From ffdcbe7ff834c539ab57e161d82125005e92e930 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Thu, 6 May 2021 07:34:24 +0000 Subject: [PATCH] Add variables for rabbitmq ssl configuration Change-Id: Ie87b33a672168e9ab54c8d7869a09010a25458ad --- defaults/main.yml | 4 ++++ templates/glance-api.conf.j2 | 7 ++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 40161f98..301923a5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -101,6 +101,8 @@ glance_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}" glance_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" glance_oslomsg_rpc_userid: glance glance_oslomsg_rpc_vhost: /glance +glance_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}" +glance_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}" # Notify glance_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" @@ -112,6 +114,8 @@ glance_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" glance_oslomsg_notify_userid: "{{ glance_oslomsg_rpc_userid }}" glance_oslomsg_notify_password: "{{ glance_oslomsg_rpc_password }}" glance_oslomsg_notify_vhost: "{{ glance_oslomsg_rpc_vhost }}" +glance_oslomsg_notify_ssl_version: "{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}" +glance_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }}" ## (Qdrouterd) integration # TODO(ansmith): Change structure when more backends will be supported diff --git a/templates/glance-api.conf.j2 b/templates/glance-api.conf.j2 index 918d810f..165911e9 100644 --- a/templates/glance-api.conf.j2 +++ b/templates/glance-api.conf.j2 @@ -16,7 +16,7 @@ cinder_catalog_info = volumev3:cinderv3:internalURL enable_v2_api = {{ glance_enable_v2_api | bool }} -transport_url = {{ glance_oslomsg_rpc_transport }}://{% for host in glance_oslomsg_rpc_servers.split(',') %}{{ glance_oslomsg_rpc_userid }}:{{ glance_oslomsg_rpc_password }}@{{ host }}:{{ glance_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ glance_oslomsg_rpc_vhost }}{% if glance_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} +transport_url = {{ glance_oslomsg_rpc_transport }}://{% for host in glance_oslomsg_rpc_servers.split(',') %}{{ glance_oslomsg_rpc_userid }}:{{ glance_oslomsg_rpc_password }}@{{ host }}:{{ glance_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ glance_oslomsg_rpc_vhost }}{% if glance_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ glance_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ glance_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} scrub_time = 43200 @@ -63,13 +63,10 @@ policy_file = {{ glance_policy_file }} policy_default_rule = {{ glance_policy_default_rule }} policy_dirs = {{ glance_policy_dirs }} -[oslo_messaging_rabbit] -ssl = {{ glance_oslomsg_notify_use_ssl | bool }} - [oslo_messaging_notifications] topics = notifications driver = {{ (glance_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }} -transport_url = {{ glance_oslomsg_notify_transport }}://{% for host in glance_oslomsg_notify_servers.split(',') %}{{ glance_oslomsg_notify_userid }}:{{ glance_oslomsg_notify_password }}@{{ host }}:{{ glance_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ glance_oslomsg_notify_vhost }}{% if glance_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} +transport_url = {{ glance_oslomsg_notify_transport }}://{% for host in glance_oslomsg_notify_servers.split(',') %}{{ glance_oslomsg_notify_userid }}:{{ glance_oslomsg_notify_password }}@{{ host }}:{{ glance_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ glance_oslomsg_notify_vhost }}{% if glance_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ glance_oslomsg_notify_ssl_version }}&ssl_ca_file={{ glance_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [paste_deploy] flavor = {{ glance_flavor }}