From 206f4114515d39f5cd1275d0bf636f61b37354ae Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Tue, 12 Jun 2018 15:29:09 -0400 Subject: [PATCH] Update to use oslo.messaging service for RPC and Notify This introduces oslo.messaging variables that define the RPC and Notify transports for the OpenStack services. These parameters replace the rabbitmq values and are used to generate the messaging transport_url for the service. The association of the messaging backend server to the oslo.messaging services will then be transparent to the barbican service. This patch: * Add oslo.messaging variables for RPC and Notify to defaults * Add transport_url generation to conf * Add oslo.messaging to tests inventory * Update tets * Update examples * Add release note Change-Id: I0657c88799e06987c6df90edd55fda859faf6035 --- defaults/main.yml | 21 ++++++++++++--- doc/source/index.rst | 2 +- examples/playbook.yml | 5 ++-- ...ng-separate-backends-401c97b4c48a9b31.yaml | 20 ++++++++++++++ templates/barbican.conf.j2 | 13 +++++----- tests/inventory | 6 +++++ tests/os_barbican-overrides.yml | 9 ++++--- tests/test-install-barbican.yml | 26 +++++-------------- 8 files changed, 67 insertions(+), 35 deletions(-) create mode 100644 releasenotes/notes/oslo-messaging-separate-backends-401c97b4c48a9b31.yaml diff --git a/defaults/main.yml b/defaults/main.yml index f9f1f54..c2fd81c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -109,9 +109,24 @@ barbican_galera_user: barbican barbican_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" barbican_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" -# Rabbit vars -barbican_rabbitmq_userid: barbican -barbican_rabbitmq_vhost: /barbican +## Oslo Messaging + +# RPC +barbican_oslomsg_rpc_transport: rabbit +barbican_oslomsg_rpc_servers: 127.0.0.1 +barbican_oslomsg_rpc_port: 5672 +barbican_oslomsg_rpc_use_ssl: false +barbican_oslomsg_rpc_userid: barbican +barbican_oslomsg_rpc_vhost: /barbican + +# Notify +barbican_oslomsg_notify_transport: rabbit +barbican_oslomsg_notify_servers: 127.0.0.1 +barbican_oslomsg_notify_port: 5672 +barbican_oslomsg_notify_use_ssl: false +barbican_oslomsg_notify_userid: "{{ barbican_oslomsg_rpc_userid }}" +barbican_oslomsg_notify_password: "{{ barbican_oslomsg_rpc_password }}" +barbican_oslomsg_notify_vhost: "{{ barbican_oslomsg_rpc_vhost }}" # Keystone AuthToken/Middleware barbican_keystone_auth_plugin: password diff --git a/doc/source/index.rst b/doc/source/index.rst index 4d038b9..f135e72 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -25,7 +25,7 @@ This role requires the following variables to be defined: barbican_galera_address barbican_galera_password - barbican_rabbitmq_password + barbican_oslomsg_rpc_password barbican_service_password keystone_admin_user_name keystone_auth_admin_password diff --git a/examples/playbook.yml b/examples/playbook.yml index fa02139..03d4a97 100644 --- a/examples/playbook.yml +++ b/examples/playbook.yml @@ -9,9 +9,10 @@ barbican_galera_address: "{{ internal_lb_vip_address }}" barbican_service_password: SuperSecretePassword1 barbican_galera_password: SuperSecretePassword2 - barbican_rabbitmq_password: SuperSecretePassword3 + barbican_oslomsg_rpc_password: SuperSecretePassword3 + barbican_oslomsg_notify_password: "{{ barbican_oslomsg_rpc_password }}" # if using the same user, please use the same password keystone_admin_user_name: admin - keystone_auth_admin_password: SuperSecretePassword4 + keystone_auth_admin_password: SuperSecretePassword5 keystone_admin_tenant_name: admin galera_root_user: root vars_prompt: diff --git a/releasenotes/notes/oslo-messaging-separate-backends-401c97b4c48a9b31.yaml b/releasenotes/notes/oslo-messaging-separate-backends-401c97b4c48a9b31.yaml new file mode 100644 index 0000000..093d938 --- /dev/null +++ b/releasenotes/notes/oslo-messaging-separate-backends-401c97b4c48a9b31.yaml @@ -0,0 +1,20 @@ +--- +features: + - Support separate oslo.messaging services for RPC and Notifications + to enable operation of separate and different messaging backend servers. +deprecations: + - | + The rabbitmq server parameters have been replaced by corresponding + oslo.messaging RPC and Notify parameters in order to abstract the + messaging service from the actual backend server deployment. + - barbican_oslomsg_rpc_servers replaces rabbitmq_servers + - barbican_oslomsg_rpc_port replaces rabbitmq_port + - barbican_oslomsg_rpc_userid replaces barbican_rabbitmq_userid + - barbican_oslomsg_rpc_vhost replaces barbican_rabbitmq_vhost + - added barbican_oslomsg_rpc_use_ssl + - added barbican_oslomsg_notify_servers + - added barbican_oslomsg_notify_port + - added barbican_oslomsg_notify_use_ssl + - added barbican_oslomsg_notify_userid + - added barbican_oslomsg_notify_vhost + - added barbican_oslomsg_notify_password diff --git a/templates/barbican.conf.j2 b/templates/barbican.conf.j2 index 4766497..212822a 100644 --- a/templates/barbican.conf.j2 +++ b/templates/barbican.conf.j2 @@ -118,19 +118,13 @@ max_limit_paging = 100 # Rabbit and HA configuration: ampq_durable_queues = True -rabbit_userid = {{ barbican_rabbitmq_userid }} -rabbit_password = {{ barbican_rabbitmq_password }} rabbit_ha_queues = True -rabbit_port = {{ rabbitmq_port }} - -# For HA, specify queue nodes in cluster, comma delimited: -# For example: rabbit_hosts=192.168.50.8:5672, 192.168.50.9:5672 -rabbit_hosts={{ rabbitmq_servers }} # For HA, specify queue nodes in cluster as 'user@host:5672', comma delimited, ending with '/offset': # For example: transport_url = rabbit://guest@192.168.50.8:5672,guest@192.168.50.9:5672/ # DO NOT USE THIS, due to '# FIXME(markmc): support multiple hosts' in oslo/messaging/_drivers/amqpdriver.py # transport_url = rabbit://guest@localhost:5672/ +transport_url = {{ barbican_oslomsg_rpc_transport }}://{% for host in barbican_oslomsg_rpc_servers.split(',') %}{{ barbican_oslomsg_rpc_userid }}:{{ barbican_oslomsg_rpc_password }}@{{ host }}:{{ barbican_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ barbican_oslomsg_rpc_vhost }}{% if (barbican_oslomsg_rpc_use_ssl | lower) | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} # oslo notification driver for sending audit events via audit middleware. # Meaningful only when middleware is enabled in barbican paste ini file. @@ -138,6 +132,11 @@ rabbit_hosts={{ rabbitmq_servers }} # there is need to route audit event to messaging as well as log. # notification_driver = messagingv2 # notification_driver = log +[oslo_messaging_notifications] +transport_url = {{ barbican_oslomsg_notify_transport }}://{% for host in barbican_oslomsg_notify_servers.split(',') %}{{ barbican_oslomsg_notify_userid }}:{{ barbican_oslomsg_notify_password }}@{{ host }}:{{ barbican_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ barbican_oslomsg_notify_vhost }}{% if (barbican_oslomsg_notify_use_ssl | lower) | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} + +[oslo_messaging_rabbit] +ssl = {{ barbican_oslomsg_notify_use_ssl | bool }} {% if barbican_keystone_auth | bool %} [keystone_authtoken] diff --git a/tests/inventory b/tests/inventory index 3b40774..8306276 100644 --- a/tests/inventory +++ b/tests/inventory @@ -9,6 +9,12 @@ infra1 keystone1 barbican1 +[oslomsg_rpc_all] +infra1 + +[oslomsg_notify_all] +infra1 + [rabbitmq_all] infra1 diff --git a/tests/os_barbican-overrides.yml b/tests/os_barbican-overrides.yml index 5568f00..f370e7e 100644 --- a/tests/os_barbican-overrides.yml +++ b/tests/os_barbican-overrides.yml @@ -18,9 +18,12 @@ barbican_developer_mode: true barbican_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}" barbican_galera_database: barbican barbican_keystone_auth: yes -barbican_rabbitmq_password: secrete -barbican_rabbitmq_userid: barbican -barbican_rabbitmq_vhost: /barbican +barbican_oslomsg_rpc_vhost: /barbican +barbican_oslomsg_rpc_userid: barbican +barbican_oslomsg_rpc_password: secrete +barbican_oslomsg_notify_vhost: "{{ barbican_oslomsg_rpc_vhost }}" +barbican_oslomsg_notify_userid: "{{ barbican_oslomsg_rpc_userid }}" +barbican_oslomsg_notify_password: "{{ barbican_oslomsg_rpc_password }}" barbican_service_password: secrete barbican_venv_tag: testing diff --git a/tests/test-install-barbican.yml b/tests/test-install-barbican.yml index 0b31058..8a27c24 100644 --- a/tests/test-install-barbican.yml +++ b/tests/test-install-barbican.yml @@ -18,25 +18,13 @@ user: root gather_facts: true pre_tasks: - - name: Ensure rabbitmq vhost - rabbitmq_vhost: - name: "{{ barbican_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}" - when: inventory_hostname == groups['barbican_all'][0] - - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ barbican_rabbitmq_userid }}" - password: "{{ barbican_rabbitmq_password }}" - vhost: "{{ barbican_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}" - when: inventory_hostname == groups['barbican_all'][0] - no_log: true + - include: common/ensure-oslomsg.yml + rpc_vhost: "{{ barbican_oslomsg_rpc_vhost }}" + rpc_user: "{{ barbican_oslomsg_rpc_userid }}" + rpc_password: "{{ barbican_oslomsg_rpc_password }}" + notify_vhost: "{{ barbican_oslomsg_notify_vhost }}" + notify_user: "{{ barbican_oslomsg_notify_userid }}" + notify_password: "{{ barbican_oslomsg_notify_password }}" roles: - role: "os_barbican"