Allow rabbit mq kombu ssl configuration

Add the rest of the kombu ssl configuration options.

After this patch goes in, will need to update each cookbook
that uses rabbit mq to add these to the conf file.

Change-Id: Ie89f48b4a471d48df88f185a1012da9eb63071bd
Partial-Bug: 1464706
This commit is contained in:
Mark Vanderwiel 2015-06-12 10:48:08 -05:00
parent 8d37e1c07e
commit 818c927a3d
3 changed files with 49 additions and 35 deletions

View File

@ -57,6 +57,17 @@ default['openstack']['mq']['qpid']['protocol'] = 'tcp'
default['openstack']['mq']['rabbitmq']['use_ssl'] = false
# SSL version to use (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = nil
# SSL key file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'] = nil
# SSL cert file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'] = nil
# SSL certification authority file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'] = nil
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
default['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'] = 1.0
# How long to wait before considering a reconnect attempt to have failed.
# This value should not be longer than rpc_response_timeout
default['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'] = 60
# global switch for handling rabbit ha
default['openstack']['mq']['rabbitmq']['ha'] = false
# global switch for number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
@ -95,7 +106,12 @@ rabbit_defaults = {
heartbeat_timeout_threshold: node['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'],
heartbeat_rate: node['openstack']['mq']['rabbitmq']['heartbeat_rate'],
use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'],
kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version']
kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version'],
kombu_ssl_keyfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'],
kombu_ssl_certfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'],
kombu_ssl_ca_certs: node['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'],
kombu_reconnect_delay: node['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'],
kombu_reconnect_timeout: node['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout']
}
###################################################################

View File

@ -4,7 +4,7 @@ maintainer_email 'opscode-chef-openstack@googlegroups.com'
license 'Apache 2.0'
description 'Common OpenStack attributes, libraries and recipes.'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '11.3.0'
version '11.4.0'
recipe 'openstack-common', 'Installs/Configures common recipes'
recipe 'openstack-common::set_endpoints_by_interface', 'Set endpoints by interface'

View File

@ -49,27 +49,6 @@ describe 'openstack-common::default' do
.with(version: '~> 2.3')
end
it 'enables rabbit ha for all services' do
node.set['openstack']['mq']['rabbitmq']['ha'] = true
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['ha']).to eq(true)
end
end
it 'enables rabbit heartbeat_timeout_threshold for all services' do
node.set['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'] = 123
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['heartbeat_timeout_threshold']).to eq(123)
end
end
it 'enables rabbit heartbeat_rate for all services' do
node.set['openstack']['mq']['rabbitmq']['heartbeat_rate'] = 123
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['heartbeat_rate']).to eq(123)
end
end
it 'has correct host for endpoints' do
%w(identity-api identity-internal identity-admin compute-api compute-ec2-api compute-ec2-admin
compute-xvpvnc compute-novnc compute-vnc compute-metadata-api network-api network-linuxbridge
@ -111,22 +90,41 @@ describe 'openstack-common::default' do
end
end
it 'enables rabbit ssl version for all services' do
node.set['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = 'TLSv1.2'
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['kombu_ssl_version']).to eq('TLSv1.2')
context 'rabbit mq' do
rabbit_opts = {
'userid' => 'guest',
'vhost' => '/',
'port' => '5672',
'host' => '127.0.0.1',
'ha' => true,
'heartbeat_timeout_threshold' => 123,
'heartbeat_rate' => 123,
'kombu_ssl_version' => 'TLSv1.2',
'kombu_ssl_keyfile' => 'key_file',
'kombu_ssl_certfile' => 'cert_file',
'kombu_ssl_ca_certs' => 'ca_certs_file',
'kombu_reconnect_delay' => 123.456,
'kombu_reconnect_timeout' => 123
}
rabbit_opts.each do |key, value|
it "configures rabbit mq #{key}" do
node.set['openstack']['mq']['rabbitmq'][key] = value
mq_services.each do |service|
expect(chef_run.node['openstack']['mq'][service]['rabbit'][key]).to eq(value)
end
end
end
end
it 'set rabbit_max_retries to 0 for all services' do
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_max_retries']).to eq(0)
it 'set rabbit_max_retries to 0 for all services' do
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_max_retries']).to eq(0)
end
end
end
it 'set rabbit_retry_interval to 1 for all services' do
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_retry_interval']).to eq(1)
it 'set rabbit_retry_interval to 1 for all services' do
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_retry_interval']).to eq(1)
end
end
end
end