Added SSL parameters for Rabbit
Added rabbit_use_ssl and kombu_* parameters to configure Rabbit over SSL. Change-Id: I198a099b33393fa72288510a8d9e8723dea6d105
This commit is contained in:
parent
17851d5401
commit
779a18f23c
|
@ -70,6 +70,33 @@
|
|||
# (optional) The RabbitMQ virtual host.
|
||||
# Defaults to '/'
|
||||
#
|
||||
# [*rabbit_use_ssl*]
|
||||
# (optional) Connect over SSL for RabbitMQ
|
||||
# Defaults to false
|
||||
#
|
||||
# [*kombu_ssl_ca_certs*]
|
||||
# (optional) SSL certification authority file (valid only if SSL enabled).
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*kombu_ssl_certfile*]
|
||||
# (optional) SSL cert file (valid only if SSL enabled).
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*kombu_ssl_keyfile*]
|
||||
# (optional) SSL key file (valid only if SSL enabled).
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*kombu_ssl_version*]
|
||||
# (optional) SSL version to use (valid only if SSL enabled).
|
||||
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
|
||||
# available on some distributions.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*kombu_reconnect_delay*]
|
||||
# (optional) How long to wait before reconnecting in response to an AMQP
|
||||
# consumer cancel notification.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*notification_driver*]
|
||||
# (optional) Driver used for issuing notifications
|
||||
# Defaults to 'messaging'
|
||||
|
@ -86,25 +113,31 @@
|
|||
#
|
||||
|
||||
class designate(
|
||||
$package_ensure = present,
|
||||
$common_package_name = $::designate::params::common_package_name,
|
||||
$verbose = undef,
|
||||
$debug = undef,
|
||||
$log_dir = undef,
|
||||
$use_syslog = undef,
|
||||
$use_stderr = undef,
|
||||
$log_facility = undef,
|
||||
$root_helper = 'sudo designate-rootwrap /etc/designate/rootwrap.conf',
|
||||
$rabbit_host = '127.0.0.1',
|
||||
$rabbit_port = '5672',
|
||||
$rabbit_hosts = false,
|
||||
$rabbit_userid = 'guest',
|
||||
$rabbit_password = '',
|
||||
$rabbit_virtual_host = '/',
|
||||
$notification_driver = 'messaging',
|
||||
$notification_topics = 'notifications',
|
||||
$package_ensure = present,
|
||||
$common_package_name = $::designate::params::common_package_name,
|
||||
$verbose = undef,
|
||||
$debug = undef,
|
||||
$log_dir = undef,
|
||||
$use_syslog = undef,
|
||||
$use_stderr = undef,
|
||||
$log_facility = undef,
|
||||
$root_helper = 'sudo designate-rootwrap /etc/designate/rootwrap.conf',
|
||||
$rabbit_host = '127.0.0.1',
|
||||
$rabbit_port = '5672',
|
||||
$rabbit_hosts = false,
|
||||
$rabbit_userid = 'guest',
|
||||
$rabbit_password = '',
|
||||
$rabbit_virtual_host = '/',
|
||||
$rabbit_use_ssl = false,
|
||||
$kombu_ssl_ca_certs = $::os_service_default,
|
||||
$kombu_ssl_certfile = $::os_service_default,
|
||||
$kombu_ssl_keyfile = $::os_service_default,
|
||||
$kombu_ssl_version = $::os_service_default,
|
||||
$kombu_reconnect_delay = $::os_service_default,
|
||||
$notification_driver = 'messaging',
|
||||
$notification_topics = 'notifications',
|
||||
#DEPRECATED PARAMETER
|
||||
$rabbit_virtualhost = undef,
|
||||
$rabbit_virtualhost = undef,
|
||||
) inherits designate::params {
|
||||
|
||||
if $rabbit_virtualhost {
|
||||
|
@ -114,6 +147,19 @@ class designate(
|
|||
$rabbit_virtual_host_real = $rabbit_virtual_host
|
||||
}
|
||||
|
||||
if !is_service_default($kombu_ssl_ca_certs) and !$rabbit_use_ssl {
|
||||
fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
|
||||
}
|
||||
if !is_service_default($kombu_ssl_certfile) and !$rabbit_use_ssl {
|
||||
fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
|
||||
}
|
||||
if !is_service_default($kombu_ssl_keyfile) and !$rabbit_use_ssl {
|
||||
fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
|
||||
}
|
||||
if (is_service_default($kombu_ssl_certfile) and ! is_service_default($kombu_ssl_keyfile)) or (is_service_default($kombu_ssl_keyfile) and ! is_service_default($kombu_ssl_certfile)) {
|
||||
fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
|
||||
}
|
||||
|
||||
include ::designate::logging
|
||||
|
||||
exec { 'post-designate_config':
|
||||
|
@ -159,6 +205,12 @@ class designate(
|
|||
'oslo_messaging_rabbit/rabbit_userid' : value => $rabbit_userid;
|
||||
'oslo_messaging_rabbit/rabbit_password' : value => $rabbit_password, secret => true;
|
||||
'oslo_messaging_rabbit/rabbit_virtual_host' : value => $rabbit_virtual_host_real;
|
||||
'oslo_messaging_rabbit/rabbit_use_ssl' : value => $rabbit_use_ssl;
|
||||
'oslo_messaging_rabbit/kombu_ssl_ca_certs' : value => $kombu_ssl_ca_certs;
|
||||
