761ea9a333
This change adds support for encryption of communication between OpenStack services and RabbitMQ. Server certificates are supported, but currently client certificates are not. The kolla-ansible certificates command has been updated to support generating certificates for RabbitMQ for development and testing. RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when The Zuul 'tls_enabled' variable is true. Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5 Implements: blueprint message-queue-ssl-support
54 lines
1.7 KiB
Django/Jinja
54 lines
1.7 KiB
Django/Jinja
{
|
|
"command": "/usr/sbin/rabbitmq-server",
|
|
"config_files": [
|
|
{
|
|
"source": "{{ container_config_directory }}/rabbitmq-env.conf",
|
|
"dest": "/etc/rabbitmq/rabbitmq-env.conf",
|
|
"owner": "rabbitmq",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/rabbitmq.conf",
|
|
"dest": "/etc/rabbitmq/rabbitmq.conf",
|
|
"owner": "rabbitmq",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/erl_inetrc",
|
|
"dest": "/etc/rabbitmq/erl_inetrc",
|
|
"owner": "rabbitmq",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/definitions.json",
|
|
"dest": "/etc/rabbitmq/definitions.json",
|
|
"owner": "rabbitmq",
|
|
"perm": "0600"
|
|
}{% if rabbitmq_enable_tls | bool %},
|
|
{
|
|
"source": "{{ container_config_directory }}/{{ project_name }}-cert.pem",
|
|
"dest": "/etc/rabbitmq/certs/{{ project_name }}-cert.pem",
|
|
"owner": "rabbitmq",
|
|
"perm": "0600"
|
|
},
|
|
{
|
|
"source": "{{ container_config_directory }}/{{ project_name }}-key.pem",
|
|
"dest": "/etc/rabbitmq/certs/{{ project_name }}-key.pem",
|
|
"owner": "rabbitmq",
|
|
"perm": "0600"
|
|
}{% endif %}
|
|
],
|
|
"permissions": [
|
|
{
|
|
"path": "/var/lib/rabbitmq",
|
|
"owner": "rabbitmq:rabbitmq",
|
|
"recurse": true
|
|
},
|
|
{
|
|
"path": "/var/log/kolla/{{ project_name }}",
|
|
"owner": "rabbitmq:rabbitmq",
|
|
"recurse": true
|
|
}
|
|
]
|
|
}
|