1992282b88
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
48 lines
1.6 KiB
YAML
48 lines
1.6 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
RabbitMQ configurations for using TLS via certmonger.
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
# The following parameters are not needed by the template but are
|
|
# required to pass the pep8 tests
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
|
|
outputs:
|
|
role_data:
|
|
description: RabbitMQ configurations for using TLS via certmonger.
|
|
value:
|
|
service_name: rabbitmq_internal_tls_certmonger
|
|
config_settings:
|
|
generate_service_certificates: true
|
|
tripleo::profile::base::rabbitmq::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
|
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
|
metadata_settings:
|
|
- service: rabbitmq
|
|
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
|
type: node
|