'oslo_messaging_rabbit/kombu_ssl_certfile' : value => $kombu_ssl_certfile;
|
||||
'oslo_messaging_rabbit/kombu_ssl_keyfile' : value => $kombu_ssl_keyfile;
|
||||
'oslo_messaging_rabbit/kombu_ssl_version' : value => $kombu_ssl_version;
|
||||
'oslo_messaging_rabbit/kombu_reconnect_delay' : value => $kombu_reconnect_delay;
|
||||
}
|
||||
|
||||
if $rabbit_hosts {
|
||||
|
|
|
@ -39,12 +39,61 @@ describe 'designate' do
|
|||
}
|
||||
end
|
||||
|
||||
let :rabbit_use_ssl do
|
||||
{
|
||||
:rabbit_host => '127.0.0.1',
|
||||
:rabbit_port => 5672,
|
||||
:rabbit_userid => 'guest',
|
||||
:rabbit_password => '',
|
||||
:rabbit_virtual_host => '/',
|
||||
:rabbit_use_ssl => true,
|
||||
:kombu_ssl_ca_certs => 'ca goes here',
|
||||
:kombu_ssl_certfile => 'cert goes here',
|
||||
:kombu_ssl_keyfile => 'key goes here',
|
||||
:kombu_ssl_version => 'TLSv1',
|
||||
:kombu_reconnect_delay => '1.0',
|
||||
}
|
||||
end
|
||||
|
||||
let :rabbit_use_ssl_cert_no_key do
|
||||
{
|
||||
:rabbit_host => '127.0.0.1',
|
||||
:rabbit_port => 5672,
|
||||
:rabbit_userid => 'guest',
|
||||
:rabbit_password => '',
|
||||
:rabbit_virtual_host => '/',
|
||||
:rabbit_use_ssl => true,
|
||||
:kombu_ssl_ca_certs => 'ca goes here',
|
||||
:kombu_ssl_certfile => 'cert goes here',
|
||||
:kombu_ssl_version => 'TLSv1',
|
||||
:kombu_reconnect_delay => '1.0',
|
||||
}
|
||||
end
|
||||
|
||||
let :rabbit_use_ssl_key_no_cert do
|
||||
{
|
||||
:rabbit_host => '127.0.0.1',
|
||||
:rabbit_port => 5672,
|
||||
:rabbit_userid => 'guest',
|
||||
:rabbit_password => '',
|
||||
:rabbit_virtual_host => '/',
|
||||
:rabbit_use_ssl => true,
|
||||
:kombu_ssl_ca_certs => 'ca goes here',
|
||||
:kombu_ssl_keyfile => 'key goes here',
|
||||
:kombu_ssl_version => 'TLSv1',
|
||||
:kombu_reconnect_delay => '1.0',
|
||||
}
|
||||
end
|
||||
|
||||
shared_examples_for 'designate' do
|
||||
|
||||
context 'with rabbit_host parameter' do
|
||||
it_configures 'a designate base installation'
|
||||
it_configures 'rabbit without HA support'
|
||||
it_configures 'rabbit with HA support'
|
||||
it_configures 'rabbit with SSL support'
|
||||
it_configures 'rabbit with SSL no key'
|
||||
it_configures 'rabbit with SSL no cert'
|
||||
end
|
||||
|
||||
context 'with custom package name' do
|
||||
|
@ -160,13 +209,45 @@ describe 'designate' do
|
|||
|
||||
end
|
||||
|
||||
shared_examples_for 'rabbit with SSL support' do
|
||||
before { params.merge!( rabbit_use_ssl ) }
|
||||
|
||||
it 'configures rabbit with ssl' do
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/rabbit_userid').with_value( params[:rabbit_userid] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/rabbit_password').with_value( params[:rabbit_password] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/rabbit_password').with_value( params[:rabbit_password] ).with_secret(true)
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value( params[:rabbit_use_ssl] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value( params[:kombu_ssl_ca_certs] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value( params[:kombu_ssl_certfile] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value( params[:kombu_ssl_keyfile] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/kombu_ssl_version').with_value( params[:kombu_ssl_version] )
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value( params[:kombu_reconnect_delay] )
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'rabbit with SSL no key' do
|
||||
before { params.merge!( rabbit_use_ssl_cert_no_key ) }
|
||||
|
||||
it 'should fail' do
|
||||
is_expected.to raise_error(/The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together/)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'rabbit with SSL no cert' do
|
||||
before { params.merge!( rabbit_use_ssl_key_no_cert ) }
|
||||
|
||||
it 'should fail' do
|
||||
is_expected.to raise_error(/The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together/)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'rabbit with deprecated option' do
|
||||
before { params.merge!( rabbit_deprecated_params ) }
|
||||
|
||||
it 'configures rabbit' do
|
||||
is_expected.to contain_designate_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value( params[:rabbit_virtualhost] )
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
|
|
|
@ -17,7 +17,7 @@ describe 'designate::generic_service' do
|
|||
end
|
||||
|
||||
let :facts do
|
||||
{ :osfamily => 'Debian' }
|
||||
OSDefaults.get_facts({ :osfamily => 'Debian' })
|
||||
end
|
||||
|
||||
let :title do
|
||||
|
|
Loading…
Reference in New Issue