761ea9a333
This change adds support for encryption of communication between OpenStack services and RabbitMQ. Server certificates are supported, but currently client certificates are not. The kolla-ansible certificates command has been updated to support generating certificates for RabbitMQ for development and testing. RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when The Zuul 'tls_enabled' variable is true. Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5 Implements: blueprint message-queue-ssl-support
105 lines
3.0 KiB
YAML
105 lines
3.0 KiB
YAML
---
|
|
- name: Ensuring config directories exist
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ project_name }}"
|
|
state: "directory"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ rabbitmq_services }}"
|
|
|
|
- name: Copying over config.json files for services
|
|
template:
|
|
src: "{{ item.key }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ project_name }}/config.json"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ rabbitmq_services }}"
|
|
notify:
|
|
- Restart rabbitmq container
|
|
|
|
- name: Copying over rabbitmq-env.conf
|
|
become: true
|
|
vars:
|
|
service: "{{ rabbitmq_services['rabbitmq'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/{{ project_name }}/rabbitmq-env.conf"
|
|
mode: "0660"
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/rabbitmq-env.conf"
|
|
- "{{ node_custom_config }}/rabbitmq/rabbitmq-env.conf"
|
|
- "rabbitmq-env.conf.j2"
|
|
when:
|
|
- inventory_hostname in groups[service.group]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart rabbitmq container
|
|
|
|
- name: Copying over rabbitmq.conf
|
|
become: true
|
|
vars:
|
|
service: "{{ rabbitmq_services['rabbitmq'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/{{ project_name }}/rabbitmq.conf"
|
|
mode: "0660"
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/rabbitmq.conf"
|
|
- "{{ node_custom_config }}/rabbitmq/rabbitmq.conf"
|
|
- "rabbitmq.conf.j2"
|
|
when:
|
|
- inventory_hostname in groups[service.group]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart rabbitmq container
|
|
|
|
- name: Copying over erl_inetrc
|
|
become: true
|
|
vars:
|
|
service: "{{ rabbitmq_services['rabbitmq'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/{{ project_name }}/erl_inetrc"
|
|
mode: "0660"
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/erl_inetrc"
|
|
- "{{ node_custom_config }}/rabbitmq/erl_inetrc"
|
|
- "erl_inetrc.j2"
|
|
when:
|
|
- inventory_hostname in groups[service.group]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart rabbitmq container
|
|
|
|
- name: Copying over definitions.json
|
|
become: true
|
|
vars:
|
|
service: "{{ rabbitmq_services['rabbitmq'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/{{ project_name }}/definitions.json"
|
|
mode: "0660"
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/definitions.json"
|
|
- "{{ node_custom_config }}/rabbitmq/definitions.json"
|
|
- "definitions.json.j2"
|
|
when:
|
|
- inventory_hostname in groups[service.group]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart rabbitmq container
|
|
|
|
- include_tasks: copy-certs.yml
|
|
when: rabbitmq_enable_tls | bool
|
|
|
|
- import_tasks: check-containers.yml
|
|
when: kolla_action != "config"
|