From 21e877c22d2b5303a7c0d07602f84d36754425b1 Mon Sep 17 00:00:00 2001 From: Konstantin Snihyr Date: Mon, 18 Apr 2016 18:33:56 +0300 Subject: [PATCH] Pass [rabbitmq]/ca_certs file to murano-spawned instance Change-Id: I0d7a66b66d47c5996df8047225dcd9323d328412 Closes-Bug: #1568172 --- .../Classes/resources/LinuxMuranoInstance.yaml | 6 +++++- meta/io.murano/Resources/Agent-v2.template | 2 +- meta/io.murano/Resources/linux-init.sh | 7 +++++++ murano/common/config.py | 3 ++- murano/engine/system/yaql_functions.py | 10 ++++++++-- 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml b/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml index e62db31e..7a644ba0 100644 --- a/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml +++ b/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml @@ -80,7 +80,11 @@ Methods: "%AGENT_CONFIG_BASE64%": base64encode($configFile.replace($configReplacements)) "%INTERNAL_HOSTNAME%": $.name "%MURANO_SERVER_ADDRESS%": coalesce(config(file_server), $rabbitMqParams.host) - "%CA_ROOT_CERT_BASE64%": "" + - If: config(rabbitmq, ca_certs) + Then: + - $scriptReplacements["%CA_ROOT_CERT_BASE64%"]: base64encode(config(rabbitmq, ca_certs, true)) + Else: + - $scriptReplacements["%CA_ROOT_CERT_BASE64%"]: '' - $muranoReplacements: "%MURANO_AGENT_CONF%": base64encode($muranoAgentConf) "%MURANO_AGENT_SERVICE%": base64encode($muranoAgentService) diff --git a/meta/io.murano/Resources/Agent-v2.template b/meta/io.murano/Resources/Agent-v2.template index 772c2bc8..5fe1be8e 100644 --- a/meta/io.murano/Resources/Agent-v2.template +++ b/meta/io.murano/Resources/Agent-v2.template @@ -25,7 +25,7 @@ port = %RABBITMQ_PORT% ssl = %RABBITMQ_SSL% # Path to SSL CA certificate or empty to allow self signed server certificate -ca_certs = +ca_certs = '/etc/murano/certs/ca_certs' # RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password. login = %RABBITMQ_USER% diff --git a/meta/io.murano/Resources/linux-init.sh b/meta/io.murano/Resources/linux-init.sh index 4032e16a..d76c5624 100644 --- a/meta/io.murano/Resources/linux-init.sh +++ b/meta/io.murano/Resources/linux-init.sh @@ -14,6 +14,7 @@ service murano-agent stop AgentConfigBase64='%AGENT_CONFIG_BASE64%' +RMQCaCertBase64='%CA_ROOT_CERT_BASE64%' if [ ! -d /etc/murano ]; then mkdir /etc/murano @@ -21,4 +22,10 @@ fi echo $AgentConfigBase64 | base64 -d > /etc/murano/agent.conf chmod 664 /etc/murano/agent.conf +if [ ! -d /etc/murano/certs ]; then + mkdir /etc/murano/certs +fi +echo $RMQCaCertBase64 | base64 -d > /etc/murano/certs/ca_certs +chmod 664 /etc/murano/certs/ca_certs + service murano-agent start diff --git a/murano/common/config.py b/murano/common/config.py index a4a7e42e..9f62b8ce 100644 --- a/murano/common/config.py +++ b/murano/common/config.py @@ -54,8 +54,9 @@ rabbit_opts = [ cfg.BoolOpt('ssl', default=False, help='Boolean flag to enable SSL communication through the ' 'RabbitMQ broker between murano-engine and guest agents.'), + cfg.StrOpt('ca_certs', default='', - help='SSL cert file (valid only if SSL enabled).') + help='SSL cert file (valid only if SSL enabled).'), ] heat_opts = [ diff --git a/murano/engine/system/yaql_functions.py b/murano/engine/system/yaql_functions.py index bfddf5ae..19693952 100644 --- a/murano/engine/system/yaql_functions.py +++ b/murano/engine/system/yaql_functions.py @@ -93,8 +93,14 @@ def _convert_macro_parameter(macro, mappings): @specs.parameter('group', yaqltypes.String()) @specs.parameter('setting', yaqltypes.String()) -def config(group, setting): - return cfg.CONF[group][setting] +@specs.parameter('read_as_file', bool) +def config(group, setting, read_as_file=False): + config_value = cfg.CONF[group][setting] + if read_as_file: + with open(config_value) as target_file: + return target_file.read() + else: + return config_value @specs.parameter('setting', yaqltypes.String())