diff --git a/manifests/proxy/ceilometer.pp b/manifests/proxy/ceilometer.pp index b8dfcd31..fe7fb2cd 100644 --- a/manifests/proxy/ceilometer.pp +++ b/manifests/proxy/ceilometer.pp @@ -39,6 +39,33 @@ # Whether to send events to messaging driver in a background thread # Defaults to false # +# [*notification_ssl_ca_file*] +# (optional) SSL certification authority file (valid only if SSL enabled). +# (string value) +# Defaults to $::os_service_default +# +# [*notification_ssl_cert_file*] +# (optional) SSL cert file. (string value) +# Defaults to $::os_service_default +# +# [*notification_ssl_key_file*] +# (optional) SSL key file. (string value) +# Defaults to $::os_service_default +# +# [*amqp_ssl_key_password*] +# (Optional) Password for decrypting ssl_key_file (if encrypted) +# Defaults to $::os_service_default. +# +# [*rabbit_use_ssl*] +# (optional) Boolean. Connect over SSL for RabbitMQ. (boolean value) +# Defaults to $::os_service_default +# +# [*kombu_ssl_version*] +# (optional) SSL version to use (valid only if SSL enabled). +# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be +# available on some distributions. (string value) +# Defaults to $::os_service_default +# # === DEPRECATED PARAMETERS # # [*rabbit_host*] @@ -77,20 +104,26 @@ # Copyright 2013 eNovance licensing@enovance.com # class swift::proxy::ceilometer( - $default_transport_url = undef, - $driver = undef, - $topic = undef, - $control_exchange = undef, - $ensure = 'present', - $group = 'ceilometer', - $nonblocking_notify = false, + $default_transport_url = undef, + $driver = $::os_service_default, + $topic = undef, + $control_exchange = undef, + $ensure = 'present', + $group = 'ceilometer', + $nonblocking_notify = false, + $notification_ssl_ca_file = $::os_service_default, + $notification_ssl_cert_file = $::os_service_default, + $notification_ssl_key_file = $::os_service_default, + $amqp_ssl_key_password = $::os_service_default, + $rabbit_use_ssl = $::os_service_default, + $kombu_ssl_version = $::os_service_default, # DEPRECATED PARAMETERS - $rabbit_user = 'guest', - $rabbit_password = 'guest', - $rabbit_host = '127.0.0.1', - $rabbit_port = '5672', - $rabbit_hosts = undef, - $rabbit_virtual_host = '/', + $rabbit_user = 'guest', + $rabbit_password = 'guest', + $rabbit_host = '127.0.0.1', + $rabbit_port = '5672', + $rabbit_hosts = undef, + $rabbit_virtual_host = '/', ) inherits swift { include ::swift::deps @@ -141,6 +174,23 @@ deprecated. Please use swift::proxy::ceilometer::default_transport_url instead." 'filter:ceilometer/nonblocking_notify': value => $nonblocking_notify; } + if $amqp_url =~ /^rabbit.*/ { + oslo::messaging::rabbit {'swift_proxy_config': + kombu_ssl_ca_certs => $notification_ssl_ca_file, + kombu_ssl_certfile => $notification_ssl_cert_file, + kombu_ssl_keyfile => $notification_ssl_key_file, + kombu_ssl_version => $kombu_ssl_version, + rabbit_use_ssl => $rabbit_use_ssl, + } + } elsif $amqp_url =~ /^amqp.*/ { + oslo::messaging::amqp {'swift_proxy_config': + ssl_ca_file => $notification_ssl_ca_file, + ssl_cert_file => $notification_ssl_cert_file, + ssl_key_file => $notification_ssl_key_file, + ssl_key_password => $amqp_ssl_key_password, + } + } + package { 'python-ceilometermiddleware': ensure => $ensure, tag => ['openstack', 'swift-support-package'], diff --git a/releasenotes/notes/Enable-SSL-options-for-ceilometermiddleware-notifications-bbd3b7cbb9ba0910.yaml b/releasenotes/notes/Enable-SSL-options-for-ceilometermiddleware-notifications-bbd3b7cbb9ba0910.yaml new file mode 100644 index 00000000..94b365bc --- /dev/null +++ b/releasenotes/notes/Enable-SSL-options-for-ceilometermiddleware-notifications-bbd3b7cbb9ba0910.yaml @@ -0,0 +1,4 @@ +--- +features: + - It is possible to set the basic SSL options for the ceilometermiddleware's + notifications on swift-proxy. diff --git a/spec/classes/swift_proxy_ceilometer_spec.rb b/spec/classes/swift_proxy_ceilometer_spec.rb index 44f408ef..6c70d00d 100644 --- a/spec/classes/swift_proxy_ceilometer_spec.rb +++ b/spec/classes/swift_proxy_ceilometer_spec.rb @@ -2,71 +2,108 @@ require 'spec_helper' describe 'swift::proxy::ceilometer' do - let :facts do - OSDefaults.get_facts({ :osfamily => 'Debian' }) - end - let :pre_condition do 'class { "swift": swift_hash_path_suffix => "dummy" }' end - describe "when using default parameters" do - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://guest:guest@127.0.0.1:5672//') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('false') } - it { is_expected.to contain_user('swift').with_groups('ceilometer') } - it { is_expected.to contain_file('/var/log/ceilometer/swift-proxy-server.log').with(:owner => 'swift', :group => 'swift', :mode => '0664') } + shared_examples 'swift-proxy-ceilometer' do + + describe "when using default parameters" do + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://guest:guest@127.0.0.1:5672//') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('false') } + it { is_expected.to contain_user('swift').with_groups('ceilometer') } + it { is_expected.to contain_file('/var/log/ceilometer/swift-proxy-server.log').with(:owner => 'swift', :group => 'swift', :mode => '0664') } + end + + describe "when overriding default parameters with rabbit driver" do + let :params do + { :group => 'www-data', + :rabbit_user => 'user_1', + :rabbit_password => 'user_1_passw', + :rabbit_host => '1.1.1.1', + :rabbit_port => '5673', + :rabbit_virtual_host => 'rabbit', + :driver => 'messagingv2', + :topic => 'notifications', + :control_exchange => 'swift', + :nonblocking_notify => true, + } + end + + context 'with single rabbit host' do + it { is_expected.to contain_user('swift').with_groups('www-data') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') } + end + + context 'with multiple rabbit hosts' do + before do + params.merge!({ :rabbit_hosts => ['127.0.0.1:5672', '127.0.0.2:5672'] }) + end + + it { is_expected.to contain_user('swift').with_groups('www-data') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672/rabbit') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') } + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') } + end + + context 'with default transport url' do + before do + params.merge!({ :default_transport_url => 'rabbit://user:pass@host:1234/virt' }) + end + + it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user:pass@host:1234/virt').with_secret(true) } + end + + context 'with default SSL values' do + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('') } + end + + context 'with overriden rabbit ssl params' do + before do + params.merge!( + { + :notification_ssl_ca_file => '/etc/ca.cert', + :notification_ssl_cert_file => '/etc/certfile', + :notification_ssl_key_file => '/etc/key', + :rabbit_use_ssl => true, + :kombu_ssl_version => 'TLSv1', + }) + end + + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/etc/ca.cert') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/etc/certfile') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/etc/key') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') } + it { is_expected.to contain_swift_proxy_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') } + end + + end end - describe "when overriding default parameters" do - let :params do - { :group => 'www-data', - :rabbit_user => 'user_1', - :rabbit_password => 'user_1_passw', - :rabbit_host => '1.1.1.1', - :rabbit_port => '5673', - :rabbit_virtual_host => 'rabbit', - :driver => 'messagingv2', - :topic => 'notifications', - :control_exchange => 'swift', - :nonblocking_notify => true, - } - end - - context 'with single rabbit host' do - it { is_expected.to contain_user('swift').with_groups('www-data') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') } - end - - context 'with multiple rabbit hosts' do - before do - params.merge!({ :rabbit_hosts => ['127.0.0.1:5672', '127.0.0.2:5672'] }) + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) end - - it { is_expected.to contain_user('swift').with_groups('www-data') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672/rabbit') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') } - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/nonblocking_notify').with_value('true') } + it_behaves_like 'swift-proxy-ceilometer' end - - context 'with default transport url' do - before do - params.merge!({ :default_transport_url => 'rabbit://user:pass@host:1234/virt' }) - end - - it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user:pass@host:1234/virt').with_secret(true) } - end - end end