Enable SSL options for swift-proxy's ceilometermiddleware notifications
This enables the basic SSL options (enabling SSL and setting the certificates) for the notifications emitted by the ceilometermiddleware that's in front of swift-proxy. This was enabled for the rabbitmq and the amqp drivers. Change-Id: If23d1f0d20264faaddc2e5ad54863483fa43ed41
This commit is contained in:
parent
e292416990
commit
be6122e936
|
@ -39,6 +39,33 @@
|
|||
# Whether to send events to messaging driver in a background thread
|
||||
# Defaults to false
|
||||
#
|
||||
# [*notification_ssl_ca_file*]
|
||||
# (optional) SSL certification authority file (valid only if SSL enabled).
|
||||
# (string value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*notification_ssl_cert_file*]
|
||||
# (optional) SSL cert file. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*notification_ssl_key_file*]
|
||||
# (optional) SSL key file. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*amqp_ssl_key_password*]
|
||||
# (Optional) Password for decrypting ssl_key_file (if encrypted)
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*rabbit_use_ssl*]
|
||||
# (optional) Boolean. Connect over SSL for RabbitMQ. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*kombu_ssl_version*]
|
||||
# (optional) SSL version to use (valid only if SSL enabled).
|
||||
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
|
||||
# available on some distributions. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# === DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*rabbit_host*]
|
||||
|
@ -77,20 +104,26 @@
|
|||
# Copyright 2013 eNovance licensing@enovance.com
|
||||
#
|
||||
class swift::proxy::ceilometer(
|
||||
$default_transport_url = undef,
|
||||
$driver = undef,
|
||||
$topic = undef,
|
||||
$control_exchange = undef,
|
||||
$ensure = 'present',
|
||||
$group = 'ceilometer',
|
||||
$nonblocking_notify = false,
|
||||
$default_transport_url = undef,
|
||||
$driver = $::os_service_default,
|
||||
$topic = undef,
|
||||
$control_exchange = undef,
|
||||
$ensure = 'present',
|
||||
$group = 'ceilometer',
|
||||
$nonblocking_notify = false,
|
||||
$notification_ssl_ca_file = $::os_service_default,
|
||||
$notification_ssl_cert_file = $::os_service_default,
|
||||
$notification_ssl_key_file = $::os_service_default,
|
||||
$amqp_ssl_key_password = $::os_service_default,
|
||||
$rabbit_use_ssl = $::os_service_default,
|
||||
$kombu_ssl_version = $::os_service_default,
|
||||
# DEPRECATED PARAMETERS
|
||||
$rabbit_user = 'guest',
|
||||
$rabbit_password = 'guest',
|
||||
$rabbit_host = '127.0.0.1',
|
||||
$rabbit_port = '5672',
|
||||
$rabbit_hosts = undef,
|
||||
$rabbit_virtual_host = '/',
|
||||
$rabbit_user = 'guest',
|
||||
$rabbit_password = 'guest',
|
||||
$rabbit_host = '127.0.0.1',
|
||||
$rabbit_port = '5672',
|
||||
$rabbit_hosts = undef,
|
||||
$rabbit_virtual_host = '/',
|
||||
) inherits swift {
|
||||
|
||||
include ::swift::deps
|
||||
|
@ -141,6 +174,23 @@ deprecated. Please use swift::proxy::ceilometer::default_transport_url instead."
|
|||
'filter:ceilometer/nonblocking_notify': value => $nonblocking_notify;
|
||||
}
|
||||
|
||||
if $amqp_url =~ /^rabbit.*/ {
|
||||
oslo::messaging::rabbit {'swift_proxy_config':
|
||||
kombu_ssl_ca_certs => $notification_ssl_ca_file,
|
||||
kombu_ssl_certfile => $notification_ssl_cert_file,
|
||||
kombu_ssl_keyfile => $notification_ssl_key_file,
|
||||
kombu_ssl_version => $kombu_ssl_version,
|
||||
rabbit_use_ssl => $rabbit_use_ssl,
|
||||
}
|
||||
} elsif $amqp_url =~ /^amqp.*/ {
|
||||
oslo::messaging::amqp {'swift_proxy_config':
|
||||
ssl_ca_file => $notification_ssl_ca_file,
|
||||
ssl_cert_file => $notification_ssl_cert_file,
|
||||
ssl_key_file => $notification_ssl_key_file,
|
||||
ssl_key_password => $amqp_ssl_key_password,
|
||||
}
|
||||
}
|
||||
|
||||
package { 'python-ceilometermiddleware':
|
||||
ensure => $ensure,
|
||||
tag => ['openstack', 'swift-support-package'],
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- It is possible to set the basic SSL options for the ceilometermiddleware's
|
||||
notifications on swift-proxy.
|
|
@ -2,71 +2,108 @@ require 'spec_helper'
|
|||
|
||||
describe 'swift::proxy::ceilometer' do
|
||||
|
||||
let :facts do
|
||||
OSDefaults.get_facts({ :osfamily => 'Debian' })
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
'class { "swift":
|
||||
swift_hash_path_suffix => "dummy"
|
||||
}'
|
||||
end
|
||||
|
||||
describe "when using default parameters" do
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://guest:guest@127.0.0.1:5672//') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('false') }
|
||||
it { is_expected.to contain_user('swift').with_groups('ceilometer') }
|
||||
it { is_expected.to contain_file('/var/log/ceilometer/swift-proxy-server.log').with(:owner => 'swift', :group => 'swift', :mode => '0664') }
|
||||
shared_examples 'swift-proxy-ceilometer' do
|
||||
|
||||
describe "when using default parameters" do
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://guest:guest@127.0.0.1:5672//') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('false') }
|
||||
it { is_expected.to contain_user('swift').with_groups('ceilometer') }
|
||||
it { is_expected.to contain_file('/var/log/ceilometer/swift-proxy-server.log').with(:owner => 'swift', :group => 'swift', :mode => '0664') }
|
||||
end
|
||||
|
||||
describe "when overriding default parameters with rabbit driver" do
|
||||
let :params do
|
||||
{ :group => 'www-data',
|
||||
:rabbit_user => 'user_1',
|
||||
:rabbit_password => 'user_1_passw',
|
||||
:rabbit_host => '1.1.1.1',
|
||||
:rabbit_port => '5673',
|
||||
:rabbit_virtual_host => 'rabbit',
|
||||
:driver => 'messagingv2',
|
||||
:topic => 'notifications',
|
||||
:control_exchange => 'swift',
|
||||
:nonblocking_notify => true,
|
||||
}
|
||||
end
|
||||
|
||||
context 'with single rabbit host' do
|
||||
it { is_expected.to contain_user('swift').with_groups('www-data') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') }
|
||||
end
|
||||
|
||||
context 'with multiple rabbit hosts' do
|
||||
before do
|
||||
params.merge!({ :rabbit_hosts => ['127.0.0.1:5672', '127.0.0.2:5672'] })
|
||||
end
|
||||
|
||||
it { is_expected.to contain_user('swift').with_groups('www-data') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672/rabbit') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') }
|
||||
end
|
||||
|
||||
context 'with default transport url' do
|
||||
before do
|
||||
params.merge!({ :default_transport_url => 'rabbit://user:pass@host:1234/virt' })
|
||||
end
|
||||
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user:pass@host:1234/virt').with_secret(true) }
|
||||
end
|
||||
|
||||
context 'with default SSL values' do
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('<SERVICE DEFAULT>') }
|
||||
end
|
||||
|
||||
context 'with overriden rabbit ssl params' do
|
||||
before do
|
||||
params.merge!(
|
||||
{
|
||||
:notification_ssl_ca_file => '/etc/ca.cert',
|
||||
:notification_ssl_cert_file => '/etc/certfile',
|
||||
:notification_ssl_key_file => '/etc/key',
|
||||
:rabbit_use_ssl => true,
|
||||
:kombu_ssl_version => 'TLSv1',
|
||||
})
|
||||
end
|
||||
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/etc/ca.cert') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/etc/certfile') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/etc/key') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') }
|
||||
it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') }
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
describe "when overriding default parameters" do
|
||||
let :params do
|
||||
{ :group => 'www-data',
|
||||
:rabbit_user => 'user_1',
|
||||
:rabbit_password => 'user_1_passw',
|
||||
:rabbit_host => '1.1.1.1',
|
||||
:rabbit_port => '5673',
|
||||
:rabbit_virtual_host => 'rabbit',
|
||||
:driver => 'messagingv2',
|
||||
:topic => 'notifications',
|
||||
:control_exchange => 'swift',
|
||||
:nonblocking_notify => true,
|
||||
}
|
||||
end
|
||||
|
||||
context 'with single rabbit host' do
|
||||
it { is_expected.to contain_user('swift').with_groups('www-data') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') }
|
||||
end
|
||||
|
||||
context 'with multiple rabbit hosts' do
|
||||
before do
|
||||
params.merge!({ :rabbit_hosts => ['127.0.0.1:5672', '127.0.0.2:5672'] })
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it { is_expected.to contain_user('swift').with_groups('www-data') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672/rabbit') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') }
|
||||
it_behaves_like 'swift-proxy-ceilometer'
|
||||
end
|
||||
|
||||
context 'with default transport url' do
|
||||
before do
|
||||
params.merge!({ :default_transport_url => 'rabbit://user:pass@host:1234/virt' })
|
||||
end
|
||||
|
||||
it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user:pass@host:1234/virt').with_secret(true) }
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue