qdr: Add SSL support
Change-Id: Ia878bc4a877753bc4784b13bf1c22c22e8324c1f
This commit is contained in:
parent
70ffa996f4
commit
423046a6a4
|
@ -31,6 +31,22 @@
|
|||
# directly because it requires a string and we have a number.
|
||||
# Defaults to 5672
|
||||
#
|
||||
# [*listener_require_ssl*]
|
||||
# (optional) Require the use of SSL on the connection
|
||||
# Defaults to false
|
||||
#
|
||||
# [*listener_ssl_cert_db*]
|
||||
# (optional) Path to certificate db
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*listener_ssl_cert_file*]
|
||||
# (optional) Path to certificat file
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*listener_ssl_key_file*]
|
||||
# (optional) Path to private key file
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*qdr_log_enable*]
|
||||
# Log level for the qdrouterd module
|
||||
# Defaults to 'info+'
|
||||
|
@ -48,11 +64,22 @@ class tripleo::profile::base::qdr (
|
|||
$qdr_username = undef,
|
||||
$qdr_password = undef,
|
||||
$qdr_listener_port = 5672,
|
||||
$listener_require_ssl = false,
|
||||
$listener_ssl_cert_db = undef,
|
||||
$listener_ssl_cert_file = undef,
|
||||
$listener_ssl_key_file = undef,
|
||||
$qdr_log_enable = 'info+',
|
||||
$oslomsg_rpc_hosts = hiera('oslo_messaging_rpc_node_names', undef),
|
||||
$step = Integer(hiera('step')),
|
||||
) {
|
||||
$qdr_node_names = $oslomsg_rpc_hosts
|
||||
|
||||
if $listener_require_ssl {
|
||||
$ssl_opts = {'sslProfile' => "Router.${::fqdn}"}
|
||||
} else {
|
||||
$ssl_opts = {}
|
||||
}
|
||||
|
||||
if $step >= 1 {
|
||||
# For multi-node deployments of the dispatch router, a mesh of
|
||||
# inter-router links is created. Bi-directional links must
|
||||
|
@ -73,9 +100,10 @@ class tripleo::profile::base::qdr (
|
|||
if true in $memo {
|
||||
$memo
|
||||
} else {
|
||||
$memo + [{'host' => $node,
|
||||
'role' => 'inter-router',
|
||||
'port' => '31460'}]
|
||||
$memo + [merge($ssl_opts,
|
||||
{ 'host' => $node,
|
||||
'role' => 'inter-router',
|
||||
'port' => '31460'})]
|
||||
}
|
||||
}
|
||||
} - true
|
||||
|
@ -87,9 +115,10 @@ class tripleo::profile::base::qdr (
|
|||
|
||||
$extra_listeners = size($qdr_node_names) ? {
|
||||
1 => [],
|
||||
default => [{'host' => '0.0.0.0',
|
||||
'port' => '31460',
|
||||
'role' => 'inter-router'}],
|
||||
default => [merge($ssl_opts,
|
||||
{ 'host' => '0.0.0.0',
|
||||
'port' => '31460',
|
||||
'role' => 'inter-router'})],
|
||||
}
|
||||
|
||||
$extra_addresses = [{'prefix' => 'openstack.org/om/rpc/multicast',
|
||||
|
@ -106,13 +135,17 @@ class tripleo::profile::base::qdr (
|
|||
'distribution' => 'balanced'}]
|
||||
|
||||
class { 'qdr':
|
||||
listener_addr => '0.0.0.0',
|
||||
listener_port => "${qdr_listener_port}",
|
||||
router_mode => $router_mode,
|
||||
connectors => $connectors,
|
||||
extra_listeners => $extra_listeners,
|
||||
extra_addresses => $extra_addresses,
|
||||
log_enable => "${qdr_log_enable}",
|
||||
listener_addr => '0.0.0.0',
|
||||
listener_port => "${qdr_listener_port}",
|
||||
listener_require_ssl => $listener_require_ssl,
|
||||
listener_ssl_cert_db => $listener_ssl_cert_db,
|
||||
listener_ssl_cert_file => $listener_ssl_cert_file,
|
||||
listener_ssl_key_file => $listener_ssl_key_file,
|
||||
router_mode => $router_mode,
|
||||
connectors => $connectors,
|
||||
extra_listeners => $extra_listeners,
|
||||
extra_addresses => $extra_addresses,
|
||||
log_enable => "${qdr_log_enable}",
|
||||
}
|
||||
|
||||
qdr_user { $qdr_username:
|
||||
|
|
|
@ -105,6 +105,45 @@ describe 'tripleo::profile::base::qdr' do
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with step 3 on node3 of multinode with ssl' do
|
||||
before do
|
||||
facts.merge!({
|
||||
:hostname => 'node3.example.com',
|
||||
:fqdn => 'node3.example.com',
|
||||
})
|
||||
params.merge!({
|
||||
:oslomsg_rpc_hosts => ['node1.example.com','node2.example.com','node3.example.com'],
|
||||
:listener_require_ssl => 'yes',
|
||||
})
|
||||
end
|
||||
|
||||
it 'should set up interior listener with sslProfile and two connectors with sslProfile' do
|
||||
is_expected.to contain_class('qdr').with(
|
||||
# this should be true instead of 'yes', because 'yes' is deprecated,
|
||||
# but until we have rspec-puppet >= 2.7.9 to get:
|
||||
#
|
||||
# https://github.com/rodjek/rspec-puppet/commit/5e6b5e40dd22c5db5a8c7d8f21597d8ba95b1ddc
|
||||
#
|
||||
# Then it will throw a FrozenError. So just test with 'yes' instead.
|
||||
:listener_require_ssl => 'yes',
|
||||
:router_mode => 'interior',
|
||||
:extra_listeners => [{'sslProfile' => 'Router.node3.example.com',
|
||||
'host' => '0.0.0.0',
|
||||
'port' => '31460',
|
||||
'role' => 'inter-router'}],
|
||||
:connectors => [
|
||||
{"sslProfile" => "Router.node3.example.com",
|
||||
"host" => "node1.example.com",
|
||||
"role" => "inter-router",
|
||||
"port" => "31460"},
|
||||
{"sslProfile" => "Router.node3.example.com",
|
||||
"host" => "node2.example.com",
|
||||
"role" => "inter-router",
|
||||
"port" => "31460"}],
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os.each do |os, facts|
|
||||
|
|
Loading…
Reference in New Issue