761ea9a333
This change adds support for encryption of communication between OpenStack services and RabbitMQ. Server certificates are supported, but currently client certificates are not. The kolla-ansible certificates command has been updated to support generating certificates for RabbitMQ for development and testing. RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when The Zuul 'tls_enabled' variable is true. Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5 Implements: blueprint message-queue-ssl-support
77 lines
2.8 KiB
YAML
77 lines
2.8 KiB
YAML
---
|
|
project_name: "rabbitmq"
|
|
|
|
rabbitmq_services:
|
|
rabbitmq:
|
|
container_name: "{{ project_name }}"
|
|
group: "{{ role_rabbitmq_groups }}"
|
|
enabled: true
|
|
image: "{{ rabbitmq_image_full }}"
|
|
bootstrap_environment:
|
|
KOLLA_BOOTSTRAP:
|
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
|
RABBITMQ_CLUSTER_COOKIE: "{{ role_rabbitmq_cluster_cookie }}"
|
|
RABBITMQ_LOG_DIR: "/var/log/kolla/{{ project_name }}"
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
|
RABBITMQ_CLUSTER_COOKIE: "{{ role_rabbitmq_cluster_cookie }}"
|
|
RABBITMQ_LOG_DIR: "/var/log/kolla/{{ project_name }}"
|
|
volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
|
|
dimensions: "{{ rabbitmq_dimensions }}"
|
|
haproxy:
|
|
rabbitmq_management:
|
|
enabled: "{{ enable_rabbitmq }}"
|
|
mode: "http"
|
|
port: "{{ rabbitmq_management_port }}"
|
|
host_group: "rabbitmq"
|
|
rabbitmq_outward_management:
|
|
enabled: "{{ enable_outward_rabbitmq }}"
|
|
mode: "http"
|
|
port: "{{ outward_rabbitmq_management_port }}"
|
|
host_group: "outward-rabbitmq"
|
|
rabbitmq_outward_external:
|
|
enabled: "{{ enable_outward_rabbitmq }}"
|
|
mode: "tcp"
|
|
external: true
|
|
port: "{{ outward_rabbitmq_port }}"
|
|
host_group: "outward-rabbitmq"
|
|
frontend_tcp_extra:
|
|
- "timeout client {{ haproxy_outward_rabbitmq_client_timeout }}"
|
|
backend_tcp_extra:
|
|
- "timeout server {{ haproxy_outward_rabbitmq_server_timeout }}"
|
|
|
|
####################
|
|
# HAProxy
|
|
####################
|
|
haproxy_outward_rabbitmq_client_timeout: "1h"
|
|
haproxy_outward_rabbitmq_server_timeout: "1h"
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
rabbitmq_install_type: "{{ kolla_install_type }}"
|
|
rabbitmq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ rabbitmq_install_type }}-rabbitmq"
|
|
rabbitmq_tag: "{{ openstack_tag }}"
|
|
rabbitmq_image_full: "{{ rabbitmq_image }}:{{ rabbitmq_tag }}"
|
|
rabbitmq_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
rabbitmq_default_volumes:
|
|
- "{{ node_config_directory }}/{{ project_name }}/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "{{ project_name }}:/var/lib/rabbitmq/"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
rabbitmq_extra_volumes: "{{ default_extra_volumes }}"
|
|
|
|
####################
|
|
# Message-Broker
|
|
####################
|
|
rabbitmq_user: "openstack"
|
|
rabbitmq_cluster_name: "openstack"
|
|
rabbitmq_hostname: "{{ ansible_hostname }}"
|
|
rabbitmq_pid_file: "/var/lib/rabbitmq/mnesia/rabbitmq.pid"
|
|
rabbitmq_server_additional_erl_args: ""
|
|
# Dict of TLS options for RabbitMQ. Keys will be prefixed with 'ssl_options.'.
|
|
rabbitmq_tls_options: {}
|