Correct the ca-cert for mqtt on subunit worker
This patch fixes a mistake on my part, previously the location of the ca certs on archlinux, but on ubuntu this isn't where they live. So the mqtt libs can't properly encrypt the traffic and things are getting stuck in a loop and not working. This commit fixes this by writing the cert from instantssl/comodo to disk and then pointing the worker at that. This way it should always work. Change-Id: I21b1a64b457545115ff862e3c3388c5892c5497b
This commit is contained in:
parent
13a530c9a4
commit
0bd9954bd7
@ -488,6 +488,7 @@ node /^subunit-worker\d+\.openstack\.org$/ {
|
|||||||
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
||||||
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
||||||
mqtt_pass => hiera('mqtt_service_user_password'),
|
mqtt_pass => hiera('mqtt_service_user_password'),
|
||||||
|
mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@ class openstack_project::subunit_worker (
|
|||||||
$subunit2sql_db_pass,
|
$subunit2sql_db_pass,
|
||||||
$mqtt_user = 'infra',
|
$mqtt_user = 'infra',
|
||||||
$mqtt_pass = undef,
|
$mqtt_pass = undef,
|
||||||
|
$mqtt_ca_cert_contents = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
file { '/etc/subunit2sql/subunit-woker.yaml':
|
file { '/etc/subunit2sql/subunit-woker.yaml':
|
||||||
@ -29,6 +30,15 @@ class openstack_project::subunit_worker (
|
|||||||
content => template('openstack_project/logstash/jenkins-subunit-worker.yaml.erb'),
|
content => template('openstack_project/logstash/jenkins-subunit-worker.yaml.erb'),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
file { '/etc/subunit2sql/mqtt-root-CA.pem.crt':
|
||||||
|
ensure => present,
|
||||||
|
content => $mqtt_ca_cert_contents,
|
||||||
|
replace => true,
|
||||||
|
owner => 'subunit',
|
||||||
|
group => 'subunit',
|
||||||
|
mode => '0555',
|
||||||
|
}
|
||||||
|
|
||||||
include subunit2sql
|
include subunit2sql
|
||||||
subunit2sql::worker { 'A':
|
subunit2sql::worker { 'A':
|
||||||
config_file => '/etc/subunit2sql/subunit-woker.yaml',
|
config_file => '/etc/subunit2sql/subunit-woker.yaml',
|
||||||
|
@ -6,4 +6,4 @@ mqtt-port: 8883
|
|||||||
mqtt-topic: gearman-subunit/<%= @hostname %>
|
mqtt-topic: gearman-subunit/<%= @hostname %>
|
||||||
mqtt-user: <%= @mqtt_user %>
|
mqtt-user: <%= @mqtt_user %>
|
||||||
mqtt-pass: <%= @mqtt_pass %>
|
mqtt-pass: <%= @mqtt_pass %>
|
||||||
mqtt-ca_certs: "/etc/ca-certificates/extracted/tls-ca-bundle.pem"
|
mqtt-ca_certs: /etc/subunit2sql/mqtt-root-CA.pem.crt
|
||||||
|
Loading…
Reference in New Issue
Block a user