diff --git a/hooks/nova_compute_context.py b/hooks/nova_compute_context.py index 7e535e3..0639896 100644 --- a/hooks/nova_compute_context.py +++ b/hooks/nova_compute_context.py @@ -197,6 +197,10 @@ class CloudComputeContext(context.OSContextGenerator): continue neutron_ctxt = { + 'auth_protocol': relation_get( + 'auth_protocol', **rel) or 'http', + 'service_protocol': relation_get( + 'service_protocol', **rel) or 'http', 'neutron_auth_strategy': 'keystone', 'keystone_host': relation_get( 'auth_host', **rel), @@ -220,8 +224,9 @@ class CloudComputeContext(context.OSContextGenerator): neutron_ctxt['neutron_security_groups'] = _neutron_security_groups() - ks_url = 'http://%s:%s/v2.0' % (neutron_ctxt['keystone_host'], - neutron_ctxt['auth_port']) + ks_url = '%s://%s:%s/v2.0' % (neutron_ctxt['auth_protocol'], + neutron_ctxt['keystone_host'], + neutron_ctxt['auth_port']) neutron_ctxt['neutron_admin_auth_url'] = ks_url if self.network_manager == 'quantum': diff --git a/hooks/nova_compute_utils.py b/hooks/nova_compute_utils.py index df67d80..1c17d83 100644 --- a/hooks/nova_compute_utils.py +++ b/hooks/nova_compute_utils.py @@ -43,10 +43,11 @@ BASE_PACKAGES = [ 'genisoimage', # was missing as a package dependency until raring. ] +NOVA_CONF_DIR = "/etc/nova" QEMU_CONF = '/etc/libvirt/qemu.conf' LIBVIRTD_CONF = '/etc/libvirt/libvirtd.conf' LIBVIRT_BIN = '/etc/default/libvirt-bin' -NOVA_CONF = '/etc/nova/nova.conf' +NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR BASE_RESOURCE_MAP = { QEMU_CONF: { @@ -63,8 +64,9 @@ BASE_RESOURCE_MAP = { }, NOVA_CONF: { 'services': ['nova-compute'], - 'contexts': [context.AMQPContext(), - context.SharedDBContext(relation_prefix='nova'), + 'contexts': [context.AMQPContext(ssl_dir=NOVA_CONF_DIR), + context.SharedDBContext( + relation_prefix='nova', ssl_dir=NOVA_CONF_DIR), context.ImageServiceContext(), context.OSConfigFlagContext(), CloudComputeContext(), @@ -90,24 +92,26 @@ CEPH_RESOURCES = { } } -QUANTUM_CONF = '/etc/quantum/quantum.conf' +QUANTUM_CONF_DIR = "/etc/quantum" +QUANTUM_CONF = '%s/quantum.conf' % QUANTUM_CONF_DIR QUANTUM_RESOURCES = { QUANTUM_CONF: { 'services': [], - 'contexts': [context.AMQPContext(), - NeutronComputeContext(), + 'contexts': [NeutronComputeContext(), + context.AMQPContext(ssl_dir=QUANTUM_CONF_DIR), context.SyslogContext()], } } -NEUTRON_CONF = '/etc/neutron/neutron.conf' +NEUTRON_CONF_DIR = "/etc/neutron" +NEUTRON_CONF = '%s/neutron.conf' % NEUTRON_CONF_DIR NEUTRON_RESOURCES = { NEUTRON_CONF: { 'services': [], - 'contexts': [context.AMQPContext(), - NeutronComputeContext(), + 'contexts': [NeutronComputeContext(), + context.AMQPContext(ssl_dir=NEUTRON_CONF_DIR), context.SyslogContext()], } } diff --git a/templates/folsom/nova.conf b/templates/folsom/nova.conf index 2f27faf..d582c0d 100644 --- a/templates/folsom/nova.conf +++ b/templates/folsom/nova.conf @@ -26,7 +26,7 @@ enabled_apis=ec2,osapi_compute,metadata auth_strategy=keystone compute_driver=libvirt.LibvirtDriver {% if database_host -%} -sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }} +sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} {% endif -%} {% if rabbitmq_host -%} @@ -34,6 +34,13 @@ rabbit_host = {{ rabbitmq_host }} rabbit_userid = {{ rabbitmq_user }} rabbit_password = {{ rabbitmq_password }} rabbit_virtual_host = {{ rabbitmq_virtual_host }} +{% if rabbit_ssl_port %} +rabbit_use_ssl=True +rabbit_port={{ rabbit_ssl_port }} +{% if rabbit_ssl_ca %} +kombu_ssl_ca_certs={{rabbit_ssl_ca}} +{% endif %} +{% endif %} {% endif -%} {% if glance_api_servers -%} diff --git a/templates/folsom/quantum.conf b/templates/folsom/quantum.conf