From d67c498269ee000dbc5e46af2ed19502fb3b0784 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Thu, 6 May 2021 10:15:05 +0000 Subject: [PATCH] Add variables for rabbitmq ssl configuration Change-Id: Ie4bdbd1f4d530844dced5161de57665f9dc97fd3 --- defaults/main.yml | 4 ++++ templates/keystone.conf.j2 | 7 ++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 2fb6ade4..2943ea01 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -126,6 +126,8 @@ keystone_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}" keystone_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" keystone_oslomsg_rpc_userid: keystone keystone_oslomsg_rpc_vhost: /keystone +keystone_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}" +keystone_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}" # Notify keystone_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" @@ -137,6 +139,8 @@ keystone_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" keystone_oslomsg_notify_userid: "{{ keystone_oslomsg_rpc_userid }}" keystone_oslomsg_notify_password: "{{ keystone_oslomsg_rpc_password }}" keystone_oslomsg_notify_vhost: "{{ keystone_oslomsg_rpc_vhost }}" +keystone_oslomsg_notify_ssl_version: "{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}" +keystone_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }}" ## (Qdrouterd) info # TODO(ansmith): Change structure when more backends will be supported diff --git a/templates/keystone.conf.j2 b/templates/keystone.conf.j2 index f638ea63..c94dfd5d 100644 --- a/templates/keystone.conf.j2 +++ b/templates/keystone.conf.j2 @@ -24,10 +24,7 @@ notification_opt_out = {{ opt_out }} {% endif %} ## Oslo.Messaging RPC -transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} - -[oslo_messaging_rabbit] -ssl = {{ keystone_oslomsg_rpc_use_ssl }} +transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [oslo_messaging_notifications] {% if keystone_ceilometer_enabled | bool %} @@ -42,7 +39,7 @@ driver = log driver = noop {% endif %} -transport_url = {{ keystone_oslomsg_notify_transport }}://{% for host in keystone_oslomsg_notify_servers.split(',') %}{{ keystone_oslomsg_notify_userid }}:{{ keystone_oslomsg_notify_password }}@{{ host }}:{{ keystone_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_notify_vhost }}{% if keystone_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} +transport_url = {{ keystone_oslomsg_notify_transport }}://{% for host in keystone_oslomsg_notify_servers.split(',') %}{{ keystone_oslomsg_notify_userid }}:{{ keystone_oslomsg_notify_password }}@{{ host }}:{{ keystone_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_notify_vhost }}{% if keystone_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ keystone_oslomsg_notify_ssl_version }}&ssl_ca_file={{ keystone_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} {% if keystone_cache_servers | length > 0 %} [cache]