deb-murano/murano/common/config.py
Stan Lagun 091b4d1d18 Allow insecure SSL communications with RabbitMQ
Add insecure option to [rabbitmq] section of murano.conf

This is a partial fix because it improves Engine <-> RMQ
 communications but the same problem exist on
 Agent <-> RMQ side

 Partial-Bug: #1578421

Change-Id: I55207c3016da12be45918a7dc33795abf69627b4
2016-05-11 11:19:43 -07:00

343 lines
13 KiB
Python

# Copyright 2011 OpenStack LLC.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_log import log as logging
from oslo_middleware import cors
from murano.common.i18n import _
from murano import version
paste_deploy_opts = [
cfg.StrOpt('flavor', help='Paste flavor'),
cfg.StrOpt('config_file', help='Path to Paste config file'),
]
bind_opts = [
cfg.StrOpt('bind-host', default='0.0.0.0',
help='Address to bind the Murano API server to.'),
cfg.PortOpt('bind-port',
default=8082,
help='Port the bind the Murano API server to.'),
]
rabbit_opts = [
cfg.StrOpt('host', default='localhost',
help='The RabbitMQ broker address which used for communication '
'with Murano guest agents.'),
cfg.PortOpt('port',
default=5672,
help='The RabbitMQ broker port.'),
cfg.StrOpt('login', default='guest',
help='The RabbitMQ login.'),
cfg.StrOpt('password', default='guest',
help='The RabbitMQ password.'),
cfg.StrOpt('virtual_host', default='/',
help='The RabbitMQ virtual host.'),
cfg.BoolOpt('ssl', default=False,
help='Boolean flag to enable SSL communication through the '
'RabbitMQ broker between murano-engine and guest agents.'),
cfg.StrOpt('ca_certs', default='',
help='SSL cert file (valid only if SSL enabled).'),
cfg.BoolOpt('insecure', default=False,
help='This option explicitly allows Murano to perform '
'"insecure" SSL connections to RabbitMQ'),
]
heat_opts = [
cfg.StrOpt('url', help='Optional heat endpoint override'),
cfg.BoolOpt('insecure', default=False,
help='This option explicitly allows Murano to perform '
'"insecure" SSL connections and transfers with Heat API.'),
cfg.StrOpt('ca_file',
help='(SSL) Tells Murano to use the specified certificate file '
'to verify the peer running Heat API.'),
cfg.StrOpt('cert_file',
help='(SSL) Tells Murano to use the specified client '
'certificate file when communicating with Heat.'),
cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name to '
'communicate with Heat API.'),
cfg.StrOpt('endpoint_type', default='publicURL',
help='Heat endpoint type.'),
cfg.ListOpt('stack_tags', default=['murano'],
help='List of tags to be assigned to heat stacks created '
'during environment deployment.')
]
mistral_opts = [
cfg.StrOpt('url', help='Optional mistral endpoint override'),
cfg.StrOpt('endpoint_type', default='publicURL',
help='Mistral endpoint type.'),
cfg.StrOpt('service_type', default='workflowv2',
help='Mistral service type.'),
cfg.BoolOpt('insecure', default=False,
help='This option explicitly allows Murano to perform '
'"insecure" SSL connections and transfers with Mistral.'),
cfg.StrOpt('ca_cert',
help='(SSL) Tells Murano to use the specified client '
'certificate file when communicating with Mistral.')
]
neutron_opts = [
cfg.StrOpt('url', help='Optional neutron endpoint override'),
cfg.BoolOpt('insecure', default=False,
help='This option explicitly allows Murano to perform '
'"insecure" SSL connections and transfers with Neutron API.'),
cfg.StrOpt('ca_cert',
help='(SSL) Tells Murano to use the specified client '
'certificate file when communicating with Neutron.'),
cfg.StrOpt('endpoint_type', default='publicURL',
help='Neutron endpoint type.')
]
murano_opts = [
cfg.StrOpt('url', help='Optional murano url in format '
'like http://0.0.0.0:8082 used by Murano engine'),
cfg.BoolOpt('insecure', default=False,
help='This option explicitly allows Murano to perform '
'"insecure" SSL connections and transfers used by '
'Murano engine.'),
cfg.StrOpt('cacert',
help='(SSL) Tells Murano to use the specified client '
'certificate file when communicating with Murano API '
'used by Murano engine.'),
cfg.StrOpt('cert_file',
help='(SSL) Tells Murano to use the specified client '
'certificate file when communicating with Murano '
'used by Murano engine.'),
cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name '
'to communicate with Murano API used by '
'Murano engine.'),
cfg.StrOpt('endpoint_type', default='publicURL',
help='Murano endpoint type used by Murano engine.'),
cfg.ListOpt('enabled_plugins',
help="List of enabled Extension Plugins. "
"Remove or leave commented to enable all installed "
"plugins."),
cfg.IntOpt('package_size_limit', default=5,
help='Maximum application package size, Mb',
deprecated_group='packages_opts'),
cfg.IntOpt('limit_param_default', default=20,
help='Default value for package pagination in API.',
deprecated_group='packages_opts'),
cfg.IntOpt('api_limit_max', default=100,
help='Maximum number of packages to be returned in a single '
'pagination request',
deprecated_group='packages_opts'),
]
networking_opts = [
cfg.IntOpt('max_environments', default=250,