index 4ed334a..ae449e9 100644 --- a/templates/folsom/quantum.conf +++ b/templates/folsom/quantum.conf @@ -22,7 +22,13 @@ rabbit_host = {{ rabbitmq_host }} rabbit_userid = {{ rabbitmq_user }} rabbit_password = {{ rabbitmq_password }} rabbit_virtual_host = {{ rabbitmq_virtual_host }} - +{% if rabbit_ssl_port %} +rabbit_use_ssl=True +rabbit_port={{ rabbit_ssl_port }} +{% if rabbit_ssl_ca %} +kombu_ssl_ca_certs={{rabbit_ssl_ca}} +{% endif %} +{% endif %} {% endif -%} diff --git a/templates/grizzly/nova.conf b/templates/grizzly/nova.conf index 2733516..18839e7 100644 --- a/templates/grizzly/nova.conf +++ b/templates/grizzly/nova.conf @@ -26,13 +26,20 @@ enabled_apis=ec2,osapi_compute,metadata auth_strategy=keystone compute_driver=libvirt.LibvirtDriver {% if database_host -%} -sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }} +sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} {% endif -%} {% if rabbitmq_host or rabbitmq_hosts -%} rabbit_userid = {{ rabbitmq_user }} rabbit_password = {{ rabbitmq_password }} rabbit_virtual_host = {{ rabbitmq_virtual_host }} +{% if rabbit_ssl_port %} +rabbit_use_ssl=True +rabbit_port={{ rabbit_ssl_port }} +{% if rabbit_ssl_ca %} +kombu_ssl_ca_certs={{rabbit_ssl_ca}} +{% endif %} +{% endif %} {% if rabbitmq_hosts -%} rabbit_hosts = {{ rabbitmq_hosts }} {% if rabbitmq_ha_queues -%} diff --git a/templates/havana/neutron.conf b/templates/havana/neutron.conf index 4f5f191..dfd6e55 100644 --- a/templates/havana/neutron.conf +++ b/templates/havana/neutron.conf @@ -33,6 +33,13 @@ rabbit_durable_queues = false {% else %} rabbit_host = {{ rabbitmq_host }} {% endif -%} +{% if rabbit_ssl_port %} +rabbit_use_ssl=True +rabbit_port={{ rabbit_ssl_port }} +{% if rabbit_ssl_ca %} +kombu_ssl_ca_certs={{rabbit_ssl_ca}} +{% endif %} +{% endif %} {% endif -%} [QUOTAS] diff --git a/templates/havana/nova.conf b/templates/havana/nova.conf index 7e20374..61a5e18 100644 --- a/templates/havana/nova.conf +++ b/templates/havana/nova.conf @@ -26,7 +26,7 @@ enabled_apis=ec2,osapi_compute,metadata auth_strategy=keystone compute_driver=libvirt.LibvirtDriver {% if database_host -%} -sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }} +sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} {% endif -%} {% if rabbitmq_host or rabbitmq_hosts -%} @@ -43,6 +43,14 @@ rabbit_durable_queues = false rabbit_host = {{ rabbitmq_host }} {% endif -%} {% endif -%} +{% if rabbit_ssl_port %} +rabbit_use_ssl=True +rabbit_port={{ rabbit_ssl_port }} +{% if rabbit_ssl_ca %} +kombu_ssl_ca_certs={{rabbit_ssl_ca}} +{% endif %} +{% endif %} +{%- endif -%} {% if glance_api_servers -%} glance_api_servers = {{ glance_api_servers }} diff --git a/unit_tests/test_nova_compute_contexts.py b/unit_tests/test_nova_compute_contexts.py index 65eeb83..5c0592a 100644 --- a/unit_tests/test_nova_compute_contexts.py +++ b/unit_tests/test_nova_compute_contexts.py @@ -22,6 +22,7 @@ QUANTUM_CONTEXT = { 'quantum_auth_strategy': 'keystone', 'keystone_host': 'keystone_host', 'auth_port': '5000', + 'auth_protocol': 'https', 'quantum_url': 'http://quantum_url', 'service_tenant_name': 'admin', 'service_username': 'admin', @@ -143,9 +144,11 @@ class NovaComputeContextTests(CharmTestCase): ex_ctxt = { 'network_manager': 'quantum', 'network_manager_config': { + 'auth_protocol': 'https', + 'service_protocol': 'http', 'auth_port': '5000', 'keystone_host': 'keystone_host', - 'quantum_admin_auth_url': 'http://keystone_host:5000/v2.0', + 'quantum_admin_auth_url': 'https://keystone_host:5000/v2.0', 'quantum_admin_password': 'openstack', 'quantum_admin_tenant_name': 'admin', 'quantum_admin_username': 'admin',