Add rabbit ssl parameters

Reasons: - We must be able to active and configure ssl for RabbitMq Changes: - Add rabbit_use_ssl option - Add kombu_ssl_ca_certs option - Add kombu_ssl_certfile option - Add kombu_ssl_keyfile option - Add kombu_ssl_version option Change-Id: I504e968c7be929b0f040fd50e89a0de0ea3e6860
2014-03-27 11:19:02 +01:00
parent 5d556d75b7
commit 9e7c3f6e71
2 changed files with 111 additions and 0 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -71,6 +71,28 @@
 #   (optional) The RabbitMQ virtual host.
 #   Defaults to '/'
 #
 # [*rabbit_use_ssl*]
 #   (optional) Connect over SSL for RabbitMQ
 #   Defaults to false
 #
 # [*kombu_ssl_ca_certs*]
 #   (optional) SSL certification authority file (valid only if SSL enabled).
 #   Defaults to undef
 #
 # [*kombu_ssl_certfile*]
 #   (optional) SSL cert file (valid only if SSL enabled).
 #   Defaults to undef
 #
 # [*kombu_ssl_keyfile*]
 #   (optional) SSL key file (valid only if SSL enabled).
 #   Defaults to undef
 #
 # [*kombu_ssl_version*]
 #   (optional) SSL version to use (valid only if SSL enabled).
 #   Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
 #   available on some distributions.
 #   Defaults to 'SSLv3'
 #
 # [*amqp_durable_queues*]
 #   (optional) Define queues as "durable" to rabbitmq.
 #   Defaults to false
@@ -188,6 +210,11 @@ class nova(
  $rabbit_port              = '5672',
  $rabbit_userid            = 'guest',
  $rabbit_virtual_host      = '/',
  $rabbit_use_ssl           = false,
  $kombu_ssl_ca_certs       = undef,
  $kombu_ssl_certfile       = undef,
  $kombu_ssl_keyfile        = undef,
  $kombu_ssl_version        = 'SSLv3',
  $amqp_durable_queues      = false,
  $qpid_hostname            = 'localhost',
  $qpid_port                = '5672',
@@ -358,9 +385,43 @@ class nova(
      'DEFAULT/rabbit_password':     value => $rabbit_password, secret => true;
      'DEFAULT/rabbit_userid':       value => $rabbit_userid;
      'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
      'DEFAULT/rabbit_use_ssl':      value => $rabbit_use_ssl;
      'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
    }
    if $rabbit_use_ssl {
      if $kombu_ssl_ca_certs {
        nova_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
      } else {
        nova_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
      }
      if $kombu_ssl_certfile {
        nova_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
      } else {
        nova_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
      }
      if $kombu_ssl_keyfile {
        nova_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
      } else {
        nova_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
      }
      if $kombu_ssl_version {
        nova_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
      } else {
        nova_config { 'DEFAULT/kombu_ssl_version': ensure => absent}
      }
    } else {
      nova_config {
        'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
        'DEFAULT/kombu_ssl_certfile': ensure => absent;
        'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
        'DEFAULT/kombu_ssl_version':  ensure => absent;
      }
    }
    if $rabbit_hosts {
      nova_config { 'DEFAULT/rabbit_hosts':     value => join($rabbit_hosts, ',') }
      nova_config { 'DEFAULT/rabbit_ha_queues': value => true }
--- a/spec/classes/nova_init_spec.rb
+++ b/spec/classes/nova_init_spec.rb
@@ -250,7 +250,12 @@ describe 'nova' do
        should_not contain_nova_config('DEFAULT/rabbit_port')
        should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673,rabbit2:5674')
        should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(false)
        should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
      end
    end
@@ -264,6 +269,7 @@ describe 'nova' do
        should_not contain_nova_config('DEFAULT/rabbit_port')
        should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
        should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(false)
        should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
      end
    end
@@ -279,7 +285,51 @@ describe 'nova' do
        should_not contain_nova_config('DEFAULT/rabbit_port')
        should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
        should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(false)
        should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(true)
        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
      end
    end
    context 'with rabbit_use_ssl parameter' do
      let :params do
        { :rabbit_hosts   => ['rabbit:5673'],
          :rabbit_use_ssl => 'true' }
      end
      it 'configures rabbit' do
        should_not contain_nova_config('DEFAULT/rabbit_host')
        should_not contain_nova_config('DEFAULT/rabbit_port')
        should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
        should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(true)
        should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
        should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('SSLv3')
      end
    end
    context 'with amqp ssl parameters' do
      let :params do
        { :rabbit_hosts       => ['rabbit:5673'],
          :rabbit_use_ssl     => 'true',
          :kombu_ssl_ca_certs => '/etc/ca.cert',
          :kombu_ssl_certfile => '/etc/certfile',
          :kombu_ssl_keyfile  => '/etc/key',
          :kombu_ssl_version  => 'TLSv1', }
      end
      it 'configures rabbit' do
        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(true)
        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_value('/etc/ca.cert')
        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_value('/etc/certfile')
        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_value('/etc/key')
        should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
      end
    end