- Set sensitive=true for all rabbitmq resources being used to improve security
- Remove any default actions
Change-Id: Idf0c386f24df5dd2907fa0db59daf770e9c13f2d
There is a bug in the rabbitmq-server setup for Queens that may cause
the cluster to lock up and stop responding[0]. The workaround for this
issue is to disable the management plugin, so add an option that allows
us to deploy this workaround.
[0] https://bugs.launchpad.net/bugs/1783203
Change-Id: I1d0e6c5fb8eeb35e4e966ef102e46c45c357a1ca
* rabbitmq should use the bind_service attribute instead of the endpoint one,
since these could be different
* adapted rabbitmq clustering attributes
* adapted rabbitmq clustering search to point to recipe instead of role
Depends-On: Iae7e302973805af3cb44be1b29d0e61e76eb0aa0
Implements: blueprint cookbook-refactoring
Change-Id: I08ed288e63422078d9beb36d14fd3c05f1cac435
Add attribute to allow mq cluster to be built on-the-fly rather
than searching nodes.
Change-Id: I1196f95465c0cb21824954feb261b9d1cfd84d26
Closes-Bug: #1412886
After configuring rabbitmq, restart the service to make configuration
take effect. So during OpenStack deployment, OpenStack services can
connect to rabbitmq successfully.
This workaround will notify rabbitmq-server to restart immediately.
This could be remove once the issue #153 is fixed in rabbit cookbook.
Change-Id: Ib017226f46c7e26429bb26df5b63525e1a98bc82
Closes-Bug: #1380940
Because the rabbit user/pass is stored in internal user database,
no need to push them to rabbit cookbook and expose them in config file.
And configuring rabbitmq default password with clear test is insecure,
so remove it.
Change-Id: Iab95e2dc8cd28b4a45574cf8883f1626dc332db0
Closes-Bug: #1381343
In current logic, rabbitmq port will be set to ssl-listening port,
this will make rabbitmq fail to start.
This submit will configure rabbitmq port for both ssl and non-ssl cases.
Closes-Bug: #1353884
Change-Id: I37dc9b656c553554b9bc636fe35c69744debe92a
The problem that this change addresses is that the address_for method
will not work correctly if there are multiple IP address associated
with the specified interface.
The approach to solving this problem and moving towards the overall
goal of having one place where service networking information is
stored is to convert address_for calls into endpoints, and add a
address() method to the endpoints interface for IP address resolution.
The address() method has the following behavior: if the
bind_interface of an endpoint is set, then the IP is looked up on
the interface. Otherwise, the IP specified in the host attribute is
returned. This allows the caller to choose either method of
determining what IP a service will be bound to.
This initial change switches both the openstack-ops-database and
openstack-ops-messaging cookbooks over to use endpoints instead of
address_for. The other cookbooks will be switched over time.
blueprint increase-ip-binding-flexibility
Change-Id: I4a610409b9542a4c802f94b557299bb97dd0781b
Fixes: bug 1282041
Implements: blueprint centos-rhel-for-ops-messaging
On CentOS/RHEL, the OS base repos don't have a package for
rabbitmq-server. The rabbitmq cookbook by default expects to be able to
install the latest rabbitmq-server rpm from the rabbitmq site
(use_distro_version = false). However, in our cookbooks we are overriding
'use_distro_version' to true, which works for ubuntu as it has a
rabbitmq-server package in it's base repo
This commit basically leaves the use_distro_version flag as false unless
ubuntu/suse is the platform_family, so that CentOS/RHEL can grab the rpm
from the rabbitmq site
Change-Id: I4e31cbb4957f0e696a1528fa3f7c6c80695989ac
Now that almost all of the rubocop blueprints have been completed, make
one final pass through all of the cookbooks ensuring they're all in
sync with each other.
- Upgrade rubocop to 0.18.1
- Fix violations caused by 0.18.1 upgrade
- Move Excludes for non-existent folders to Includes so they
automatically cover future additions
Change-Id: I9473903e19f075cff520a2fa7602ad779e7f13db
Implements: blueprint lint-and-unit-testing-for-havana
The user_password, service_password and db_password functions are redundant
since they simply call "secret". Creates a get_password function that will
accept a "type" of db, service or user.
All instances of these calls have been changed to call get_password
Change-Id: Ic73c99034638ec092192d11e37671edbba0e48ef
Partial-Bug: #1195915
When develop_mode=false, the password of mq user "guest"
in the databag user_passwords is required. But the current
code doesn't support. I made it work, and add the test cases.
Closes-Bug: #1257554
Change-Id: I0d01bd73eaec9cc90304e67484fec15fad061504
Since this breaks people using rabbit in the standard way, I
rather revert this change, and fork my own ops-messaging cookbook
since this is intended as an example cookbook (granted others
may use it directly). This code would be better off in my
own fork, where i do not impact others, with a non-merged upstream
rabbitmq feature.
This reverts commit 3b35ac204d.
Change-Id: I53da70583c50ae985d3842c3d709eb81f565d63d
This change integrates against a rabbitmq cookbook feature which
is not yet merged upstream. However, given the default code path
does not change, felt okay to get this out there. Especially b/c
we are dependant on it. This feature allows one to run rabbit
and clustering across a specific address. For more details, see:
http://tickets.opscode.com/browse/COOK-3320
Change-Id: I2a10c551cb2176dadaee8842eeadfdfc8cb93e44
Clustering is set to false by default. When enabled, will setup
rabbitmq disk node clustering. Also, added opscode to attribution,
somehow had removed them in the previous rebase.
Change-Id: Idd249d0d950f5f4eb44cd7c10566ece254ed7f45
We had two reviews which added an ops-messaging cookbook. Updating
this cookbook with patterns we estabished from the database cookbook.
Craig already did most of the work, however, updated the tests to
use the chefspec find_provider, added clustering support, and attempted
to follow the service_type attribute patterns used in database cookbook.
Since these cookbooks are not complete, added a larger commit than
would have.
Change-Id: I0edfc996df413c6e41a31d53f964d7f5fc9e0aeb
This initial commit provides support for an openstack-ops-messaging
cookbook. In this initial release, we provide the capability to install
and configure RabbitMQ. This cookbook is modeled after the
openstack-ops-database cookbook in the way in which it can be utilized.
Included are tests for all recipes and this release supports Ubuntu
only.
Change-Id: I4d799fa46e67e0f2eca2ac8b205f51c07e0df01e