstack"]["mq"]["telemetry"]["auto_delete"] %>
|
||||||
|
|
||||||
<% if node["openstack"]["mq"]["telemetry"]["rabbit"]["use_ssl"] && node["openstack"]["mq"]["telemetry"]["rabbit"]["kombu_ssl_version"] %>
|
<% if node['openstack']['mq']['telemetry']['rabbit']['use_ssl'] -%>
|
||||||
kombu_ssl_version=<%= node["openstack"]["mq"]["telemetry"]["rabbit"]["kombu_ssl_version"] %>
|
|
||||||
|
# Connect over SSL for RabbitMQ. (boolean value)
|
||||||
|
rabbit_use_ssl=true
|
||||||
|
|
||||||
|
<% if node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_version'] -%>
|
||||||
|
# SSL version to use (valid only if SSL enabled). valid values
|
||||||
|
# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on
|
||||||
|
# some distributions. (string value)
|
||||||
|
kombu_ssl_version=<%= node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_version'] %>
|
||||||
|
<% end -%>
|
||||||
|
<% if node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_keyfile'] -%>
|
||||||
|
# SSL key file (valid only if SSL enabled)
|
||||||
|
kombu_ssl_keyfile=<%= node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_keyfile'] %>
|
||||||
|
<% end -%>
|
||||||
|
<% if node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_certfile'] -%>
|
||||||
|
# SSL cert file (valid only if SSL enabled)
|
||||||
|
kombu_ssl_certfile=<%= node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_certfile'] %>
|
||||||
|
<% end -%>
|
||||||
|
<% if node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_ca_certs'] -%>
|
||||||
|
# SSL certification authority file (valid only if SSL enabled)
|
||||||
|
kombu_ssl_ca_certs=<%= node['openstack']['mq']['telemetry']['rabbit']['kombu_ssl_ca_certs'] %>
|
||||||
|
<% end -%>
|
||||||
|
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
|
||||||
|
kombu_reconnect_delay=<%= node['openstack']['mq']['telemetry']['rabbit']['kombu_reconnect_delay'] %>
|
||||||
|
# How long to wait before considering a reconnect attempt to have failed.
|
||||||
|
# This value should not be longer than rpc_response_timeout
|
||||||
|
kombu_reconnect_timeout=<%= node['openstack']['mq']['telemetry']['rabbit']['kombu_reconnect_timeout'] %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
||||||
##### RABBITMQ #####
|
##### RABBITMQ #####
|
||||||
rabbit_userid = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["userid"] %>
|
rabbit_userid = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["userid"] %>
|
||||||
rabbit_password = <%= @mq_password %>
|
rabbit_password = <%= @mq_password %>
|
||||||
|
@ -131,7 +158,6 @@ rabbit_port = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["port"] %>
|
||||||
rabbit_host = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["host"] %>
|
rabbit_host = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["host"] %>
|
||||||
<% end %>
|
<% end %>
|
||||||
rabbit_virtual_host = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["vhost"] %>
|
rabbit_virtual_host = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["vhost"] %>
|
||||||
rabbit_use_ssl = <%= node["openstack"]["mq"]["telemetry"]["rabbit"]["use_ssl"] %>
|
|
||||||
rpc_backend = ceilometer.openstack.common.rpc.impl_kombu
|
rpc_backend = ceilometer.openstack.common.rpc.impl_kombu
|
||||||
|
|
||||||
# Maximum retries with trying to connect to RabbitMQ
|
# Maximum retries with trying to connect to RabbitMQ
|
||||||
|
|
Loading…
Reference in New Issue