openstack/kolla-ansible
Code Issues Proposed changes
f1d3ff11d0
kolla-ansible/ansible/roles/ceilometer/templates/ceilometer.conf.j2
Mark Goddard 761ea9a333 Support TLS encryption of RabbitMQ client-server traffic 
This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
2020-09-17 12:05:44 +01:00

53 lines
1.5 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ ceilometer_logging_debug }}
log_dir = /var/log/kolla/ceilometer
transport_url = {{ rpc_transport_url }}
{% if nova_compute_virt_type == 'vmware' %}
hypervisor_inspector = vsphere
{% endif %}
[service_credentials]
auth_url = {{ keystone_internal_url }}/v3
region_name = {{ openstack_region_name }}
password = {{ ceilometer_keystone_password }}
username = {{ ceilometer_keystone_user }}
project_name = service
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
auth_type = password
interface = internal
cafile = {{ openstack_cacert }}
{% if nova_compute_virt_type == 'vmware' %}
[vmware]
host_ip = {{ vmware_vcenter_host_ip }}
host_username = {{ vmware_vcenter_host_username }}
host_password = {{ vmware_vcenter_host_password }}
insecure = {{ vmware_vcenter_insecure }}
{% if not vmware_vcenter_insecure | bool %}
ca_file = /etc/ceilometer/vmware_ca
{% endif %}
{% endif %}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if om_enable_rabbitmq_tls | bool %}
[oslo_messaging_rabbit]
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
{% if ceilometer_policy_file is defined %}
[oslo_policy]
policy_file = {{ ceilometer_policy_file }}
{% endif %}
[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
View Git Blame Copy Permalink