Enable TLS configuration for containerized RabbitMQ
In non-containerized deployments, RabbitMQ can be configured to use TLS for serving and mirroring traffic. Fix the creation of the rabbitmq bundle resource to enable TLS when configured. The key and cert are passed as other configuration files and must be copied by Kolla at container startup. Change-Id: I8af63a1cb710e687a593505c0202d717842d5496 Depends-On: Ia64d79462de7012e5bceebf0ffe478a1cccdd6c9 Closes-Bug: #1709558
This commit is contained in:
parent
5bf7d6582b
commit
4e5d43196a
|
@ -92,6 +92,11 @@ outputs:
|
|||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src-tls/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
optional: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/lib/rabbitmq
|
||||
owner: rabbitmq:rabbitmq
|
||||
|
@ -99,6 +104,14 @@ outputs:
|
|||
- path: /var/log/rabbitmq
|
||||
owner: rabbitmq:rabbitmq
|
||||
recurse: true
|
||||
- path: /etc/pki/tls/certs/rabbitmq.crt
|
||||
owner: rabbitmq:rabbitmq
|
||||
perm: '0600'
|
||||
optional: true
|
||||
- path: /etc/pki/tls/private/rabbitmq.key
|
||||
owner: rabbitmq:rabbitmq
|
||||
perm: '0600'
|
||||
optional: true
|
||||
# When using pacemaker we don't launch the container, instead that is done by pacemaker
|
||||
# itself.
|
||||
docker_config:
|
||||
|
@ -164,6 +177,8 @@ outputs:
|
|||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
|
||||
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: get bootstrap nodeid
|
||||
tags: common
|
||||
|
|
Loading…
Reference in New Issue