diff --git a/deployment/rabbitmq/rabbitmq-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-container-puppet.yaml index 14964c9798..6c6298c101 100644 --- a/deployment/rabbitmq/rabbitmq-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-container-puppet.yaml @@ -117,16 +117,14 @@ parameter_groups: - RabbitIPv6 conditions: - - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} is_ipv6: equals: - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]} - 6 - key_size_override_unset: {equals: [{get_param: RabbitmqCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: RabbitmqCertificateKeySize}, '']} resources: - ContainersCommon: type: ../containers-common.yaml @@ -209,16 +207,7 @@ outputs: # puppet-tripleo tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} rabbitmq::collect_statistics_interval: 30000 - - - if: - - internal_tls_enabled - - - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - tripleo::profile::base::rabbitmq::certificate_specs: - service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - service_key: '/etc/pki/tls/private/rabbitmq.key' - - {} - - rabbitmq::admin_enable: false + rabbitmq::admin_enable: false rabbitmq::management_enable: true rabbitmq::use_config_file_for_plugins: true rabbitmq::management_ip_address: @@ -233,11 +222,17 @@ outputs: rabbitmq::management_port: 15672 rabbitmq::config_management_variables: rates_mode: none + tripleo::certmonger::rabbitmq::postsave_cmd: + if: + - {get_param: EnableInternalTLS} + - true - if: - - internal_tls_enabled - - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here - - {} - # BEGIN DOCKER SETTINGS + - {get_param: EnableInternalTLS} + - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq step_config: @@ -291,17 +286,14 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq - if: - - internal_tls_enabled - - - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - {get_param: EnableInternalTLS} + - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_BOOTSTRAP: true @@ -321,17 +313,14 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z - /var/log/containers/rabbitmq:/var/log/rabbitmq:z - if: - - internal_tls_enabled - - - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - {get_param: EnableInternalTLS} + - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS container_puppet_tasks: @@ -346,12 +335,10 @@ outputs: - /var/lib/rabbitmq:/var/lib/rabbitmq metadata_settings: if: - - internal_tls_enabled - - - - service: rabbitmq + - {get_param: EnableInternalTLS} + - - service: rabbitmq network: {get_param: [ServiceNetMap, RabbitmqNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -400,9 +387,9 @@ outputs: {{container_cli}} exec "$container_name" rabbitmqctl eval "ssl:clear_pem_cache()." key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: RabbitmqCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa host_prep_tasks: - name: creat fcontext entry for rabbitmq data @@ -421,7 +408,7 @@ outputs: - { 'path': /var/lib/rabbitmq, 'setype': container_file_t } # TODO: Removal of package upgrade_tasks: [] - update_tasks: + update_tasks: [] # TODO: Are we sure we want to support this. Rolling update # without pacemaker may fail. Do we test this ? In any case, # this is under tripleo_container_manage control so the latest image should be diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml index 758113d643..c82d7cead6 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml @@ -75,11 +75,10 @@ parameters: certificate for this service conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: RabbitmqMessageCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: RabbitmqMessageCertificateKeySize}, '']} resources: - ContainersCommon: type: ../containers-common.yaml @@ -144,16 +143,13 @@ outputs: rabbitmq::management_ip_address: 127.0.0.1 rabbitmq::config_management_variables: rates_mode: none - - - if: - - internal_tls_enabled - - - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here - tripleo::profile::base::rabbitmq::certificate_specs: - service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' - service_key: '/etc/pki/tls/private/rabbitmq.key' - - {} + - if: + - {get_param: EnableInternalTLS} + - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq @@ -208,17 +204,14 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z - /var/log/containers/rabbitmq:/var/log/rabbitmq:z - if: - - internal_tls_enabled - - - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - {get_param: EnableInternalTLS} + - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_BOOTSTRAP: true @@ -238,17 +231,14 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z - /var/log/containers/rabbitmq:/var/log/rabbitmq:z - if: - - internal_tls_enabled - - - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - {get_param: EnableInternalTLS} + - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS container_puppet_tasks: @@ -263,12 +253,10 @@ outputs: - /var/lib/rabbitmq:/var/lib/rabbitmq:z metadata_settings: if: - - internal_tls_enabled - - - - service: rabbitmq + - {get_param: EnableInternalTLS} + - - service: rabbitmq network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -317,9 +305,9 @@ outputs: {{container_cli}} exec "$container_name" rabbitmqctl eval "ssl:clear_pem_cache()." key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: RabbitmqMessageCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa host_prep_tasks: - name: create fcontext for rabbitmq data diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml index c09caee1e2..2401fa27a9 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml @@ -68,14 +68,7 @@ parameters: Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. -conditions: - puppet_debug_enabled: {get_param: ConfigDebug} - docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} - common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} - common_tag_full: {equals: [{get_param: ClusterFullTag}, true]} - resources: - ContainersCommon: type: ../containers-common.yaml @@ -108,12 +101,12 @@ outputs: - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest if: - - common_tag_full + - {get_param: ClusterFullTag} - "cluster.common.tag/rabbitmq:pcmklatest" - yaql: data: if: - - common_tag_enabled + - {get_param: ClusterCommonTag} - yaql: data: {get_param: ContainerRabbitmqImage} expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) @@ -205,9 +198,8 @@ outputs: - 'file,file_line,concat,augeas,rabbitmq_policy,rabbitmq_user,rabbitmq_ready' - 'include tripleo::profile::pacemaker::rabbitmq_bundle' - if: - - puppet_debug_enabled + - {get_param: ConfigDebug} - - '--debug' - - - '' image: {get_param: ContainerRabbitmqImage} volumes: list_concat: diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml index 3d9383d804..ee5f154dcf 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml @@ -47,7 +47,6 @@ parameters: type: string resources: - ContainersCommon: type: ../containers-common.yaml diff --git a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml index 2457ab7f82..bdf42c2e95 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml @@ -68,14 +68,7 @@ parameters: Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. -conditions: - puppet_debug_enabled: {get_param: ConfigDebug} - docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} - common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} - common_tag_full: {equals: [{get_param: ClusterFullTag}, true]} - resources: - ContainersCommon: type: ../containers-common.yaml @@ -108,12 +101,12 @@ outputs: - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest if: - - common_tag_full + - {get_param: ClusterFullTag} - "cluster.common.tag/rabbitmq:pcmklatest" - yaql: data: if: - - common_tag_enabled + - {get_param: ClusterCommonTag} - yaql: data: {get_param: ContainerRabbitmqImage} expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) @@ -205,9 +198,8 @@ outputs: - 'file,file_line,concat,augeas,rabbitmq_policy,rabbitmq_user,rabbitmq_ready' - 'include tripleo::profile::pacemaker::rabbitmq_bundle' - if: - - puppet_debug_enabled + - {get_param: ConfigDebug} - - '--debug' - - - '' image: {get_param: ContainerRabbitmqImage} volumes: list_concat: diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml index a0848900f0..7d3716b93b 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml @@ -76,11 +76,10 @@ parameters: certificate for this service conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: RpcCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: RpcCertificateKeySize}, '']} resources: - ContainersCommon: type: ../containers-common.yaml @@ -144,16 +143,13 @@ outputs: rabbitmq::management_ip_address: 127.0.0.1 rabbitmq::config_management_variables: rates_mode: none - - - if: - - internal_tls_enabled - - - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + - if: + - {get_param: EnableInternalTLS} + - tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here tripleo::profile::base::rabbitmq::certificate_specs: service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' service_key: '/etc/pki/tls/private/rabbitmq.key' - - {} # BEGIN DOCKER SETTINGS puppet_config: config_volume: rabbitmq @@ -208,17 +204,14 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z - /var/log/containers/rabbitmq:/var/log/rabbitmq:z - if: - - internal_tls_enabled - - - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - {get_param: EnableInternalTLS} + - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_BOOTSTRAP: true @@ -238,17 +231,14 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/rabbitmq:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:z - /var/log/containers/rabbitmq:/var/log/rabbitmq:z - if: - - internal_tls_enabled - - - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - {get_param: EnableInternalTLS} + - - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS container_puppet_tasks: @@ -263,12 +253,10 @@ outputs: - /var/lib/rabbitmq:/var/lib/rabbitmq:z metadata_settings: if: - - internal_tls_enabled - - - - service: rabbitmq + - {get_param: EnableInternalTLS} + - - service: rabbitmq network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -317,9 +305,9 @@ outputs: {{container_cli}} exec "$container_name" rabbitmqctl eval "ssl:clear_pem_cache()." key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: RpcCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa host_prep_tasks: - name: create fcontext for rabbitmq data @@ -337,7 +325,7 @@ outputs: - { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': container_file_t } upgrade_tasks: [] - update_tasks: + update_tasks: [] # TODO: Are we sure we want to support this. Rolling update # without pacemaker may fail. Do we test this ? In any case, # this is under tripleo_container_manage control so the latest image should be diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml index 2078e0f3e1..5a78a239c6 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml @@ -68,14 +68,7 @@ parameters: Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. -conditions: - puppet_debug_enabled: {get_param: ConfigDebug} - docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} - common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} - common_tag_full: {equals: [{get_param: ClusterFullTag}, true]} - resources: - ContainersCommon: type: ../containers-common.yaml @@ -108,12 +101,12 @@ outputs: - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest if: - - common_tag_full + - {get_param: ClusterFullTag} - "cluster.common.tag/rabbitmq:pcmklatest" - yaql: data: if: - - common_tag_enabled + - {get_param: ClusterCommonTag} - yaql: data: {get_param: ContainerRabbitmqImage} expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) @@ -205,9 +198,8 @@ outputs: - 'file,file_line,concat,augeas,rabbitmq_policy,rabbitmq_user,rabbitmq_ready' - 'include tripleo::profile::pacemaker::rabbitmq_bundle' - if: - - puppet_debug_enabled + - {get_param: ConfigDebug} - - '--debug' - - - '' image: {get_param: ContainerRabbitmqImage} volumes: list_concat: