From be75de3e8189fd8ae694ae4f34928fa27666e7b6 Mon Sep 17 00:00:00 2001 From: Richard Su Date: Fri, 13 Sep 2013 12:08:41 -0700 Subject: [PATCH] Add a qpidd element Qpid can be used in place of RabbitMQ as the message broker for OpenStack services. Change-Id: Id064d7f1792b88fd5d87c298a1d4cb06de19c47e --- elements/qpidd/README.md | 57 +++++++++++++++++++ elements/qpidd/element-deps | 2 + elements/qpidd/install.d/20-qpidd | 34 +++++++++++ .../qpidd/os-apply-config/etc/qpid/qpidd.acl | 40 +++++++++++++ .../post-configure.d/73-qpidd | 10 ++++ 5 files changed, 143 insertions(+) create mode 100644 elements/qpidd/README.md create mode 100644 elements/qpidd/element-deps create mode 100755 elements/qpidd/install.d/20-qpidd create mode 100644 elements/qpidd/os-apply-config/etc/qpid/qpidd.acl create mode 100755 elements/qpidd/os-refresh-config/post-configure.d/73-qpidd diff --git a/elements/qpidd/README.md b/elements/qpidd/README.md new file mode 100644 index 000000000..600d41e73 --- /dev/null +++ b/elements/qpidd/README.md @@ -0,0 +1,57 @@ +Installs Qpid as a substitute for RabbitMQ as the rpc_backend for +various OpenStack services. + +To use Qpid, when building an image, add the qpid element and +remove the rabbitmq-server element. At the moment, rabbitmq-server +is listed as default in boot-stack/element-deps. + +sed -i "s/rabbitmq-server/qpidd/" $TRIPLEO_ROOT/tripleo-image-elements/elements/boot-stack/element-deps + +The configuration files of other services like Heat, Neutron, Nova, +Cinder, and Glance are updated by os-apply-config and os-apply-config +will place the correct configurations for either RabbitMQ or Qpid +depending on what is present in the Heat metadata. + +The Heat metadata/templates should be updated to use qpid instead +of rabbitmq. In addition to the password which rabbitmq lists by +default, the username should also be specified for qpid. + + +For the seed image the default metadata on the file system needs +to be updated. Substitute "rabbit" with "qpid". + +sed -i "s/rabbit/qpid/" $TRIPLEO_ROOT/tripleo-image-elements/elements/seed-stack-config/config.json + +After including the username, the qpid section should look like + "qpid": { + "host": "127.0.0.1", + "username": "guest", + "password": "guest" + } + + +For the undercloud, update the Heat template by substituting "rabbit:" +with "qpid:". + +sed -i "s/rabbit:/qpid:/" $TRIPLEO_ROOT/tripleo-heat-templates/undercloud-vm.yaml + +After including the username, the qpid section should look like + qpid: + host: 127.0.0.1 + username: guest + password: guest + + +For the overcloud, update the Heat template by substituting "rabbit:" +with "qpid:". + +sed -i "s/rabbit:/qpid:/" $TRIPLEO_ROOT/tripleo-heat-templates/overcloud.yaml + +After including the username, the qpid section(s) should look like + qpid: + host: + Fn::GetAtt: + - notcompute + - PrivateIp + username: guest + password: guest diff --git a/elements/qpidd/element-deps b/elements/qpidd/element-deps new file mode 100644 index 000000000..e0c4dd42f --- /dev/null +++ b/elements/qpidd/element-deps @@ -0,0 +1,2 @@ +os-refresh-config +os-apply-config diff --git a/elements/qpidd/install.d/20-qpidd b/elements/qpidd/install.d/20-qpidd new file mode 100755 index 000000000..93f58b815 --- /dev/null +++ b/elements/qpidd/install.d/20-qpidd @@ -0,0 +1,34 @@ +#!/bin/bash + +install-packages qpidd qpid-tools qpid-client + +function install_qpidd_upstart { + cat > /etc/init/qpidd.conf << eof +start on runlevel [2345] +stop on runlevel [016] + +respawn +respawn limit 2 5 + +script + exec qpidd --config=/etc/qpid/qpidd.conf +end script +post-start exec sleep 1 +eof +} + +function install_qpidd_systemd { + cat > /etc/systemd/system/qpidd.service << eof +.include /lib/systemd/system/qpidd.service +[Unit] +Before=rc-local.service +Restart=on-failure +eof +} + + +if [ -d /etc/init ]; then + install_qpidd_upstart +elif [ -d /lib/systemd/system ]; then + install_qpidd_systemd +fi diff --git a/elements/qpidd/os-apply-config/etc/qpid/qpidd.acl b/elements/qpidd/os-apply-config/etc/qpid/qpidd.acl new file mode 100644 index 000000000..1f69a1e9e --- /dev/null +++ b/elements/qpidd/os-apply-config/etc/qpid/qpidd.acl @@ -0,0 +1,40 @@ +# QPID policy file +# +# User definition: +# user = [@domain[/realm]] +# +# User/Group lists: +# user-list = user1 user2 user3 ... +# group-name-list = group1 group2 group3 ... +# +# Group definition: +# group = [user-list] [group-name-list] +# +# ACL definition: +# permission = [allow|allow-log|deny|deny-log] +# action = [consume|publish|create|access|bind|unbind|delete|purge|update] +# object = [virtualhost|queue|exchange|broker|link|route|method] +# property = [name|durable|owner|routingkey|passive|autodelete|exclusive|type|alternate|queuename|schemapackage|schemaclass] +# +# acl permission {||"all"} {action|"all"} [object|"all"] [property=] +# +# Example: +# +# group client = user1@QPID user2@QPID +# acl allow client publish routingkey=exampleQueue exchange=amq.direct +# +# Will allow the group "client" containing of "user1" and "user2" be able to +# make use of the routing key "exampleQueue" on the "amq.direct" exchange. + +# Group definitions +group admin admin@QPID + +# Admin is allowed to do everything +acl allow admin all + +{{#qpid}} +acl allow {{username}}@QPID all all +{{/qpid}} + +# Deny everything else by default +acl deny all all diff --git a/elements/qpidd/os-refresh-config/post-configure.d/73-qpidd b/elements/qpidd/os-refresh-config/post-configure.d/73-qpidd new file mode 100755 index 000000000..39adc9c59 --- /dev/null +++ b/elements/qpidd/os-refresh-config/post-configure.d/73-qpidd @@ -0,0 +1,10 @@ +#!/bin/bash +set -eu + +username=$(os-apply-config --key qpid.username) +password=$(os-apply-config --key qpid.password) + +sasldb_file=$(grep sasldb_path /etc/sasl2/qpidd.conf | cut -d \: -f 2 | cut -d " " -f 2) +echo "$password" | saslpasswd2 -c -p -f $sasldb_file -u QPID $username + +service qpidd restart