761ea9a333
This change adds support for encryption of communication between OpenStack services and RabbitMQ. Server certificates are supported, but currently client certificates are not. The kolla-ansible certificates command has been updated to support generating certificates for RabbitMQ for development and testing. RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when The Zuul 'tls_enabled' variable is true. Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5 Implements: blueprint message-queue-ssl-support
62 lines
1.9 KiB
Django/Jinja
62 lines
1.9 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ trove_logging_debug }}
|
|
|
|
log_dir = /var/log/kolla/trove
|
|
|
|
{% if enable_trove_singletenant | bool %}
|
|
nova_proxy_admin_pass = {{ trove_keystone_password }}
|
|
nova_proxy_admin_tenant_name = service
|
|
nova_proxy_admin_user = trove
|
|
remote_nova_client = trove.common.single_tenant_remote.nova_client_trove_admin
|
|
remote_cinder_client = trove.common.single_tenant_remote.cinder_client_trove_admin
|
|
remote_neutron_client = trove.common.single_tenant_remote.neutron_client_trove_admin
|
|
{% endif %}
|
|
taskmanager_manager = trove.taskmanager.manager.Manager
|
|
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
nova_compute_endpoint_type = internalURL
|
|
neutron_endpoint_type = internalURL
|
|
cinder_endpoint_type = internalURL
|
|
swift_endpoint_type = internalURL
|
|
glance_endpoint_type = internalURL
|
|
trove_endpoint_type = internalURL
|
|
|
|
network_driver = trove.network.neutron.NeutronDriver
|
|
|
|
[service_credentials]
|
|
auth_url = {{ keystone_internal_url }}/v3
|
|
region_name = {{ openstack_region_name }}
|
|
project_name = service
|
|
password = {{ trove_keystone_password }}
|
|
project_domain_name = {{ default_project_domain_name }}
|
|
user_domain_name = {{ default_user_domain_name }}
|
|
username = {{ trove_keystone_user }}
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ trove_database_user }}:{{ trove_database_password }}@{{ trove_database_address }}/{{ trove_database_name }}
|
|
max_retries = -1
|
|
|
|
[oslo_messaging_notifications]
|
|
transport_url = {{ notify_transport_url }}
|
|
{% if trove_enabled_notification_topics %}
|
|
driver = messagingv2
|
|
topics = {{ trove_enabled_notification_topics | map(attribute='name') | join(',') }}
|
|
{% else %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
{% if om_enable_rabbitmq_tls | bool %}
|
|
[oslo_messaging_rabbit]
|
|
ssl = true
|
|
ssl_ca_file = {{ om_rabbitmq_cacert }}
|
|
{% endif %}
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|