Pass [rabbitmq]/ca_certs file to murano-spawned instance

Change-Id: I0d7a66b66d47c5996df8047225dcd9323d328412 Closes-Bug: #1568172
2016-04-18 18:33:56 +03:00 · 2016-04-18 18:33:56 +03:00 · 21e877c22d
commit 21e877c22d
parent 1d76573c41
5 changed files with 23 additions and 5 deletions
--- a/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml
+++ b/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml
@ -80,7 +80,11 @@ Methods:
            "%AGENT_CONFIG_BASE64%": base64encode($configFile.replace($configReplacements))
            "%INTERNAL_HOSTNAME%": $.name
            "%MURANO_SERVER_ADDRESS%": coalesce(config(file_server), $rabbitMqParams.host)
-            "%CA_ROOT_CERT_BASE64%": ""
+        - If: config(rabbitmq, ca_certs)
+          Then:
+            - $scriptReplacements["%CA_ROOT_CERT_BASE64%"]: base64encode(config(rabbitmq, ca_certs, true))
+          Else:
+            - $scriptReplacements["%CA_ROOT_CERT_BASE64%"]: ''
        - $muranoReplacements:
            "%MURANO_AGENT_CONF%": base64encode($muranoAgentConf)
            "%MURANO_AGENT_SERVICE%": base64encode($muranoAgentService)
--- a/meta/io.murano/Resources/Agent-v2.template
+++ b/meta/io.murano/Resources/Agent-v2.template
@ -25,7 +25,7 @@ port = %RABBITMQ_PORT%
 ssl = %RABBITMQ_SSL%

 # Path to SSL CA certificate or empty to allow self signed server certificate
-ca_certs =
+ca_certs = '/etc/murano/certs/ca_certs'

 # RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password.
 login = %RABBITMQ_USER%
--- a/meta/io.murano/Resources/linux-init.sh
+++ b/meta/io.murano/Resources/linux-init.sh
@ -14,6 +14,7 @@
 service murano-agent stop

 AgentConfigBase64='%AGENT_CONFIG_BASE64%'
+RMQCaCertBase64='%CA_ROOT_CERT_BASE64%'

 if [ ! -d /etc/murano ]; then
    mkdir /etc/murano
@ -21,4 +22,10 @@ fi
 echo $AgentConfigBase64 | base64 -d > /etc/murano/agent.conf
 chmod 664 /etc/murano/agent.conf

+if [ ! -d /etc/murano/certs ]; then
+    mkdir /etc/murano/certs
+fi
+echo $RMQCaCertBase64 | base64 -d > /etc/murano/certs/ca_certs
+chmod 664 /etc/murano/certs/ca_certs
+
 service murano-agent start
--- a/murano/common/config.py
+++ b/murano/common/config.py
@ -54,8 +54,9 @@ rabbit_opts = [
    cfg.BoolOpt('ssl', default=False,
                help='Boolean flag to enable SSL communication through the '
                'RabbitMQ broker between murano-engine and guest agents.'),
+
    cfg.StrOpt('ca_certs', default='',
-               help='SSL cert file (valid only if SSL enabled).')
+               help='SSL cert file (valid only if SSL enabled).'),
 ]

 heat_opts = [
--- a/murano/engine/system/yaql_functions.py
+++ b/murano/engine/system/yaql_functions.py
@ -93,8 +93,14 @@ def _convert_macro_parameter(macro, mappings):

@specs.parameter('group', yaqltypes.String())
@specs.parameter('setting', yaqltypes.String())
-def config(group, setting):
-    return cfg.CONF[group][setting]
+@specs.parameter('read_as_file', bool)
+def config(group, setting, read_as_file=False):
+    config_value = cfg.CONF[group][setting]
+    if read_as_file:
+        with open(config_value) as target_file:
+            return target_file.read()
+    else:
+        return config_value


@specs.parameter('setting', yaqltypes.String())