help='Maximum number of environments that use a single router '
'per tenant'),
cfg.IntOpt('max_hosts', default=250,
help='Maximum number of VMs per environment'),
cfg.StrOpt('env_ip_template', default='10.0.0.0',
help='Template IP address for generating environment '
'subnet cidrs'),
cfg.ListOpt('default_dns', default=[],
help='List of default DNS nameservers to be assigned to '
'created Networks'),
cfg.StrOpt('external_network', default='ext-net',
help='ID or name of the external network for routers '
'to connect to'),
cfg.StrOpt('router_name', default='murano-default-router',
help='Name of the router that going to be used in order to '
'join all networks created by Murano'),
cfg.BoolOpt('create_router', default=True,
help='This option will create a router when one with '
'"router_name" does not exist'),
cfg.StrOpt('network_config_file', default='netconfig.yaml',
help='If provided networking configuration will be taken '
'from this file')
]
stats_opts = [
cfg.IntOpt('period', default=5,
help=_('Statistics collection interval in minutes.'
'Default value is 5 minutes.'))
]
engine_opts = [
cfg.BoolOpt('disable_murano_agent', default=False,
help=_('Disallow the use of murano-agent')),
cfg.StrOpt('class_configs', default='/etc/murano/class-configs',
help=_('Path to class configuration files')),
cfg.BoolOpt('use_trusts', default=True,
help=_("Create resources using trust token rather "
"than user's token")),
cfg.BoolOpt('enable_model_policy_enforcer', default=False,
help=_('Enable model policy enforcer using Congress')),
cfg.IntOpt('agent_timeout', default=3600,
help=_('Time for waiting for a response from murano agent '
'during the deployment')),
cfg.IntOpt('workers',
help=_('Number of workers')),
cfg.ListOpt('load_packages_from', default=[],
help=_('List of directories to load local packages from. '
'If not provided, packages will be loaded only API'),
deprecated_group='packages_opts'),
cfg.StrOpt('packages_cache',
help='Location (directory) for Murano package cache.',
deprecated_group='packages_opts'),
cfg.BoolOpt('enable_packages_cache', default=True,
help=_('Enables murano-engine to persist on disk '
'packages downloaded during deployments. '
'The packages would be re-used for consequent '
'deployments.'),
deprecated_group='packages_opts'),
cfg.StrOpt('packages_service', default='murano',
help=_('The service to store murano packages: murano (stands '
'for legacy behavior using murano-api) or glance '
'(stands for glance-glare artifact service)'),
deprecated_group='packages_opts'),
]
# TODO(sjmc7): move into engine opts?
metadata_dir = [
cfg.StrOpt('metadata-dir', default='./meta',
help='Metadata dir')
]
glare_opts = [
cfg.StrOpt('url', help='Optional glare url in format '
'like http://0.0.0.0:9494 used by Glare API',
deprecated_group='glance'),
cfg.BoolOpt('insecure', default=False,
help='This option explicitly allows Murano to perform '
'"insecure" SSL connections and transfers with Glare API.',
deprecated_group='glance'),
cfg.StrOpt('ca_file',
help='(SSL) Tells Murano to use the specified certificate file '
'to verify the peer running Glare API.',
deprecated_group='glance'),
cfg.StrOpt('cert_file',
help='(SSL) Tells Murano to use the specified client '
'certificate file when communicating with Glare.',
deprecated_group='glance'),
cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name to '
'communicate with Glare API.',
deprecated_group='glance'),
cfg.StrOpt('endpoint_type', default='publicURL',
help='Glare endpoint type.',
deprecated_group='glance')
]
file_server = [
cfg.StrOpt('file_server', default='',
help='Set a file server.')
]
home_region = cfg.StrOpt(
'home_region', default=None,
help="Default region name used to get services endpoints.")
CONF = cfg.CONF
CONF.register_opts(paste_deploy_opts, group='paste_deploy')
CONF.register_cli_opts(bind_opts)
CONF.register_opts(rabbit_opts, group='rabbitmq')
CONF.register_opts(heat_opts, group='heat')
CONF.register_opts(mistral_opts, group='mistral')
CONF.register_opts(neutron_opts, group='neutron')
CONF.register_opts(murano_opts, group='murano')
CONF.register_opts(engine_opts, group='engine')
CONF.register_opts(file_server)
CONF.register_opt(home_region)
CONF.register_cli_opts(metadata_dir)
CONF.register_opts(stats_opts, group='stats')
CONF.register_opts(networking_opts, group='networking')
CONF.register_opts(glare_opts, group='glare')
def parse_args(args=None, usage=None, default_config_files=None):
logging.register_options(CONF)
CONF(args=args,
project='murano',
version=version.version_string,
usage=usage,
default_config_files=default_config_files)
def set_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
# CORS Defaults
# TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/
cfg.set_defaults(cors.CORS_OPTS,
allow_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Configuration-Session',
'X-Roles',
'X-User-Id',
'X-Tenant-Id'],
expose_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Configuration-Session',
'X-Roles',
'X-User-Id',
'X-Tenant-Id'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)