openstack/kolla-ansible
Code Issues Proposed changes
d8641e90c3
kolla-ansible/ansible/roles/rabbitmq/tasks/copy-certs.yml
Mark Goddard 761ea9a333 Support TLS encryption of RabbitMQ client-server traffic 
This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
2020-09-17 12:05:44 +01:00

53 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Copying over extra CA certificates
become: true
vars:
service: "{{ rabbitmq_services['rabbitmq'] }}"
copy:
src: "{{ kolla_certificates_dir }}/ca/"
dest: "{{ node_config_directory }}/{{ project_name }}/ca-certificates"
mode: "0644"
when:
- kolla_copy_ca_into_containers | bool
- service | service_enabled_and_mapped_to_host
notify:
- Restart rabbitmq container
- name: Copying over TLS certificate
become: true
vars:
service: "{{ rabbitmq_services['rabbitmq'] }}"
copy:
src: "{{ item }}"
dest: "{{ node_config_directory }}/{{ project_name }}/{{ project_name }}-cert.pem"
mode: "0644"
with_first_found:
- files:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-cert.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
- "{{ kolla_certificates_dir }}/{{ project_name }}-cert.pem"
skip: true
when:
- service | service_enabled_and_mapped_to_host
notify:
- Restart rabbitmq container
- name: Copying over TLS key
become: true
vars:
service: "{{ rabbitmq_services['rabbitmq'] }}"
copy:
src: "{{ item }}"
dest: "{{ node_config_directory }}/{{ project_name }}/{{ project_name }}-key.pem"
mode: "0600"
with_first_found:
- files:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-key.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
- "{{ kolla_certificates_dir }}/{{ project_name }}-key.pem"
skip: true
when:
- service | service_enabled_and_mapped_to_host
notify:
- Restart rabbitmq container
View Git Blame Copy Permalink