openstack/tripleo-heat-templates
Code Issues Proposed changes

Switch to rabbitmq fqdn hostnames and pass proper CA info

Browse Source 
With this change we make sure that the 'RABBITMQ_NODENAME' is the fqdn
and that we use it when connecting to the node itself via rabbitmqctl.
We also make sure we set the CA to the one defined in the InternalTLSCAFile
template parameter.

Testing protocol is described in the parent change
("I4f853de3b532b3b5e71d29aa621a2925c3885393")

Related-Bug: #1946374

Depends-On: Ib0236f9c086d520d0a27e3aa8b41927bc7b50c26
Change-Id: I621557a037fbedc5c110f905dbe19290cc92b772
This commit is contained in:
Michele Baldessari 2021-10-04 17:42:33 +02:00
parent 5640a60086
commit b5ae7f8467
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
deployment/rabbitmq/rabbitmq-container-puppet.yaml
View File

@ -101,6 +101,11 @@ parameters:
default: '' default: ''
description: Override the private key size used when creating the description: Override the private key size used when creating the
certificate for this service certificate for this service
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
RabbitmqEnableManagementAccess: RabbitmqEnableManagementAccess:
type: boolean type: boolean
default: false default: false
@ -166,7 +171,13 @@ outputs:
LC_ALL: 'en_US.UTF-8' LC_ALL: 'en_US.UTF-8'
NODE_PORT: '' NODE_PORT: ''
NODE_IP_ADDRESS: '' NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}" RABBITMQ_NODENAME:
str_replace:
template:
"rabbit@%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
RABBITMQ_USE_LONGNAME: 'true'
RABBITMQ_CTL_DIST_PORT_MIN: '25673' RABBITMQ_CTL_DIST_PORT_MIN: '25673'
RABBITMQ_CTL_DIST_PORT_MAX: '25683' RABBITMQ_CTL_DIST_PORT_MAX: '25683'
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
@ -199,6 +210,8 @@ outputs:
rabbitmq::ssl_port: 5672 rabbitmq::ssl_port: 5672
rabbitmq::ssl_depth: 1 rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS} rabbitmq::ssl_only: {get_param: EnableInternalTLS}
rabbitmq::ssl_cacert: {get_param: InternalTLSCAFile}
rabbitmq::ssl_management_cacert: {get_param: InternalTLSCAFile}
rabbitmq::ssl_interface: rabbitmq::ssl_interface:
str_replace: str_replace:
template: template: