Add RabbitMQ SSL support
Change-Id: I6efe4819fb703ea815de259cb91b2ee50f51a0e3
This commit is contained in:
parent
a914270e28
commit
76423fd42a
|
@ -37,6 +37,23 @@
|
|||
# password to connect to the rabbit_server. Optional. Defaults to empty.
|
||||
# [*rabbit_virtual_host*]
|
||||
# virtualhost to use. Optional. Defaults to '/'
|
||||
# [*rabbit_use_ssl*]
|
||||
# (optional) Connect over SSL for RabbitMQ
|
||||
# Defaults to false
|
||||
# [*kombu_ssl_ca_certs*]
|
||||
# (optional) SSL certification authority file (valid only if SSL enabled).
|
||||
# Defaults to undef
|
||||
# [*kombu_ssl_certfile*]
|
||||
# (optional) SSL cert file (valid only if SSL enabled).
|
||||
# Defaults to undef
|
||||
# [*kombu_ssl_keyfile*]
|
||||
# (optional) SSL key file (valid only if SSL enabled).
|
||||
# Defaults to undef
|
||||
# [*kombu_ssl_version*]
|
||||
# (optional) SSL version to use (valid only if SSL enabled).
|
||||
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
|
||||
# available on some distributions.
|
||||
# Defaults to 'SSLv3'
|
||||
#
|
||||
# [*qpid_hostname*]
|
||||
# [*qpid_port*]
|
||||
|
@ -70,6 +87,11 @@ class ceilometer(
|
|||
$rabbit_userid = 'guest',
|
||||
$rabbit_password = '',
|
||||
$rabbit_virtual_host = '/',
|
||||
$rabbit_use_ssl = false,
|
||||
$kombu_ssl_ca_certs = undef,
|
||||
$kombu_ssl_certfile = undef,
|
||||
$kombu_ssl_keyfile = undef,
|
||||
$kombu_ssl_version = 'SSLv3',
|
||||
$qpid_hostname = 'localhost',
|
||||
$qpid_port = 5672,
|
||||
$qpid_username = 'guest',
|
||||
|
@ -151,6 +173,40 @@ class ceilometer(
|
|||
'DEFAULT/rabbit_userid' : value => $rabbit_userid;
|
||||
'DEFAULT/rabbit_password' : value => $rabbit_password;
|
||||
'DEFAULT/rabbit_virtual_host' : value => $rabbit_virtual_host;
|
||||
'DEFAULT/rabbit_use_ssl' : value => $rabbit_use_ssl;
|
||||
}
|
||||
|
||||
if $rabbit_use_ssl {
|
||||
if $kombu_ssl_ca_certs {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
|
||||
} else {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
|
||||
}
|
||||
|
||||
if $kombu_ssl_certfile {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
|
||||
} else {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
|
||||
}
|
||||
|
||||
if $kombu_ssl_keyfile {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
|
||||
} else {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
|
||||
}
|
||||
|
||||
if $kombu_ssl_version {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
|
||||
} else {
|
||||
ceilometer_config { 'DEFAULT/kombu_ssl_version': ensure => absent}
|
||||
}
|
||||
} else {
|
||||
ceilometer_config {
|
||||
'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
|
||||
'DEFAULT/kombu_ssl_certfile': ensure => absent;
|
||||
'DEFAULT/kombu_ssl_keyfile': ensure => absent;
|
||||
'DEFAULT/kombu_ssl_version': ensure => absent;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ describe 'ceilometer' do
|
|||
context 'with rabbit_host parameter' do
|
||||
before { params.merge!( rabbit_params ) }
|
||||
it_configures 'a ceilometer base installation'
|
||||
it_configures 'rabbit with SSL support'
|
||||
it_configures 'rabbit without HA support (with backward compatibility)'
|
||||
end
|
||||
|
||||
|
@ -44,12 +45,14 @@ describe 'ceilometer' do
|
|||
context 'with one server' do
|
||||
before { params.merge!( rabbit_params ).merge!( :rabbit_hosts => ['127.0.0.1:5672'] ) }
|
||||
it_configures 'a ceilometer base installation'
|
||||
it_configures 'rabbit with SSL support'
|
||||
it_configures 'rabbit without HA support (without backward compatibility)'
|
||||
end
|
||||
|
||||
context 'with multiple servers' do
|
||||
before { params.merge!( rabbit_params ).merge!( :rabbit_hosts => ['rabbit1:5672', 'rabbit2:5672'] ) }
|
||||
it_configures 'a ceilometer base installation'
|
||||
it_configures 'rabbit with SSL support'
|
||||
it_configures 'rabbit with HA support'
|
||||
end
|
||||
end
|
||||
|
@ -208,6 +211,45 @@ describe 'ceilometer' do
|
|||
it { should contain_ceilometer_config('DEFAULT/rabbit_ha_queues').with_value('true') }
|
||||
end
|
||||
|
||||
shared_examples_for 'rabbit with SSL support' do
|
||||
context "with default parameters" do
|
||||
it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('false') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_ensure('absent') }
|
||||
end
|
||||
|
||||
context "with SSL enabled" do
|
||||
before { params.merge!( :rabbit_use_ssl => 'true' ) }
|
||||
it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
|
||||
|
||||
context "with ca_certs" do
|
||||
before { params.merge!( :kombu_ssl_ca_certs => '/path/to/ca.crt' ) }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ca.crt') }
|
||||
end
|
||||
|
||||
context "with certfile" do
|
||||
before { params.merge!( :kombu_ssl_certfile => '/path/to/cert.crt' ) }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/cert.crt') }
|
||||
end
|
||||
|
||||
context "with keyfile" do
|
||||
before { params.merge!( :kombu_ssl_keyfile => '/path/to/cert.key' ) }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/cert.key') }
|
||||
end
|
||||
|
||||
context "with version" do
|
||||
before { params.merge!( :kombu_ssl_version => 'TLSv1' ) }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'qpid support' do
|
||||
context("with default parameters") do
|
||||
it { should contain_ceilometer_config('DEFAULT/qpid_reconnect').with_value(true) }
|
||||
|
|
Loading…
Reference in New Issue