Flatten rabbitmq service - step 1
This flattens rabbitmq and removes puppet parts. The next step will move the flattened templates to their final location. It's split in two steps in order to make reviews easier on that big change. Change-Id: I30f0802770d86d64e2ec6fa93dc9a608d4b15d69
This commit is contained in:
Cédric Jeanneret
parent
5137d4d02f
commit
fb7ea6734e
@ -30,25 +30,38 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/notify-rabbitmq-shared.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the oslo messaging notify role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]}
|
||||
service_name: oslo_messaging_notify
|
||||
global_config_settings:
|
||||
oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_notify_password: {get_param: RpcPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: RpcPort}
|
||||
|
||||
@ -48,9 +48,25 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
NotifyPort:
|
||||
default: 5672
|
||||
description: The network port for messaging Notify backend
|
||||
type: number
|
||||
NotifyUserName:
|
||||
default: guest
|
||||
description: The username for messaging Notifications
|
||||
type: string
|
||||
NotifyPassword:
|
||||
description: The password for messaging Notifications
|
||||
type: string
|
||||
hidden: true
|
||||
NotifyUseSSL:
|
||||
default: false
|
||||
description: Messaging Notification client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
@ -58,13 +74,13 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/notify-rabbitmq.yaml
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -72,18 +88,68 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
service_name: oslo_messaging_notify
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
# RabbitMQ plugins initialization occurs on every node
|
||||
global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: NotifyUserName}
|
||||
oslo_messaging_notify_password: {get_param: NotifyPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: NotifyPort}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
- rabbitmq::admin_enable: false
|
||||
- if:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: NotifyUserName}
|
||||
rabbitmq::default_pass: {get_param: NotifyPassword}
|
||||
tripleo::oslo_messaging_notify::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: NotifyPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: NotifyPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: NotifyPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
rabbitmq::admin_enable: false
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rabbitmq
|
||||
@ -91,7 +157,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
@ -208,7 +274,13 @@ outputs:
|
||||
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
||||
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
||||
@ -48,9 +48,26 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
@ -58,13 +75,13 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -72,18 +89,67 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
# RabbitMQ plugins initialization occurs on every node
|
||||
global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]}
|
||||
service_name: oslo_messaging_rpc
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_rpc_scheme: rabbit
|
||||
oslo_messaging_rpc_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_rpc_password: {get_param: RpcPassword}
|
||||
oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_rpc_port: {get_param: RpcPort }
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
- rabbitmq::admin_enable: false
|
||||
- if:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: RpcUserName}
|
||||
rabbitmq::default_pass: {get_param: RpcPassword}
|
||||
tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: RpcPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: RpcPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: RpcPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
rabbitmq::admin_enable: false
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rabbitmq
|
||||
@ -91,7 +157,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
@ -208,7 +274,13 @@ outputs:
|
||||
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
||||
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
||||
@ -71,7 +71,7 @@ resources:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/notify-rabbitmq.yaml
|
||||
type: ../messaging/notify-rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -115,7 +115,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
|
||||
@ -70,13 +70,13 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/rabbitmq.yaml
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -84,10 +84,12 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::service_manage: false
|
||||
- rabbitmq::service_manage: false
|
||||
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
|
||||
list_join:
|
||||
@ -257,7 +259,7 @@ outputs:
|
||||
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
|
||||
for pid in $(pgrep epmd --ns 1 --nslist pid); do kill $pid; done
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
|
||||
deploy_steps_tasks:
|
||||
- name: RabbitMQ tag container image for pacemaker
|
||||
when: step|int == 1
|
||||
|
||||
@ -71,7 +71,7 @@ resources:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml
|
||||
type: ../messaging/rpc-rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
|
||||
@ -48,6 +48,50 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RabbitUserName:
|
||||
default: guest
|
||||
description: The username for RabbitMQ
|
||||
type: string
|
||||
RabbitPassword:
|
||||
description: The password for RabbitMQ
|
||||
type: string
|
||||
hidden: true
|
||||
RabbitFDLimit:
|
||||
default: 65536
|
||||
description: Configures RabbitMQ FD limit
|
||||
type: number
|
||||
RabbitIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 in RabbitMQ
|
||||
type: boolean
|
||||
RabbitCookie:
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
RabbitHAQueues:
|
||||
description:
|
||||
The number of HA queues to be configured in rabbit. The default is -1 which
|
||||
translates to "ha-mode all". The special value 0 will be automatically
|
||||
overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
|
||||
default: 0
|
||||
type: number
|
||||
RabbitNetTickTime:
|
||||
description:
|
||||
The number of seconds to configure the value of the erlang
|
||||
net_ticktime kernel variable.
|
||||
default: 15
|
||||
type: number
|
||||
RabbitAdditionalErlArgs:
|
||||
description:
|
||||
Additional parameters passed to the Erlang subsystem. The string
|
||||
needs to be enclosed in quotes twice. We default to +sbwt none
|
||||
in order to have the erlang vm be less busy on spinlocks, but
|
||||
we allow a simple way of overriding it.
|
||||
default: "'+sbwt none'"
|
||||
type: string
|
||||
MonitoringSubscriptionRabbitmq:
|
||||
default: 'overcloud-rabbitmq'
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
@ -58,31 +102,107 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../puppet/services/rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
|
||||
# RabbitMQ plugins initialization occurs on every node
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
-
|
||||
rabbitmq::file_limit: {get_param: RabbitFDLimit}
|
||||
rabbitmq::default_user: {get_param: RabbitUserName}
|
||||
rabbitmq::default_pass: {get_param: RabbitPassword}
|
||||
rabbit_ipv6: {get_param: RabbitIPv6}
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- 5672
|
||||
- 25672
|
||||
rabbitmq::delete_guest_user: false
|
||||
rabbitmq::wipe_db_on_cookie_change: true
|
||||
rabbitmq::port: 5672
|
||||
rabbitmq::package_provider: yum
|
||||
rabbitmq::package_source: undef
|
||||
rabbitmq::repos_ensure: false
|
||||
rabbitmq::tcp_keepalive: true
|
||||
rabbitmq_environment:
|
||||
NODE_PORT: ''
|
||||
NODE_IP_ADDRESS: ''
|
||||
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
|
||||
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"'
|
||||
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs}
|
||||
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
|
||||
rabbitmq_kernel_variables:
|
||||
inet_dist_listen_min: '25672'
|
||||
inet_dist_listen_max: '25672'
|
||||
net_ticktime: {get_param: RabbitNetTickTime}
|
||||
rabbitmq_config_variables:
|
||||
cluster_partition_handling: 'ignore'
|
||||
queue_master_locator: '<<"min-masters">>'
|
||||
loopback_users: '[]'
|
||||
rabbitmq::erlang_cookie:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
- rabbitmq::admin_enable: false
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
- {}
|
||||
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rabbitmq
|
||||
@ -90,7 +210,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
@ -207,7 +327,13 @@ outputs:
|
||||
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
||||
- /var/lib/rabbitmq:/var/lib/rabbitmq
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
||||
@ -49,7 +49,7 @@ resource_registry:
|
||||
OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml
|
||||
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
|
||||
OS::TripleO::Services::Qdr: OS::Heat::None
|
||||
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
|
||||
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
|
||||
OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml
|
||||
OS::TripleO::Services::Sshd: ../deployment/sshd/sshd-baremetal-puppet.yaml
|
||||
OS::TripleO::Services::SwiftDispersion: ../deployment/swift/swift-dispersion-baremetal-puppet.yaml
|
||||
|
||||
@ -1,63 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service for messaging Notifications configured with Puppet
|
||||
using a single shared rabbit backend
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OsloMessagingNotify role.
