Corrects rabbitmq user, yum cache cleaning
- corrects the rabbitmq 'guest' user to 'openstack' to for a more secure installation, as 'guest' is not secure and is deleted in other non-Chef deployments. - adds update_yum_cache attribute to conditionally include the yum recipe, removing the hardcoded entries from the run lists. This prevents yum.conf from showing up on Debian-based machines. - enforces GPG checking for RDO packages, uses correct key. Change-Id: I89714e06eab803985ebffcdff5ff77655287c3e6
This commit is contained in:
parent
baa6f22baf
commit
1e2bd7a338
|
@ -134,11 +134,12 @@ default['openstack']['apt']['live_updates_enabled'] = true
|
|||
default['openstack']['apt']['uri'] = 'http://ubuntu-cloud.archive.canonical.com/ubuntu'
|
||||
default['openstack']['apt']['components'] = ['main']
|
||||
|
||||
default['openstack']['yum']['update_yum_cache'] = false
|
||||
default['openstack']['yum']['rdo_enabled'] = true
|
||||
default['openstack']['yum']['uri'] = "http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
|
||||
default['openstack']['yum']['repo-key'] = "https://github.com/redhat-openstack/rdo-release/raw/#{node['openstack']['release']}/RPM-GPG-KEY-CentOS-SIG-Cloud"
|
||||
default['openstack']['yum']['repo-key'] = "https://github.com/rdo-infra/rdo-release/raw/#{node['openstack']['release']}-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud"
|
||||
# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
|
||||
default['openstack']['yum']['gpgcheck'] = false
|
||||
default['openstack']['yum']['gpgcheck'] = true
|
||||
default['openstack']['endpoints']['family'] = 'inet'
|
||||
|
||||
# Set a default region that other regions are set to - such that changing the region for all services can be done in one place
|
||||
|
|
|
@ -44,7 +44,7 @@ services = %w(bare-metal block-storage compute database image
|
|||
###################################################################
|
||||
default['openstack']['mq']['server_role'] = 'os-ops-messaging'
|
||||
default['openstack']['mq']['service_type'] = 'rabbit'
|
||||
default['openstack']['mq']['user'] = 'guest'
|
||||
default['openstack']['mq']['user'] = 'openstack'
|
||||
default['openstack']['mq']['vhost'] = '/'
|
||||
|
||||
# defined in oslo/messaging/_drivers/amqp.py
|
||||
|
|
|
@ -39,6 +39,7 @@ when 'debian'
|
|||
end
|
||||
end
|
||||
when 'rhel'
|
||||
include_recipe 'yum' if node['openstack']['yum']['update_yum_cache']
|
||||
|
||||
if node['openstack']['yum']['rdo_enabled']
|
||||
repo_action = :add
|
||||
|
|
|
@ -15,6 +15,7 @@ describe 'openstack-common::default' do
|
|||
before do
|
||||
node.set['openstack']['yum']['rdo_enabled'] = true
|
||||
node.set['openstack']['yum']['gpgcheck'] = true
|
||||
node.set['openstack']['yum']['update_yum_cache'] = true
|
||||
end
|
||||
|
||||
it 'adds RDO yum repository' do
|
||||
|
@ -24,6 +25,10 @@ describe 'openstack-common::default' do
|
|||
.with(gpgcheck: true)
|
||||
end
|
||||
|
||||
it 'includes yum recipe' do
|
||||
expect(chef_run).to include_recipe('yum')
|
||||
end
|
||||
|
||||
it 'includes yum-epel recipe' do
|
||||
expect(chef_run).to include_recipe('yum-epel')
|
||||
end
|
||||
|
|
|
@ -53,7 +53,7 @@ describe 'openstack-common::default' do
|
|||
|
||||
context 'rabbit mq' do
|
||||
rabbit_opts = {
|
||||
'userid' => 'guest',
|
||||
'userid' => 'openstack',
|
||||
'vhost' => '/',
|
||||
'port' => '5672',
|
||||
'host' => '127.0.0.1',
|
||||
|
|
|
@ -103,9 +103,9 @@ describe 'openstack-common::default' do
|
|||
it do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:get_password)
|
||||
.with('user', 'guest')
|
||||
.with('user', 'openstack')
|
||||
.and_return('mypass')
|
||||
expected = 'rabbit://guest:mypass@127.0.0.1:5672/'
|
||||
expected = 'rabbit://openstack:mypass@127.0.0.1:5672/'
|
||||
expect(subject.rabbit_transport_url('compute')).to eq(expected)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue