9 Commits

Author SHA1 Message Date
Raildo
963b473380 Adding key_size option on the certmonger_certificate function
certmonger_certificate function currently does not support
creating certificates with private keys stronger than 2048bits.
Adding a key_size option.

key_size option were added on puppet_certmonger on the v2.6.0
upstream: https://github.com/saltedsignal/puppet-certmonger/releases/tag/v2.6.0

Change-Id: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
(cherry picked from commit 190aebca609e8ec68586cfa4ced9f2efa65758d1)
2021-01-05 15:45:15 +00:00
Tobias Urdin
1523a4b804 Convert all class usage to relative names
Change-Id: Ib2ed745b682cf12f9469a5a64451adcabec400af
2019-12-08 23:23:25 +01:00
Michele Baldessari
1e65c3f4fc Make puppet-tripleo compatible with latest puppet-rabbitmq
https://review.opendev.org/#/c/677082/ merged today and moved puppet-rabbitmq to 9.1.0
which is breaking our spec tests:

https://zuul.opendev.org/t/openstack/build/e767db93fe214514bebc065a64288548/log/job-output.txt

So we error out with things like:
2019-08-19 07:19:37.527187 | centos-7 | 1) tripleo::certmonger::rabbitmq on redhat-7-x86_64 behaves like tripleo::certmonger::rabbitmq should include the base for using certmonger
2019-08-19 07:19:37.527435 | centos-7 | Failure/Error: include ::rabbitmq::params
2019-08-19 07:19:37.527713 | centos-7 | Puppet::PreformattedError:
2019-08-19 07:19:37.528769 | centos-7 | Evaluation Error: Error while evaluating a Function Call, Could not find class ::rabbitmq::params for centos-7-rax-ord-0010255916 (file: /home/zuul/workspace/spec/fixtures/modules/tripleo/manifests/certmonger/rabbitmq.pp, line: 51, column: 3) on node centos-7-rax-ord-0010255916

Let's remove any reference to rabbitmq::params and also the following
two notifies:
  File[$service_certificate] ~> Service<| title == $::rabbitmq::service_name |>
  File[$service_key] ~> Service<| title == $::rabbitmq::service_name |>

They do nothing in a containerized deployment anyway.

Tested as follows:
- Full downstream OSP15 HA deploy

Change-Id: Ib7c373c10ff7bcd8ec33cb912a8a0a4a32a196e2
Closes-Bug: #1840641
2019-08-19 21:27:33 +02:00
Grzegorz Grasza
801391a13e rabbitmq: Remove default post-save command for certmonger
The default command didn't work, so we need to fix that.

The script additionally copies the certificates in the right place
and instead of restarting RabbitMQ, it triggers a pem cache reload.

Related-Bug: #1811401
Needed-By: I3e564f9a5abdbf11d0580c4ff801092f32bcc678
Change-Id: Id06633a1adaafe1fef1d3d7f6b2af3ef5ffc9d4a
2019-01-25 15:47:32 +01:00
Juan Antonio Osorio Robles
2bf893c14b Fix certificate ownership of rabbitmq
We no longer have the rabbitmq user as part of the overcloud
hosts. We rely instead on kolla setting the right permissions in
the container.

Change-Id: Iaa159fcfe78d16be59e2d9baf51a65119f50c427
Closes-Bug: #1771752
2018-05-17 07:08:22 +00:00
Juan Antonio Osorio Robles
095d130f9d Certmonger: Make postsave command configurable
We need to make it configurable since these commands don't apply for
containerized environments. This way we can restart containers or
disable restarting and rely on other means.

This stems from the issue that some services get accidentally started by
certmonger on containerized environments, which makes the container
initialization fail.

bp tls-via-certmonger-containers

Change-Id: I62ff89362cfcc80e6e62fad09110918c36802813
2017-08-18 18:59:35 +00:00
Juan Antonio Osorio Robles
ec7f064060 Certmonger/rabbitmq: Remove parameter doc for unexisting parameter
This parameter was used at some point in the implementation but ended up
not being needed in favor of getting this information from the puppet
manifest. So it's removed as the parameter doesn't actually exist.

Change-Id: I09f4091ee7a2221b26249959ea2927090d36ba0f
2017-04-05 09:12:37 +03:00
Juan Antonio Osorio Robles
9bc973e3f4 Add tests for tripleo::certmonger::rabbitmq class
Change-Id: I1668b749779bf812d8f55b695dd138cde7eb09d6
2017-03-09 16:19:52 +00:00
Juan Antonio Osorio Robles
3b6113bf0f Enable TLS in the internal network for RabbitMQ
This optionally enables TLS for RabbitMQ  in the internal network. Note
that this leaves enable_internal_tls as undef instead of using the
regular default. This is because we don't want to enable this just now,
since we first want to pass the necessary hieradata via t-h-t. This will
be cleaned in further commits.

bp tls-via-certmonger
Depends-On: I4f37e77ae12e9582fab7d326ebd4c70127c5445f
Depends-On: Ic32b2cb253fa0dc43aad7226b24919b7e588faa9
Change-Id: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-09 11:08:20 +00:00