From 818c927a3d669eedcf698b80b51246b6531c6d81 Mon Sep 17 00:00:00 2001
From: Mark Vanderwiel <vanderwl@us.ibm.com>
Date: Fri, 12 Jun 2015 10:48:08 -0500
Subject: [PATCH] Allow rabbit mq kombu ssl configuration

Add the rest of the kombu ssl configuration options.

After this patch goes in, will need to update each cookbook
that uses rabbit mq to add these to the conf file.

Change-Id: Ie89f48b4a471d48df88f185a1012da9eb63071bd
Partial-Bug: 1464706
---
 attributes/messaging.rb | 18 +++++++++++-
 metadata.rb             |  2 +-
 spec/default_spec.rb    | 64 ++++++++++++++++++++---------------------
 3 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/attributes/messaging.rb b/attributes/messaging.rb
index b09d75b1..6077e026 100644
--- a/attributes/messaging.rb
+++ b/attributes/messaging.rb
@@ -57,6 +57,17 @@ default['openstack']['mq']['qpid']['protocol'] = 'tcp'
 default['openstack']['mq']['rabbitmq']['use_ssl'] = false
 # SSL version to use (valid only if SSL enabled)
 default['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = nil
+# SSL key file (valid only if SSL enabled)
+default['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'] = nil
+# SSL cert file (valid only if SSL enabled)
+default['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'] = nil
+# SSL certification authority file (valid only if SSL enabled)
+default['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'] = nil
+# How long to wait before reconnecting in response to an AMQP consumer cancel notification
+default['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'] = 1.0
+# How long to wait before considering a reconnect attempt to have failed.
+# This value should not be longer than rpc_response_timeout
+default['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'] = 60
 # global switch for handling rabbit ha
 default['openstack']['mq']['rabbitmq']['ha'] = false
 # global switch for number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
@@ -95,7 +106,12 @@ rabbit_defaults = {
   heartbeat_timeout_threshold: node['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'],
   heartbeat_rate: node['openstack']['mq']['rabbitmq']['heartbeat_rate'],
   use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'],
-  kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version']
+  kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version'],
+  kombu_ssl_keyfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'],
+  kombu_ssl_certfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'],
+  kombu_ssl_ca_certs: node['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'],
+  kombu_reconnect_delay: node['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'],
+  kombu_reconnect_timeout: node['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout']
 }
 
 ###################################################################
diff --git a/metadata.rb b/metadata.rb
index 4931aaac..d375be22 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'opscode-chef-openstack@googlegroups.com'
 license 'Apache 2.0'
 description 'Common OpenStack attributes, libraries and recipes.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '11.3.0'
+version '11.4.0'
 
 recipe 'openstack-common', 'Installs/Configures common recipes'
 recipe 'openstack-common::set_endpoints_by_interface', 'Set endpoints by interface'
diff --git a/spec/default_spec.rb b/spec/default_spec.rb
index 116ca0d4..69bd08fe 100644
--- a/spec/default_spec.rb
+++ b/spec/default_spec.rb
@@ -49,27 +49,6 @@ describe 'openstack-common::default' do
         .with(version: '~> 2.3')
     end
 
-    it 'enables rabbit ha for all services' do
-      node.set['openstack']['mq']['rabbitmq']['ha'] = true
-      mq_services.each do |svc|
-        expect(chef_run.node['openstack']['mq'][svc]['rabbit']['ha']).to eq(true)
-      end
-    end
-
-    it 'enables rabbit heartbeat_timeout_threshold for all services' do
-      node.set['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'] = 123
-      mq_services.each do |svc|
-        expect(chef_run.node['openstack']['mq'][svc]['rabbit']['heartbeat_timeout_threshold']).to eq(123)
-      end
-    end
-
-    it 'enables rabbit heartbeat_rate for all services' do
-      node.set['openstack']['mq']['rabbitmq']['heartbeat_rate'] = 123
-      mq_services.each do |svc|
-        expect(chef_run.node['openstack']['mq'][svc]['rabbit']['heartbeat_rate']).to eq(123)
-      end
-    end
-
     it 'has correct host for endpoints' do
       %w(identity-api identity-internal identity-admin compute-api compute-ec2-api compute-ec2-admin
          compute-xvpvnc compute-novnc compute-vnc compute-metadata-api network-api network-linuxbridge
@@ -111,22 +90,41 @@ describe 'openstack-common::default' do
       end
     end
 
-    it 'enables rabbit ssl version for all services' do
-      node.set['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = 'TLSv1.2'
-      mq_services.each do |svc|
-        expect(chef_run.node['openstack']['mq'][svc]['rabbit']['kombu_ssl_version']).to eq('TLSv1.2')
+    context 'rabbit mq' do
+      rabbit_opts = {
+        'userid' => 'guest',
+        'vhost' => '/',
+        'port' => '5672',
+        'host' => '127.0.0.1',
+        'ha' => true,
+        'heartbeat_timeout_threshold' => 123,
+        'heartbeat_rate' => 123,
+        'kombu_ssl_version' => 'TLSv1.2',
+        'kombu_ssl_keyfile' => 'key_file',
+        'kombu_ssl_certfile' => 'cert_file',
+        'kombu_ssl_ca_certs' => 'ca_certs_file',
+        'kombu_reconnect_delay' => 123.456,
+        'kombu_reconnect_timeout' => 123
+      }
+      rabbit_opts.each do |key, value|
+        it "configures rabbit mq #{key}" do
+          node.set['openstack']['mq']['rabbitmq'][key] = value
+          mq_services.each do |service|
+            expect(chef_run.node['openstack']['mq'][service]['rabbit'][key]).to eq(value)
+          end
+        end
       end
-    end
 
-    it 'set rabbit_max_retries to 0 for all services' do
-      mq_services.each do |svc|
-        expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_max_retries']).to eq(0)
+      it 'set rabbit_max_retries to 0 for all services' do
+        mq_services.each do |svc|
+          expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_max_retries']).to eq(0)
+        end
       end
-    end
 
-    it 'set rabbit_retry_interval to 1 for all services' do
-      mq_services.each do |svc|
-        expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_retry_interval']).to eq(1)
+      it 'set rabbit_retry_interval to 1 for all services' do
+        mq_services.each do |svc|
+          expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_retry_interval']).to eq(1)
+        end
       end
     end
   end