diff --git a/metadata.rb b/metadata.rb index 1f89ac2..11049c6 100644 --- a/metadata.rb +++ b/metadata.rb @@ -14,4 +14,4 @@ recipe 'openstack-identity::registration', 'Adds user, tenant, role and endpoint supports os end -depends 'openstack-common', '>= 11.2.0' +depends 'openstack-common', '>= 11.4.0' diff --git a/spec/server_spec.rb b/spec/server_spec.rb index 78ae2a3..1f37743 100644 --- a/spec/server_spec.rb +++ b/spec/server_spec.rb @@ -842,7 +842,6 @@ describe 'openstack-identity::server' do /^rpc_conn_pool_size = 30$/, /^rabbit_host = 127.0.0.1$/, /^rabbit_port = 5672$/, - /^rabbit_use_ssl = false$/, /^rabbit_userid = guest$/, /^rabbit_password = guest$/, /^rabbit_virtual_host = \/$/, @@ -858,7 +857,6 @@ describe 'openstack-identity::server' do /^amqp_auto_delete = false$/, /^rpc_conn_pool_size = 30$/, /^rabbit_hosts = rabbit_servers_value$/, - /^rabbit_use_ssl = false$/, /^rabbit_userid = guest$/, /^rabbit_password = guest$/, /^rabbit_virtual_host = \/$/, @@ -867,10 +865,35 @@ describe 'openstack-identity::server' do expect(chef_run).to render_config_file(path).with_section_content('oslo_messaging_rabbit', line) end end - it 'has komdefaults for oslo_messaging_rabbit section with ha' do + it 'does not have ssl config set' do + [/^rabbit_use_ssl=/, + /^kombu_ssl_version=/, + /^kombu_ssl_keyfile=/, + /^kombu_ssl_certfile=/, + /^kombu_ssl_ca_certs=/, + /^kombu_reconnect_delay=/, + /^kombu_reconnect_timeout=/].each do |line| + expect(chef_run).not_to render_config_file(path).with_section_content('oslo_messaging_rabbit', line) + end + end + + it 'sets ssl config' do node.set['openstack']['mq']['identity']['rabbit']['use_ssl'] = true - node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] = 'ssl_version' - expect(chef_run).to render_config_file(path).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version = ssl_version$/) + node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] = 'TLSv1.2' + node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_keyfile'] = 'keyfile' + node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_certfile'] = 'certfile' + node.set['openstack']['mq']['identity']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile' + node.set['openstack']['mq']['identity']['rabbit']['kombu_reconnect_delay'] = 123.123 + node.set['openstack']['mq']['identity']['rabbit']['kombu_reconnect_timeout'] = 123 + [/^rabbit_use_ssl=true/, + /^kombu_ssl_version=TLSv1.2$/, + /^kombu_ssl_keyfile=keyfile$/, + /^kombu_ssl_certfile=certfile$/, + /^kombu_ssl_ca_certs=certsfile$/, + /^kombu_reconnect_delay=123.123$/, + /^kombu_reconnect_timeout=123$/].each do |line| + expect(chef_run).to render_config_file(path).with_section_content('oslo_messaging_rabbit', line) + end end end end diff --git a/templates/default/keystone.conf.erb b/templates/default/keystone.conf.erb index ef99678..118985e 100644 --- a/templates/default/keystone.conf.erb +++ b/templates/default/keystone.conf.erb @@ -803,13 +803,34 @@ amqp_auto_delete = <%= node['openstack']['mq']['identity']['auto_delete'] %> #rpc_conn_pool_size = 30 rpc_conn_pool_size = <%= node["openstack"]["identity"]["rpc_conn_pool_size"] %> -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = -<% if node["openstack"]["mq"]["identity"]["rabbit"]["use_ssl"] && node["openstack"]["mq"]["identity"]["rabbit"]["kombu_ssl_version"] -%> -kombu_ssl_version = <%= node["openstack"]["mq"]["identity"]["rabbit"]["kombu_ssl_version"] %> +<% if node['openstack']['mq']['identity']['rabbit']['use_ssl'] -%> + +# Connect over SSL for RabbitMQ. (boolean value) +rabbit_use_ssl=true + +<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] -%> +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on +# some distributions. (string value) +kombu_ssl_version=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_version'] %> +<% end -%> +<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_keyfile'] -%> +# SSL key file (valid only if SSL enabled) +kombu_ssl_keyfile=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_keyfile'] %> +<% end -%> +<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_certfile'] -%> +# SSL cert file (valid only if SSL enabled) +kombu_ssl_certfile=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_certfile'] %> +<% end -%> +<% if node['openstack']['mq']['identity']['rabbit']['kombu_ssl_ca_certs'] -%> +# SSL certification authority file (valid only if SSL enabled) +kombu_ssl_ca_certs=<%= node['openstack']['mq']['identity']['rabbit']['kombu_ssl_ca_certs'] %> +<% end -%> +# How long to wait before reconnecting in response to an AMQP consumer cancel notification +kombu_reconnect_delay=<%= node['openstack']['mq']['identity']['rabbit']['kombu_reconnect_delay'] %> +# How long to wait before considering a reconnect attempt to have failed. +# This value should not be longer than rpc_response_timeout +kombu_reconnect_timeout=<%= node['openstack']['mq']['identity']['rabbit']['kombu_reconnect_timeout'] %> <% end -%> <% if node["openstack"]["mq"]["identity"]["rabbit"]["ha"] %> @@ -835,11 +856,6 @@ rabbit_host = <%= node["openstack"]["mq"]["identity"]["rabbit"]["host"] %> rabbit_port = <%= node["openstack"]["mq"]["identity"]["rabbit"]["port"] %> <% end -%> -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false -rabbit_use_ssl = <%= node["openstack"]["mq"]["identity"]["rabbit"]["use_ssl"] %> - # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid #rabbit_userid = guest