|
||||
value:
|
||||
service_name: oslo_messaging_notify
|
||||
global_config_settings:
|
||||
oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_notify_password: {get_param: RpcPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: RpcPort}
|
||||
@ -1,147 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service for messaging Notifications configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
NotifyPort:
|
||||
default: 5672
|
||||
description: The network port for messaging Notify backend
|
||||
type: number
|
||||
NotifyUserName:
|
||||
default: guest
|
||||
description: The username for messaging Notifications
|
||||
type: string
|
||||
NotifyPassword:
|
||||
description: The password for messaging Notifications
|
||||
type: string
|
||||
hidden: true
|
||||
NotifyUseSSL:
|
||||
default: false
|
||||
description: Messaging Notification client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
resources:
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OsloMessagingNotify role.
|
||||
value:
|
||||
service_name: oslo_messaging_notify
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: NotifyUserName}
|
||||
oslo_messaging_notify_password: {get_param: NotifyPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: NotifyPort}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: NotifyUserName}
|
||||
rabbitmq::default_pass: {get_param: NotifyPassword}
|
||||
tripleo::oslo_messaging_notify::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: NotifyPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: NotifyPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: NotifyPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
upgrade_tasks:
|
||||
- name: Stop rabbitmq service
|
||||
when: step|int == 2
|
||||
service: name=rabbitmq-server state=stopped
|
||||
- name: Start rabbitmq service
|
||||
when: step|int == 4
|
||||
service: name=rabbitmq-server state=started
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
type: node
|
||||
- null
|
||||
@ -1,148 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service for messaging RPCs configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
resources:
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OsloMessagingRpc role.
|
||||
value:
|
||||
service_name: oslo_messaging_rpc
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_rpc_scheme: rabbit
|
||||
oslo_messaging_rpc_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_rpc_password: {get_param: RpcPassword}
|
||||
oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_rpc_port: {get_param: RpcPort }
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: RpcUserName}
|
||||
rabbitmq::default_pass: {get_param: RpcPassword}
|
||||
tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: RpcPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: RpcPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: RpcPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
upgrade_tasks:
|
||||
- name: Stop rabbitmq service
|
||||
when: step|int == 2
|
||||
service: name=rabbitmq-server state=stopped
|
||||
- name: Start rabbitmq service
|
||||
when: step|int == 4
|
||||
service: name=rabbitmq-server state=started
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
type: node
|
||||
- null
|
||||
@ -1,58 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service with Pacemaker configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
||||
resources:
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the RabbitMQ pacemaker role.
|
||||
value:
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::service_manage: false
|
||||
step_config: |
|
||||
include ::tripleo::profile::pacemaker::rabbitmq
|
||||
metadata_settings:
|
||||
get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
|
||||
@ -1,195 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RabbitUserName:
|
||||
default: guest
|
||||
description: The username for RabbitMQ
|
||||
type: string
|
||||
RabbitPassword:
|
||||
description: The password for RabbitMQ
|
||||
type: string
|
||||
hidden: true
|
||||
RabbitFDLimit:
|
||||
default: 65536
|
||||
description: Configures RabbitMQ FD limit
|
||||
type: number
|
||||
RabbitIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 in RabbitMQ
|
||||
type: boolean
|
||||
RabbitCookie:
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
RabbitHAQueues:
|
||||
description:
|
||||
The number of HA queues to be configured in rabbit. The default is -1 which
|
||||
translates to "ha-mode all". The special value 0 will be automatically
|
||||
overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
|
||||
default: 0
|
||||
type: number
|
||||
RabbitNetTickTime:
|
||||
description:
|
||||
The number of seconds to configure the value of the erlang
|
||||
net_ticktime kernel variable.
|
||||
default: 15
|
||||
type: number
|
||||
RabbitAdditionalErlArgs:
|
||||
description:
|
||||
Additional parameters passed to the Erlang subsystem. The string
|
||||
needs to be enclosed in quotes twice. We default to +sbwt none
|
||||
in order to have the erlang vm be less busy on spinlocks, but
|
||||
we allow a simple way of overriding it.
|
||||
default: "'+sbwt none'"
|
||||
type: string
|
||||
MonitoringSubscriptionRabbitmq:
|
||||
default: 'overcloud-rabbitmq'
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the RabbitMQ role.
|
||||
value:
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
|
||||
config_settings:
|
||||
map_merge:
|
||||
-
|
||||
rabbitmq::file_limit: {get_param: RabbitFDLimit}
|
||||
rabbitmq::default_user: {get_param: RabbitUserName}
|
||||
rabbitmq::default_pass: {get_param: RabbitPassword}
|
||||
rabbit_ipv6: {get_param: RabbitIPv6}
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- 5672
|
||||
- 25672
|
||||
rabbitmq::delete_guest_user: false
|
||||
rabbitmq::wipe_db_on_cookie_change: true
|
||||
rabbitmq::port: 5672
|
||||
rabbitmq::package_provider: yum
|
||||
rabbitmq::package_source: undef
|
||||
rabbitmq::repos_ensure: false
|
||||
rabbitmq::tcp_keepalive: true
|
||||
rabbitmq_environment:
|
||||
NODE_PORT: ''
|
||||
NODE_IP_ADDRESS: ''
|
||||
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
|
||||
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"'
|
||||
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs}
|
||||
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
|
||||
rabbitmq_kernel_variables:
|
||||
inet_dist_listen_min: '25672'
|
||||
inet_dist_listen_max: '25672'
|
||||
net_ticktime: {get_param: RabbitNetTickTime}
|
||||
rabbitmq_config_variables:
|
||||
cluster_partition_handling: 'ignore'
|
||||
queue_master_locator: '<<"min-masters">>'
|
||||
loopback_users: '[]'
|
||||
rabbitmq::erlang_cookie:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
upgrade_tasks:
|
||||
- name: Stop rabbitmq service
|
||||
when: step|int == 2
|
||||
service: name=rabbitmq-server state=stopped
|
||||
- name: Start rabbitmq service
|
||||
when: step|int == 4
|
||||
service: name=rabbitmq-server state=started
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
type: node
|
||||
- null
|
||||
@ -3,7 +3,7 @@ environments:
|
||||
name: messaging/rpc-rabbitmq-notify-rabbitmq-shared
|
||||
title: Share single rabbitmq backend for rpc and notify messaging backend
|
||||
files:
|
||||
puppet/services/messaging/rpc-rabbitmq.yaml:
|
||||
docker/services/messaging/rpc-rabbitmq.yaml:
|
||||
parameters:
|
||||
- RpcPort
|
||||
sample_value:
|
||||
@ -21,7 +21,7 @@ environments:
|
||||
puppet/services/messaging/rpc-qdrouterd.yaml:
|
||||
parameters:
|
||||
- RpcPort
|
||||
puppet/services/messaging/notify-rabbitmq.yaml:
|
||||
docker/services/messaging/notify-rabbitmq.yaml:
|
||||
parameters:
|
||||
- NotifyPort
|
||||
sample_values:
|
||||
|
||||
@ -37,7 +37,7 @@ environments:
|
||||
puppet/services/nova-base.yaml:
|
||||
parameters:
|
||||
- RpcUseSSL
|
||||
puppet/services/messaging/notify-rabbitmq.yaml:
|
||||
docker/services/messaging/notify-rabbitmq.yaml:
|
||||
parameters:
|
||||
- NotifyUseSSL
|
||||
overcloud.yaml:
|
||||
|
||||
@ -235,9 +235,6 @@ VALIDATE_PUPPET_OVERRIDE = {
|
||||
# qdr aliases rabbitmq service to provide alternative messaging backend
|
||||
'./puppet/services/qdr.yaml': False,
|
||||
# puppet/services/messaging/*.yaml provide oslo_messaging services
|
||||
'./puppet/services/messaging/notify-rabbitmq-shared.yaml': False,
|
||||
'./puppet/services/messaging/notify-rabbitmq.yaml': False,
|
||||
'./puppet/services/messaging/rpc-rabbitmq.yaml': False,
|
||||
'./puppet/services/messaging/rpc-qdrouterd.yaml': False,
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user