openstack
/
cookbook-openstack-identity
Code Issues Proposed changes

Allow rabbit mq kombu ssl configuration 

Add the rest of the kombu ssl configuration options.

Change-Id: Ifba96ecd08de5b18b1e365f6f5c25677a9008af2
Partial-Bug: 1464706
This commit is contained in:
Mark Vanderwiel 2015-06-16 10:27:14 -05:00
parent 8c23bb8df1
commit 808e27fff5
3 changed files with 57 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
metadata.rb
View File

@ -14,4 +14,4 @@ recipe 'openstack-identity::registration', 'Adds user, tenant, role and endpoint
supports os
end
depends 'openstack-common', '>= 11.2.0'
depends 'openstack-common', '>= 11.4.0'

33
spec/server_spec.rb
View File

@ -842,7 +842,6 @@ describe 'openstack-identity::server' do
/^rpc_conn_pool_size = 30$/,
/^rabbit_host = 127.0.0.1$/,
/^rabbit_port = 5672$/,
/^rabbit_use_ssl = false$/,
/^rabbit_userid = guest$/,
/^rabbit_password = guest$/,
/^rabbit_virtual_host = \/$/,
@ -858,7 +857,6 @@ describe 'openstack-identity::server' do
/^amqp_auto_delete = false$/,
/^rpc_conn_pool_size = 30$/,
/^rabbit_hosts = rabbit_servers_value$/,
/^rabbit_use_ssl = false$/,
/^rabbit_userid = guest$/,
/^rabbit_password = guest$/,
/^rabbit_virtual_host = \/$/,
@ -867,10 +865,35 @@ describe 'openstack-identity::server' do
expect(chef_run).to render_config_file(path).with_section_content('oslo_messaging_rabbit', line)
end
end
it 'has komdefaults for oslo_messaging_rabbit section with ha' do
it 'does not have ssl config set' do
[/^rabbit_use_ssl=/,
/^kombu_ssl_version=/,
/^kombu_ssl_keyfile=/,
/^kombu_ssl_certfile=/,
/^kombu_ssl_ca_certs=/,
/^kombu_reconnect_delay=/,
/^kombu_reconnect_timeout=/].each do |line|
expect(chef_run).not_to render_config_file(path).with_section_content('oslo_messaging_rabbit', line)
end
end
it 'sets ssl config' do
node.set['openstack']['mq']['identity']['rabbit']['use_ssl'] = true
node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] = 'ssl_version'
expect(chef_run).to render_config_file(path).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version = ssl_version$/)
node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_keyfile'] = 'keyfile'
node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_certfile'] = 'certfile'
node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile'
node.set['openstack']['mq']['identity']['rabbit']['kombu_reconnect_delay'] = 123.123
node.set['openstack']['mq']['identity']['rabbit']['kombu_reconnect_timeout'] = 123
[/^rabbit_use_ssl=true/,
/^kombu_ssl_version=TLSv1.2$/,
/^kombu_ssl_keyfile=keyfile$/,
/^kombu_ssl_certfile=certfile$/,
/^kombu_ssl_ca_certs=certsfile$/,
/^kombu_reconnect_delay=123.123$/,
/^kombu_reconnect_timeout=123$/].each do |line|
expect(chef_run).to render_config_file(path).with_section_content('oslo_messaging_rabbit', line)
end
end
end
end

40
templates/default/keystone.conf.erb
View File

@ -803,13 +803,34 @@ amqp_auto_delete = <%= node['openstack']['mq']['identity']['auto_delete'] %>
#rpc_conn_pool_size = 30
rpc_conn_pool_size = <%= node["openstack"]["identity"]["rpc_conn_pool_size"] %>
# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
# distributions. (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_version
#kombu_ssl_version =
<% if node["openstack"]["mq"]["identity"]["rabbit"]["use_ssl"] && node["openstack"]["mq"]["identity"]["rabbit"]["kombu_ssl_version"] -%>
kombu_ssl_version = <%= node["openstack"]["mq"]["identity"]["rabbit"]["kombu_ssl_version"] %>
<% if node['openstack']['mq']['identity']['rabbit']['use_ssl'] -%>
# Connect over SSL for RabbitMQ. (boolean value)
rabbit_use_ssl=true
<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] -%>
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on
# some distributions. (string value)
kombu_ssl_version=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] %>
<% end -%>
<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_keyfile'] -%>
# SSL key file (valid only if SSL enabled)
kombu_ssl_keyfile=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_keyfile'] %>
<% end -%>
<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_certfile'] -%>
# SSL cert file (valid only if SSL enabled)
kombu_ssl_certfile=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_certfile'] %>
<% end -%>
<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_ca_certs'] -%>
# SSL certification authority file (valid only if SSL enabled)
kombu_ssl_ca_certs=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_ca_certs'] %>
<% end -%>
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
kombu_reconnect_delay=<%= node['openstack']['mq']['identity']['rabbit']['kombu_reconnect_delay'] %>
# How long to wait before considering a reconnect attempt to have failed.
# This value should not be longer than rpc_response_timeout
kombu_reconnect_timeout=<%= node['openstack']['mq']['identity']['rabbit']['kombu_reconnect_timeout'] %>
<% end -%>
<% if node["openstack"]["mq"]["identity"]["rabbit"]["ha"] %>
@ -835,11 +856,6 @@ rabbit_host = <%= node["openstack"]["mq"]["identity"]["rabbit"]["host"] %>
rabbit_port = <%= node["openstack"]["mq"]["identity"]["rabbit"]["port"] %>
<% end -%>
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
#rabbit_use_ssl = false
rabbit_use_ssl = <%= node["openstack"]["mq"]["identity"]["rabbit"]["use_ssl"] %>
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
#rabbit_userid = guest