From fb7ea6734e241da655d436ddf9906e4c886ffa5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Tue, 8 Jan 2019 09:58:40 +0100 Subject: [PATCH] Flatten rabbitmq service - step 1 This flattens rabbitmq and removes puppet parts. The next step will move the flattened templates to their final location. It's split in two steps in order to make reviews easier on that big change. Change-Id: I30f0802770d86d64e2ec6fa93dc9a608d4b15d69 --- .../messaging/notify-rabbitmq-shared.yaml | 37 ++-- .../services/messaging/notify-rabbitmq.yaml | 98 +++++++-- docker/services/messaging/rpc-rabbitmq.yaml | 100 +++++++-- .../services/pacemaker/notify-rabbitmq.yaml | 4 +- docker/services/pacemaker/rabbitmq.yaml | 14 +- docker/services/pacemaker/rpc-rabbitmq.yaml | 2 +- docker/services/rabbitmq.yaml | 156 ++++++++++++-- environments/baremetal-services.yaml | 2 +- .../messaging/notify-rabbitmq-shared.yaml | 63 ------ .../services/messaging/notify-rabbitmq.yaml | 147 ------------- puppet/services/messaging/rpc-rabbitmq.yaml | 148 ------------- puppet/services/pacemaker/rabbitmq.yaml | 58 ------ puppet/services/rabbitmq.yaml | 195 ------------------ sample-env-generator/messaging.yaml | 4 +- sample-env-generator/ssl.yaml | 2 +- tools/yaml-validate.py | 3 - 16 files changed, 352 insertions(+), 681 deletions(-) delete mode 100644 puppet/services/messaging/notify-rabbitmq-shared.yaml delete mode 100644 puppet/services/messaging/notify-rabbitmq.yaml delete mode 100644 puppet/services/messaging/rpc-rabbitmq.yaml delete mode 100644 puppet/services/pacemaker/rabbitmq.yaml delete mode 100644 puppet/services/rabbitmq.yaml diff --git a/docker/services/messaging/notify-rabbitmq-shared.yaml b/docker/services/messaging/notify-rabbitmq-shared.yaml index bda313e604..4262459ead 100644 --- a/docker/services/messaging/notify-rabbitmq-shared.yaml +++ b/docker/services/messaging/notify-rabbitmq-shared.yaml @@ -30,25 +30,38 @@ parameters: default: {} description: Parameters specific to the role type: json + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string resources: ContainersCommon: type: ../containers-common.yaml - RabbitmqBase: - type: ../../../puppet/services/messaging/notify-rabbitmq-shared.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: description: Role data for the oslo messaging notify role. value: - service_name: {get_attr: [RabbitmqBase, role_data, service_name]} - global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + service_name: oslo_messaging_notify + global_config_settings: + oslo_messaging_notify_scheme: rabbit + oslo_messaging_notify_user_name: {get_param: RpcUserName} + oslo_messaging_notify_password: {get_param: RpcPassword} + oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL} + oslo_messaging_notify_port: {get_param: RpcPort} diff --git a/docker/services/messaging/notify-rabbitmq.yaml b/docker/services/messaging/notify-rabbitmq.yaml index 368fdb870d..26293e6b9f 100644 --- a/docker/services/messaging/notify-rabbitmq.yaml +++ b/docker/services/messaging/notify-rabbitmq.yaml @@ -48,9 +48,25 @@ parameters: type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. + NotifyPort: + default: 5672 + description: The network port for messaging Notify backend + type: number + NotifyUserName: + default: guest + description: The username for messaging Notifications + type: string + NotifyPassword: + description: The password for messaging Notifications + type: string + hidden: true + NotifyUseSSL: + default: false + description: Messaging Notification client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -58,13 +74,13 @@ resources: ContainersCommon: type: ../containers-common.yaml - RabbitmqBase: - type: ../../../puppet/services/messaging/notify-rabbitmq.yaml + RabbitMQServiceBase: + type: ../rabbitmq.yaml properties: - EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -72,18 +88,68 @@ outputs: role_data: description: Role data for the Rabbitmq API role. value: - service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + service_name: oslo_messaging_notify + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} # RabbitMQ plugins initialization occurs on every node - global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + global_config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] + - oslo_messaging_notify_scheme: rabbit + oslo_messaging_notify_user_name: {get_param: NotifyUserName} + oslo_messaging_notify_password: {get_param: NotifyPassword} + oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL} + oslo_messaging_notify_port: {get_param: NotifyPort} config_settings: map_merge: - - {get_attr: [RabbitmqBase, role_data, config_settings]} - - rabbitmq::admin_enable: false - - if: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::default_user: {get_param: NotifyUserName} + rabbitmq::default_pass: {get_param: NotifyPassword} + tripleo::oslo_messaging_notify::firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - {get_param: NotifyPort} + - 25672 + rabbitmq::port: {get_param: NotifyPort} + rabbitmq::interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + rabbitmq::ssl: {get_param: EnableInternalTLS} + rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} + rabbitmq::ssl_port: {get_param: NotifyPort} + rabbitmq::ssl_only: {get_param: EnableInternalTLS} + rabbitmq::ssl_interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} + rabbitmq::admin_enable: false + - + if: - internal_tls_enabled - - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - generate_service_certificates: true + tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + principal: + str_replace: + template: "rabbitmq/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" - {} - service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq @@ -91,7 +157,7 @@ outputs: list_join: - "\n" - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" - - get_attr: [RabbitmqBase, role_data, step_config] + - "include ::tripleo::profile::base::rabbitmq" config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: @@ -208,7 +274,13 @@ outputs: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z metadata_settings: - get_attr: [RabbitmqBase, role_data, metadata_settings] + if: + - internal_tls_enabled + - + - service: rabbitmq + network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + type: node + - null host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/messaging/rpc-rabbitmq.yaml b/docker/services/messaging/rpc-rabbitmq.yaml index b144655829..0e3f492da9 100644 --- a/docker/services/messaging/rpc-rabbitmq.yaml +++ b/docker/services/messaging/rpc-rabbitmq.yaml @@ -48,9 +48,26 @@ parameters: type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -58,13 +75,13 @@ resources: ContainersCommon: type: ../containers-common.yaml - RabbitmqBase: - type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml + RabbitMQServiceBase: + type: ../rabbitmq.yaml properties: - EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -72,18 +89,67 @@ outputs: role_data: description: Role data for the Rabbitmq API role. value: - service_name: {get_attr: [RabbitmqBase, role_data, service_name]} - # RabbitMQ plugins initialization occurs on every node - global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + service_name: oslo_messaging_rpc + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} + global_config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] + - oslo_messaging_rpc_scheme: rabbit + oslo_messaging_rpc_user_name: {get_param: RpcUserName} + oslo_messaging_rpc_password: {get_param: RpcPassword} + oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL} + oslo_messaging_rpc_port: {get_param: RpcPort } config_settings: map_merge: - - {get_attr: [RabbitmqBase, role_data, config_settings]} - - rabbitmq::admin_enable: false - - if: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::default_user: {get_param: RpcUserName} + rabbitmq::default_pass: {get_param: RpcPassword} + tripleo::oslo_messaging_rpc::firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - {get_param: RpcPort} + - 25672 + rabbitmq::port: {get_param: RpcPort} + rabbitmq::interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + rabbitmq::ssl: {get_param: EnableInternalTLS} + rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} + rabbitmq::ssl_port: {get_param: RpcPort} + rabbitmq::ssl_only: {get_param: EnableInternalTLS} + rabbitmq::ssl_interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} + rabbitmq::admin_enable: false + - + if: - internal_tls_enabled - - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - generate_service_certificates: true + tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + principal: + str_replace: + template: "rabbitmq/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" - {} - service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq @@ -91,7 +157,7 @@ outputs: list_join: - "\n" - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" - - get_attr: [RabbitmqBase, role_data, step_config] + - "include ::tripleo::profile::base::rabbitmq" config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: @@ -208,7 +274,13 @@ outputs: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z metadata_settings: - get_attr: [RabbitmqBase, role_data, metadata_settings] + if: + - internal_tls_enabled + - + - service: rabbitmq + network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + type: node + - null host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/pacemaker/notify-rabbitmq.yaml b/docker/services/pacemaker/notify-rabbitmq.yaml index 731c02be56..1ac12e2290 100644 --- a/docker/services/pacemaker/notify-rabbitmq.yaml +++ b/docker/services/pacemaker/notify-rabbitmq.yaml @@ -71,7 +71,7 @@ resources: type: ../containers-common.yaml RabbitmqBase: - type: ../../../puppet/services/messaging/notify-rabbitmq.yaml + type: ../messaging/notify-rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -115,7 +115,7 @@ outputs: list_join: - "\n" - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" - - get_attr: [RabbitmqBase, role_data, step_config] + - "include ::tripleo::profile::base::rabbitmq" config_image: {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 03c9588e6c..b3cf1dc1e0 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -70,13 +70,13 @@ resources: ContainersCommon: type: ../containers-common.yaml - RabbitmqBase: - type: ../../../puppet/services/rabbitmq.yaml + RabbitMQServiceBase: + type: ../rabbitmq.yaml properties: - EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -84,10 +84,12 @@ outputs: role_data: description: Role data for the Rabbitmq API role. value: - service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + service_name: rabbitmq + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - - {get_attr: [RabbitmqBase, role_data, config_settings]} + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::service_manage: false - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest list_join: @@ -257,7 +259,7 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd --ns 1 --nslist pid); do kill $pid; done metadata_settings: - get_attr: [RabbitmqBase, role_data, metadata_settings] + get_attr: [RabbitMQServiceBase, role_data, metadata_settings] deploy_steps_tasks: - name: RabbitMQ tag container image for pacemaker when: step|int == 1 diff --git a/docker/services/pacemaker/rpc-rabbitmq.yaml b/docker/services/pacemaker/rpc-rabbitmq.yaml index b7a3cfe4c1..bf50f42331 100644 --- a/docker/services/pacemaker/rpc-rabbitmq.yaml +++ b/docker/services/pacemaker/rpc-rabbitmq.yaml @@ -71,7 +71,7 @@ resources: type: ../containers-common.yaml RabbitmqBase: - type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml + type: ../messaging/rpc-rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 47e0d97bdd..e40f6a9080 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -48,6 +48,50 @@ parameters: type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitFDLimit: + default: 65536 + description: Configures RabbitMQ FD limit + type: number + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + RabbitCookie: + type: string + default: '' + hidden: true + RabbitHAQueues: + description: + The number of HA queues to be configured in rabbit. The default is -1 which + translates to "ha-mode all". The special value 0 will be automatically + overridden to CEIL(N/2) where N is the number of nodes running rabbitmq. + default: 0 + type: number + RabbitNetTickTime: + description: + The number of seconds to configure the value of the erlang + net_ticktime kernel variable. + default: 15 + type: number + RabbitAdditionalErlArgs: + description: + Additional parameters passed to the Erlang subsystem. The string + needs to be enclosed in quotes twice. We default to +sbwt none + in order to have the erlang vm be less busy on spinlocks, but + we allow a simple way of overriding it. + default: "'+sbwt none'" + type: string + MonitoringSubscriptionRabbitmq: + default: 'overcloud-rabbitmq' + type: string conditions: @@ -58,31 +102,107 @@ resources: ContainersCommon: type: ./containers-common.yaml - RabbitmqBase: - type: ../../puppet/services/rabbitmq.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: description: Role data for the Rabbitmq API role. value: - service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + service_name: rabbitmq + monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq} # RabbitMQ plugins initialization occurs on every node config_settings: map_merge: - - {get_attr: [RabbitmqBase, role_data, config_settings]} + - + rabbitmq::file_limit: {get_param: RabbitFDLimit} + rabbitmq::default_user: {get_param: RabbitUserName} + rabbitmq::default_pass: {get_param: RabbitPassword} + rabbit_ipv6: {get_param: RabbitIPv6} + tripleo::rabbitmq::firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - 5672 + - 25672 + rabbitmq::delete_guest_user: false + rabbitmq::wipe_db_on_cookie_change: true + rabbitmq::port: 5672 + rabbitmq::package_provider: yum + rabbitmq::package_source: undef + rabbitmq::repos_ensure: false + rabbitmq::tcp_keepalive: true + rabbitmq_environment: + NODE_PORT: '' + NODE_IP_ADDRESS: '' + RABBITMQ_NODENAME: "rabbit@%{::hostname}" + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"' + RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs} + 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" + rabbitmq_kernel_variables: + inet_dist_listen_min: '25672' + inet_dist_listen_max: '25672' + net_ticktime: {get_param: RabbitNetTickTime} + rabbitmq_config_variables: + cluster_partition_handling: 'ignore' + queue_master_locator: '<<"min-masters">>' + loopback_users: '[]' + rabbitmq::erlang_cookie: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + # NOTE: bind IP is found in hiera replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + rabbitmq::interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} + rabbitmq::ssl: {get_param: EnableInternalTLS} + rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} + rabbitmq::ssl_port: 5672 + rabbitmq::ssl_depth: 1 + rabbitmq::ssl_only: {get_param: EnableInternalTLS} + rabbitmq::ssl_interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + # TODO(jaosorior): Remove this once we set a proper default in + # puppet-tripleo + tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} + - + if: + - internal_tls_enabled + - generate_service_certificates: true + tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + principal: + str_replace: + template: "rabbitmq/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" + - {} - rabbitmq::admin_enable: false - if: - internal_tls_enabled - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here - {} - service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq @@ -90,7 +210,7 @@ outputs: list_join: - "\n" - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" - - get_attr: [RabbitmqBase, role_data, step_config] + - "include ::tripleo::profile::base::rabbitmq" config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: @@ -207,7 +327,13 @@ outputs: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq metadata_settings: - get_attr: [RabbitmqBase, role_data, metadata_settings] + if: + - internal_tls_enabled + - + - service: rabbitmq + network: {get_param: [ServiceNetMap, RabbitmqNetwork]} + type: node + - null host_prep_tasks: - name: create persistent directories file: diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index 6643bf7052..c92baa51e9 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -49,7 +49,7 @@ resource_registry: OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml OS::TripleO::Services::Qdr: OS::Heat::None - OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml OS::TripleO::Services::Sshd: ../deployment/sshd/sshd-baremetal-puppet.yaml OS::TripleO::Services::SwiftDispersion: ../deployment/swift/swift-dispersion-baremetal-puppet.yaml diff --git a/puppet/services/messaging/notify-rabbitmq-shared.yaml b/puppet/services/messaging/notify-rabbitmq-shared.yaml deleted file mode 100644 index 05f9e32df2..0000000000 --- a/puppet/services/messaging/notify-rabbitmq-shared.yaml +++ /dev/null @@ -1,63 +0,0 @@ -heat_template_version: rocky - -description: > - RabbitMQ service for messaging Notifications configured with Puppet - using a single shared rabbit backend - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - RpcPort: - default: 5672 - description: The network port for messaging backend - type: number - RpcUserName: - default: guest - description: The username for messaging backend - type: string - RpcPassword: - description: The password for messaging backend - type: string - hidden: true - RpcUseSSL: - default: false - description: > - Messaging client subscriber parameter to specify - an SSL connection to the messaging host. - type: string - -outputs: - role_data: - description: Role data for the OsloMessagingNotify role. - value: - service_name: oslo_messaging_notify - global_config_settings: - oslo_messaging_notify_scheme: rabbit - oslo_messaging_notify_user_name: {get_param: RpcUserName} - oslo_messaging_notify_password: {get_param: RpcPassword} - oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL} - oslo_messaging_notify_port: {get_param: RpcPort} diff --git a/puppet/services/messaging/notify-rabbitmq.yaml b/puppet/services/messaging/notify-rabbitmq.yaml deleted file mode 100644 index e4764760d1..0000000000 --- a/puppet/services/messaging/notify-rabbitmq.yaml +++ /dev/null @@ -1,147 +0,0 @@ -heat_template_version: rocky - -description: > - RabbitMQ service for messaging Notifications configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NotifyPort: - default: 5672 - description: The network port for messaging Notify backend - type: number - NotifyUserName: - default: guest - description: The username for messaging Notifications - type: string - NotifyPassword: - description: The password for messaging Notifications - type: string - hidden: true - NotifyUseSSL: - default: false - description: Messaging Notification client subscriber parameter to specify - an SSL connection to the messaging host. - type: string - EnableInternalTLS: - type: boolean - default: false - -resources: - RabbitMQServiceBase: - type: ../rabbitmq.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - -outputs: - role_data: - description: Role data for the OsloMessagingNotify role. - value: - service_name: oslo_messaging_notify - monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} - global_config_settings: - map_merge: - - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] - - oslo_messaging_notify_scheme: rabbit - oslo_messaging_notify_user_name: {get_param: NotifyUserName} - oslo_messaging_notify_password: {get_param: NotifyPassword} - oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL} - oslo_messaging_notify_port: {get_param: NotifyPort} - config_settings: - map_merge: - - get_attr: [RabbitMQServiceBase, role_data, config_settings] - - rabbitmq::default_user: {get_param: NotifyUserName} - rabbitmq::default_pass: {get_param: NotifyPassword} - tripleo::oslo_messaging_notify::firewall_rules: - '109 rabbitmq': - dport: - - 4369 - - {get_param: NotifyPort} - - 25672 - rabbitmq::port: {get_param: NotifyPort} - rabbitmq::interface: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} - rabbitmq::ssl: {get_param: EnableInternalTLS} - rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} - rabbitmq::ssl_port: {get_param: NotifyPort} - rabbitmq::ssl_only: {get_param: EnableInternalTLS} - rabbitmq::ssl_interface: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} - tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} - - - if: - - internal_tls_enabled - - generate_service_certificates: true - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - tripleo::profile::base::rabbitmq::certificate_specs: - service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - service_key: '/etc/pki/tls/private/rabbitmq.key' - hostname: - str_replace: - template: "%{hiera('fqdn_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} - principal: - str_replace: - template: "rabbitmq/%{hiera('fqdn_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} - postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" - - {} - step_config: | - include ::tripleo::profile::base::rabbitmq - upgrade_tasks: - - name: Stop rabbitmq service - when: step|int == 2 - service: name=rabbitmq-server state=stopped - - name: Start rabbitmq service - when: step|int == 4 - service: name=rabbitmq-server state=started - metadata_settings: - if: - - internal_tls_enabled - - - - service: rabbitmq - network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} - type: node - - null diff --git a/puppet/services/messaging/rpc-rabbitmq.yaml b/puppet/services/messaging/rpc-rabbitmq.yaml deleted file mode 100644 index 30f9e8018b..0000000000 --- a/puppet/services/messaging/rpc-rabbitmq.yaml +++ /dev/null @@ -1,148 +0,0 @@ -heat_template_version: rocky - -description: > - RabbitMQ service for messaging RPCs configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - RpcPort: - default: 5672 - description: The network port for messaging backend - type: number - RpcUserName: - default: guest - description: The username for messaging backend - type: string - RpcPassword: - description: The password for messaging backend - type: string - hidden: true - RpcUseSSL: - default: false - description: > - Messaging client subscriber parameter to specify - an SSL connection to the messaging host. - type: string - EnableInternalTLS: - type: boolean - default: false - -resources: - RabbitMQServiceBase: - type: ../rabbitmq.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - -outputs: - role_data: - description: Role data for the OsloMessagingRpc role. - value: - service_name: oslo_messaging_rpc - monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} - global_config_settings: - map_merge: - - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] - - oslo_messaging_rpc_scheme: rabbit - oslo_messaging_rpc_user_name: {get_param: RpcUserName} - oslo_messaging_rpc_password: {get_param: RpcPassword} - oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL} - oslo_messaging_rpc_port: {get_param: RpcPort } - config_settings: - map_merge: - - get_attr: [RabbitMQServiceBase, role_data, config_settings] - - rabbitmq::default_user: {get_param: RpcUserName} - rabbitmq::default_pass: {get_param: RpcPassword} - tripleo::oslo_messaging_rpc::firewall_rules: - '109 rabbitmq': - dport: - - 4369 - - {get_param: RpcPort} - - 25672 - rabbitmq::port: {get_param: RpcPort} - rabbitmq::interface: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} - rabbitmq::ssl: {get_param: EnableInternalTLS} - rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} - rabbitmq::ssl_port: {get_param: RpcPort} - rabbitmq::ssl_only: {get_param: EnableInternalTLS} - rabbitmq::ssl_interface: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} - tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} - - - if: - - internal_tls_enabled - - generate_service_certificates: true - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - tripleo::profile::base::rabbitmq::certificate_specs: - service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - service_key: '/etc/pki/tls/private/rabbitmq.key' - hostname: - str_replace: - template: "%{hiera('fqdn_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} - principal: - str_replace: - template: "rabbitmq/%{hiera('fqdn_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} - postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" - - {} - step_config: | - include ::tripleo::profile::base::rabbitmq - upgrade_tasks: - - name: Stop rabbitmq service - when: step|int == 2 - service: name=rabbitmq-server state=stopped - - name: Start rabbitmq service - when: step|int == 4 - service: name=rabbitmq-server state=started - metadata_settings: - if: - - internal_tls_enabled - - - - service: rabbitmq - network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} - type: node - - null diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml deleted file mode 100644 index 54b1babf27..0000000000 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ /dev/null @@ -1,58 +0,0 @@ -heat_template_version: rocky - -description: > - RabbitMQ service with Pacemaker configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - RabbitMQServiceBase: - type: ../rabbitmq.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the RabbitMQ pacemaker role. - value: - service_name: rabbitmq - monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [RabbitMQServiceBase, role_data, config_settings] - - rabbitmq::service_manage: false - step_config: | - include ::tripleo::profile::pacemaker::rabbitmq - metadata_settings: - get_attr: [RabbitMQServiceBase, role_data, metadata_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml deleted file mode 100644 index 69e2eb5c6a..0000000000 --- a/puppet/services/rabbitmq.yaml +++ /dev/null @@ -1,195 +0,0 @@ -heat_template_version: rocky - -description: > - RabbitMQ service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitFDLimit: - default: 65536 - description: Configures RabbitMQ FD limit - type: number - RabbitIPv6: - default: false - description: Enable IPv6 in RabbitMQ - type: boolean - RabbitCookie: - type: string - default: '' - hidden: true - RabbitHAQueues: - description: - The number of HA queues to be configured in rabbit. The default is -1 which - translates to "ha-mode all". The special value 0 will be automatically - overridden to CEIL(N/2) where N is the number of nodes running rabbitmq. - default: 0 - type: number - RabbitNetTickTime: - description: - The number of seconds to configure the value of the erlang - net_ticktime kernel variable. - default: 15 - type: number - RabbitAdditionalErlArgs: - description: - Additional parameters passed to the Erlang subsystem. The string - needs to be enclosed in quotes twice. We default to +sbwt none - in order to have the erlang vm be less busy on spinlocks, but - we allow a simple way of overriding it. - default: "'+sbwt none'" - type: string - MonitoringSubscriptionRabbitmq: - default: 'overcloud-rabbitmq' - type: string - EnableInternalTLS: - type: boolean - default: false - -conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - -outputs: - role_data: - description: Role data for the RabbitMQ role. - value: - service_name: rabbitmq - monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq} - config_settings: - map_merge: - - - rabbitmq::file_limit: {get_param: RabbitFDLimit} - rabbitmq::default_user: {get_param: RabbitUserName} - rabbitmq::default_pass: {get_param: RabbitPassword} - rabbit_ipv6: {get_param: RabbitIPv6} - tripleo::rabbitmq::firewall_rules: - '109 rabbitmq': - dport: - - 4369 - - 5672 - - 25672 - rabbitmq::delete_guest_user: false - rabbitmq::wipe_db_on_cookie_change: true - rabbitmq::port: 5672 - rabbitmq::package_provider: yum - rabbitmq::package_source: undef - rabbitmq::repos_ensure: false - rabbitmq::tcp_keepalive: true - rabbitmq_environment: - NODE_PORT: '' - NODE_IP_ADDRESS: '' - RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"' - RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs} - 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" - rabbitmq_kernel_variables: - inet_dist_listen_min: '25672' - inet_dist_listen_max: '25672' - net_ticktime: {get_param: RabbitNetTickTime} - rabbitmq_config_variables: - cluster_partition_handling: 'ignore' - queue_master_locator: '<<"min-masters">>' - loopback_users: '[]' - rabbitmq::erlang_cookie: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: RabbitCookie} - - {get_param: [DefaultPasswords, rabbit_cookie]} - # NOTE: bind IP is found in hiera replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - rabbitmq::interface: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} - rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} - rabbitmq::ssl: {get_param: EnableInternalTLS} - rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} - rabbitmq::ssl_port: 5672 - rabbitmq::ssl_depth: 1 - rabbitmq::ssl_only: {get_param: EnableInternalTLS} - rabbitmq::ssl_interface: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} - # TODO(jaosorior): Remove this once we set a proper default in - # puppet-tripleo - tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} - - - if: - - internal_tls_enabled - - generate_service_certificates: true - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - tripleo::profile::base::rabbitmq::certificate_specs: - service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - service_key: '/etc/pki/tls/private/rabbitmq.key' - hostname: - str_replace: - template: "%{hiera('fqdn_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} - principal: - str_replace: - template: "rabbitmq/%{hiera('fqdn_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} - postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh" - - {} - step_config: | - include ::tripleo::profile::base::rabbitmq - upgrade_tasks: - - name: Stop rabbitmq service - when: step|int == 2 - service: name=rabbitmq-server state=stopped - - name: Start rabbitmq service - when: step|int == 4 - service: name=rabbitmq-server state=started - metadata_settings: - if: - - internal_tls_enabled - - - - service: rabbitmq - network: {get_param: [ServiceNetMap, RabbitmqNetwork]} - type: node - - null diff --git a/sample-env-generator/messaging.yaml b/sample-env-generator/messaging.yaml index 6bd53cd835..dcdd405909 100644 --- a/sample-env-generator/messaging.yaml +++ b/sample-env-generator/messaging.yaml @@ -3,7 +3,7 @@ environments: name: messaging/rpc-rabbitmq-notify-rabbitmq-shared title: Share single rabbitmq backend for rpc and notify messaging backend files: - puppet/services/messaging/rpc-rabbitmq.yaml: + docker/services/messaging/rpc-rabbitmq.yaml: parameters: - RpcPort sample_value: @@ -21,7 +21,7 @@ environments: puppet/services/messaging/rpc-qdrouterd.yaml: parameters: - RpcPort - puppet/services/messaging/notify-rabbitmq.yaml: + docker/services/messaging/notify-rabbitmq.yaml: parameters: - NotifyPort sample_values: diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index e07e999b52..4f54d56f97 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -37,7 +37,7 @@ environments: puppet/services/nova-base.yaml: parameters: - RpcUseSSL - puppet/services/messaging/notify-rabbitmq.yaml: + docker/services/messaging/notify-rabbitmq.yaml: parameters: - NotifyUseSSL overcloud.yaml: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 83f2149c68..9dee5f2bdd 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -235,9 +235,6 @@ VALIDATE_PUPPET_OVERRIDE = { # qdr aliases rabbitmq service to provide alternative messaging backend './puppet/services/qdr.yaml': False, # puppet/services/messaging/*.yaml provide oslo_messaging services - './puppet/services/messaging/notify-rabbitmq-shared.yaml': False, - './puppet/services/messaging/notify-rabbitmq.yaml': False, - './puppet/services/messaging/rpc-rabbitmq.yaml': False, './puppet/services/messaging/rpc-qdrouterd.yaml': False, }