From f2a3c8ed6910e6c8d5b687d962602ae9ff5bed97 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Mon, 16 Jul 2018 10:25:50 +0200 Subject: [PATCH] Prevent incorrect credentials Currently 3 sets of credentials are generated for MQ, per service: - rabbitmq_password - oslomsg_rpc_password - oslomsg_notify_password In each service, we should use x_oslomsg_rpc_password and x_oslomsg_notify_password, and not rabbitmq. However there is no wiring as of today. This could lead to a username like nova, on a vhost nova, with 3 different passwords. Only one would work. This patch ensures the wiring is done by default, for all the roles to be able to use x_oslomsg_notify_password and x_oslomsg_rpc_password. This is done by always referencing, in the notify part, the credentials to the rpc part. The RPC part is then a reference to the rabbitmq_password, so it's easy to upgrade from queens to Rocky without changes. If a deployer wants to override the credentials, he can do so by uncommenting the appropriate line in the user_secrets. This would then override the existing group_vars and wire the secrets appropriately. A new user should be used in that case, as written in the comments. Change-Id: I834bdc5a33f6b3c49452a9948c889caa79659f3c --- etc/openstack_deploy/user_secrets.yml | 137 +++++++++++++++----- inventory/group_vars/all/oslo-messaging.yml | 100 +++++++++----- 2 files changed, 170 insertions(+), 67 deletions(-) diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml index df1d042356..4072bfeb6c 100644 --- a/etc/openstack_deploy/user_secrets.yml +++ b/etc/openstack_deploy/user_secrets.yml @@ -19,8 +19,6 @@ # and may break your OpenStack environment. ############################# WARNING ######################################## -# TODO(ansmith): remove rabbitmq_passwords once oslomsg_*_passwords are used - ## Rabbitmq Options rabbitmq_cookie_token: rabbitmq_monitoring_password: @@ -36,31 +34,47 @@ keystone_container_mysql_password: keystone_auth_admin_password: keystone_service_password: keystone_rabbitmq_password: -keystone_oslomsg_rpc_password: -keystone_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#keystone_oslomsg_rpc_password: +#keystone_oslomsg_notify_password: ## Ceilometer Options: ceilometer_container_db_password: ceilometer_service_password: ceilometer_telemetry_secret: ceilometer_rabbitmq_password: -ceilometer_oslomsg_rpc_password: -ceilometer_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#ceilometer_oslomsg_rpc_password: +#ceilometer_oslomsg_notify_password: ## Aodh Options: aodh_container_db_password: aodh_service_password: aodh_rabbitmq_password: -aodh_oslomsg_rpc_password: -aodh_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#aodh_oslomsg_rpc_password: +#aodh_oslomsg_notify_password: ## Cinder Options cinder_container_mysql_password: cinder_service_password: cinder_profiler_hmac_key: cinder_rabbitmq_password: -cinder_oslomsg_rpc_password: -cinder_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#cinder_oslomsg_rpc_password: +#cinder_oslomsg_notify_password: ## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user cinder_ceph_client_uuid: @@ -69,8 +83,13 @@ cinder_ceph_client_uuid: glance_container_mysql_password: glance_service_password: glance_profiler_hmac_key: -glance_oslomsg_rpc_password: -glance_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#glance_oslomsg_rpc_password: +#glance_oslomsg_notify_password: +glance_rabbitmq_password: ## Gnocchi Options: gnocchi_container_mysql_password: @@ -84,12 +103,20 @@ heat_auth_encryption_key: ### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## heat_service_password: heat_rabbitmq_password: -heat_oslomsg_rpc_password: -heat_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#heat_oslomsg_rpc_password: +#heat_oslomsg_notify_password: ## Ironic options ironic_rabbitmq_password: -ironic_oslomsg_rpc_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#ironic_oslomsg_rpc_password: ironic_container_mysql_password: ironic_service_password: ironic_swift_temp_url_secret_key: @@ -102,8 +129,12 @@ horizon_secret_key: neutron_container_mysql_password: neutron_service_password: neutron_rabbitmq_password: -neutron_oslomsg_rpc_password: -neutron_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#neutron_oslomsg_rpc_password: +#neutron_oslomsg_notify_password: neutron_ha_vrrp_auth_password: ## Nova Options @@ -112,8 +143,12 @@ nova_api_container_mysql_password: nova_metadata_proxy_secret: nova_service_password: nova_rabbitmq_password: -nova_oslomsg_rpc_password: -nova_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#nova_oslomsg_rpc_password: +#nova_oslomsg_notify_password: nova_placement_service_password: # LXD Options for nova compute @@ -124,15 +159,23 @@ octavia_container_mysql_password: octavia_service_password: octavia_health_hmac_key: octavia_rabbitmq_password: -octavia_oslomsg_rpc_password: -octavia_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#octavia_oslomsg_rpc_password: +#octavia_oslomsg_notify_password: octavia_cert_client_password: ## Sahara Options sahara_container_mysql_password: sahara_rabbitmq_password: -sahara_oslomsg_rpc_password: -sahara_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#sahara_oslomsg_rpc_password: +#sahara_oslomsg_notify_password: sahara_service_password: ## Swift Options: @@ -143,8 +186,12 @@ swift_hash_path_suffix: swift_hash_path_prefix: # Swift needs a telemetry password when using ceilometer swift_rabbitmq_telemetry_password: -swift_oslomsg_rpc_password: -swift_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#swift_oslomsg_rpc_password: +#swift_oslomsg_notify_password: ## haproxy stats password haproxy_stats_password: @@ -154,8 +201,12 @@ haproxy_keepalived_authentication_password: magnum_service_password: magnum_galera_password: magnum_rabbitmq_password: -magnum_oslomsg_rpc_password: -magnum_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#magnum_oslomsg_rpc_password: +#magnum_oslomsg_notify_password: magnum_trustee_password: ## Rally Options: @@ -164,8 +215,12 @@ rally_galera_password: ## Trove Options trove_galera_password: trove_rabbitmq_password: -trove_oslomsg_rpc_password: -trove_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#trove_oslomsg_rpc_password: +#trove_oslomsg_notify_password: trove_service_password: trove_admin_user_password: trove_taskmanager_rpc_encr_key: @@ -174,15 +229,23 @@ trove_inst_rpc_key_encr_key: ## Barbican Options barbican_galera_password: barbican_rabbitmq_password: -barbican_oslomsg_rpc_password: -barbican_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#barbican_oslomsg_rpc_password: +#barbican_oslomsg_notify_password: barbican_service_password: ## Designate Options designate_galera_password: designate_rabbitmq_password: -designate_oslomsg_rpc_password: -designate_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#designate_oslomsg_rpc_password: +#designate_oslomsg_notify_password: designate_service_password: ## Molteniron Options: @@ -190,8 +253,12 @@ molteniron_container_mysql_password: ## Tacker options tacker_rabbitmq_password: -tacker_oslomsg_rpc_password: -tacker_oslomsg_notify_password: +#NOTE: Please uncomment those +# if you want to split rpc and notify users +# Please also wire the appropriate userid in +# your user variables. +#tacker_oslomsg_rpc_password: +#tacker_oslomsg_notify_password: tacker_service_password: tacker_container_mysql_password: diff --git a/inventory/group_vars/all/oslo-messaging.yml b/inventory/group_vars/all/oslo-messaging.yml index 06884d7ce0..4ab906ca6e 100644 --- a/inventory/group_vars/all/oslo-messaging.yml +++ b/inventory/group_vars/all/oslo-messaging.yml @@ -32,13 +32,15 @@ oslomsg_notify_ssl_param: "{{ (oslomsg_notify_use_ssl | bool) | ternary(1, 0) }} ## AODH aodh_oslomsg_rpc_userid: aodh aodh_oslomsg_rpc_vhost: /aodh +aodh_oslomsg_rpc_password: "{{ aodh_rabbitmq_password }}" aodh_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" aodh_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" aodh_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" aodh_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" aodh_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -aodh_oslomsg_notify_userid: aodh -aodh_oslomsg_notify_vhost: /aodh +aodh_oslomsg_notify_userid: "{{ aodh_oslomsg_rpc_userid }}" +aodh_oslomsg_notify_vhost: "{{ aodh_oslomsg_rpc_vhost }}" +aodh_oslomsg_notify_password: "{{ aodh_oslomsg_rpc_password }}" aodh_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" aodh_oslomsg_notify_port: "{{ oslomsg_notify_port }}" aodh_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -48,13 +50,15 @@ aodh_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group }}" ## Barbican barbican_oslomsg_rpc_userid: barbican barbican_oslomsg_rpc_vhost: /barbican +barbican_oslomsg_rpc_password: "{{ barbican_rabbitmq_password }}" barbican_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" barbican_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" barbican_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" barbican_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" barbican_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -barbican_oslomsg_notify_userid: barbican -barbican_oslomsg_notify_vhost: /barbican +barbican_oslomsg_notify_userid: "{{ barbican_oslomsg_rpc_userid }}" +barbican_oslomsg_notify_vhost: "{{ barbican_oslomsg_rpc_vhost }}" +barbican_oslomsg_notify_password: "{{ barbican_oslomsg_rpc_password }}" barbican_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" barbican_oslomsg_notify_port: "{{ oslomsg_notify_port }}" barbican_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -71,13 +75,15 @@ barbican_rabbitmq_vhost: "{{ barbican_oslomsg_rpc_vhost }}" ## Ceilometer ceilometer_oslomsg_rpc_userid: ceilometer ceilometer_oslomsg_rpc_vhost: /ceilometer +ceilometer_oslomsg_rpc_password: "{{ ceilometer_rabbitmq_password }}" ceilometer_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" ceilometer_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" ceilometer_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" ceilometer_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" ceilometer_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -ceilometer_oslomsg_notify_userid: ceilometer -ceilometer_oslomsg_notify_vhost: /ceilometer +ceilometer_oslomsg_notify_userid: "{{ ceilometer_oslomsg_rpc_userid }}" +ceilometer_oslomsg_notify_vhost: "{{ ceilometer_oslomsg_rpc_vhost }}" +ceilometer_oslomsg_notify_password: "{{ ceilometer_oslomsg_rpc_password }}" ceilometer_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" ceilometer_oslomsg_notify_port: "{{ oslomsg_notify_port }}" ceilometer_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -94,13 +100,15 @@ ceilometer_rabbitmq_vhost: "{{ ceilometer_oslomsg_rpc_vhost }}" ## Cinder cinder_oslomsg_rpc_userid: cinder cinder_oslomsg_rpc_vhost: /cinder +cinder_oslomsg_rpc_password: "{{ cinder_rabbitmq_password }}" cinder_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" cinder_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" cinder_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" cinder_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" cinder_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -cinder_oslomsg_notify_userid: cinder -cinder_oslomsg_notify_vhost: /cinder +cinder_oslomsg_notify_userid: "{{ cinder_oslomsg_rpc_userid }}" +cinder_oslomsg_notify_vhost: "{{ cinder_oslomsg_rpc_vhost }}" +cinder_oslomsg_notify_password: "{{ cinder_oslomsg_rpc_password }}" cinder_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" cinder_oslomsg_notify_port: "{{ oslomsg_notify_port }}" cinder_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -117,13 +125,15 @@ cinder_rabbitmq_vhost: "{{ cinder_oslomsg_rpc_vhost }}" ## Designate designate_oslomsg_rpc_userid: designate designate_oslomsg_rpc_vhost: /designate +designate_oslomsg_rpc_password: "{{ designate_rabbitmq_password }}" designate_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" designate_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" designate_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" designate_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" designate_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -designate_oslomsg_notify_userid: designate -designate_oslomsg_notify_vhost: /designate +designate_oslomsg_notify_userid: "{{ designate_oslomsg_rpc_userid }}" +designate_oslomsg_notify_vhost: "{{ designate_oslomsg_rpc_vhost }}" +designate_oslomsg_notify_password: "{{ designate_oslomsg_rpc_password }}" designate_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" designate_oslomsg_notify_port: "{{ oslomsg_notify_port }}" designate_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -137,16 +147,22 @@ designate_rabbitmq_use_ssl: "{{ oslomsg_rpc_use_ssl }}" designate_rabbitmq_userid: "{{ designate_oslomsg_rpc_userid }}" designate_rabbitmq_vhost: "{{ designate_oslomsg_rpc_vhost }}" +## Glance +glance_oslomsg_rpc_password: "{{ glance_rabbitmq_password }}" +glance_oslomsg_notify_password: "{{ glance_rabbitmq_password }}" + ## Heat heat_oslomsg_rpc_userid: heat heat_oslomsg_rpc_vhost: /heat +heat_oslomsg_rpc_password: "{{ heat_rabbitmq_password }}" heat_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" heat_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" heat_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" heat_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" heat_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -heat_oslomsg_notify_userid: heat -heat_oslomsg_notify_vhost: /heat +heat_oslomsg_notify_userid: "{{ heat_oslomsg_rpc_userid }}" +heat_oslomsg_notify_vhost: "{{ heat_oslomsg_rpc_vhost }}" +heat_oslomsg_notify_password: "{{ heat_oslomsg_rpc_password }}" heat_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" heat_oslomsg_notify_port: "{{ oslomsg_notify_port }}" heat_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -156,13 +172,15 @@ heat_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group }}" ## Ironic ironic_oslomsg_rpc_userid: ironic ironic_oslomsg_rpc_vhost: /ironic +ironic_oslomsg_rpc_password: "{{ ironic_rabbitmq_password }}" ironic_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" ironic_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" ironic_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" ironic_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" ironic_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -ironic_oslomsg_notify_userid: ironic -ironic_oslomsg_notify_vhost: /ironic +ironic_oslomsg_notify_userid: "{{ ironic_oslomsg_rpc_userid }}" +ironic_oslomsg_notify_vhost: "{{ ironic_oslomsg_rpc_vhost }}" +ironic_oslomsg_notify_password: "{{ ironic_oslomsg_rpc_password }}" ironic_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" ironic_oslomsg_notify_port: "{{ oslomsg_notify_port }}" ironic_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -172,13 +190,15 @@ ironic_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group }}" ## Keystone keystone_oslomsg_rpc_userid: keystone keystone_oslomsg_rpc_vhost: /keystone +keystone_oslomsg_rpc_password: "{{ keystone_rabbitmq_password }}" keystone_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" keystone_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" keystone_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" keystone_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" keystone_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -keystone_oslomsg_notify_userid: keystone -keystone_oslomsg_notify_vhost: /keystone +keystone_oslomsg_notify_userid: "{{ keystone_oslomsg_rpc_userid }}" +keystone_oslomsg_notify_vhost: "{{ keystone_oslomsg_rpc_vhost }}" +keystone_oslomsg_notify_password: "{{ keystone_oslomsg_rpc_password }}" keystone_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" keystone_oslomsg_notify_port: "{{ oslomsg_notify_port }}" keystone_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -195,13 +215,15 @@ keystone_rabbitmq_vhost: "{{ keystone_oslomsg_rpc_vhost }}" ## Magnum magnum_oslomsg_rpc_userid: magnum magnum_oslomsg_rpc_vhost: /magnum +magnum_oslomsg_rpc_password: "{{ magnum_rabbitmq_password }}" magnum_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" magnum_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" magnum_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" magnum_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" magnum_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -magnum_oslomsg_notify_userid: magnum -magnum_oslomsg_notify_vhost: /magnum +magnum_oslomsg_notify_userid: "{{ magnum_oslomsg_rpc_userid }}" +magnum_oslomsg_notify_vhost: "{{ magnum_oslomsg_rpc_vhost }}" +magnum_oslomsg_notify_password: "{{ magnum_oslomsg_rpc_password }}" magnum_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" magnum_oslomsg_notify_port: "{{ oslomsg_notify_port }}" magnum_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -219,13 +241,15 @@ magnum_rabbitmq_vhost: "{{ magnum_oslomsg_rpc_vhost }}" # RPC neutron_oslomsg_rpc_userid: neutron neutron_oslomsg_rpc_vhost: /neutron +neutron_oslomsg_rpc_password: "{{ neutron_rabbitmq_password }}" neutron_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" neutron_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" neutron_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" neutron_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" neutron_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -neutron_oslomsg_notify_userid: neutron -neutron_oslomsg_notify_vhost: /neutron +neutron_oslomsg_notify_userid: "{{ neutron_oslomsg_rpc_userid }}" +neutron_oslomsg_notify_vhost: "{{ neutron_oslomsg_rpc_vhost }}" +neutron_oslomsg_notify_password: "{{ neutron_oslomsg_rpc_password }}" neutron_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" neutron_oslomsg_notify_port: "{{ oslomsg_notify_port }}" neutron_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -249,13 +273,15 @@ neutron_rabbitmq_telemetry_host_group: "{{ neutron_rabbitmq_host_group }}" ## Nova nova_oslomsg_rpc_userid: nova nova_oslomsg_rpc_vhost: /nova +nova_oslomsg_rpc_password: "{{ nova_rabbitmq_password }}" nova_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" nova_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" nova_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" nova_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" nova_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -nova_oslomsg_notify_userid: nova -nova_oslomsg_notify_vhost: /nova +nova_oslomsg_notify_userid: "{{ nova_oslomsg_rpc_userid }}" +nova_oslomsg_notify_vhost: "{{ nova_oslomsg_rpc_vhost }}" +nova_oslomsg_notify_password: "{{ nova_oslomsg_rpc_password }}" nova_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" nova_oslomsg_notify_port: "{{ oslomsg_notify_port }}" nova_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -272,13 +298,15 @@ nova_rabbitmq_vhost: "{{ nova_oslomsg_rpc_vhost }}" ## Octavia octavia_oslomsg_rpc_userid: octavia octavia_oslomsg_rpc_vhost: /octavia +octavia_oslomsg_rpc_password: "{{ octavia_rabbitmq_password }}" octavia_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" octavia_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" octavia_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" octavia_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" octavia_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -octavia_oslomsg_notify_userid: octavia -octavia_oslomsg_notify_vhost: /octavia +octavia_oslomsg_notify_userid: "{{ octavia_oslomsg_rpc_userid }}" +octavia_oslomsg_notify_vhost: "{{ octavia_oslomsg_rpc_vhost }}" +octavia_oslomsg_notify_password: "{{ octavia_oslomsg_rpc_password }}" octavia_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" octavia_oslomsg_notify_port: "{{ oslomsg_notify_port }}" octavia_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -295,13 +323,15 @@ octavia_rabbitmq_vhost: "{{ octavia_oslomsg_rpc_vhost }}" ## Sahara sahara_oslomsg_rpc_userid: sahara sahara_oslomsg_rpc_vhost: /sahara +sahara_oslomsg_rpc_password: "{{ sahara_rabbitmq_password }}" sahara_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" sahara_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" sahara_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" sahara_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" sahara_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -sahara_oslomsg_notify_userid: sahara -sahara_oslomsg_notify_vhost: /sahara +sahara_oslomsg_notify_userid: "{{ sahara_oslomsg_rpc_userid }}" +sahara_oslomsg_notify_vhost: "{{ sahara_oslomsg_rpc_vhost }}" +sahara_oslomsg_notify_password: "{{ sahara_oslomsg_rpc_password }}" sahara_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" sahara_oslomsg_notify_port: "{{ oslomsg_notify_port }}" sahara_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -311,14 +341,16 @@ sahara_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group }}" ## Swift swift_oslomsg_rpc_userid: swift swift_oslomsg_rpc_vhost: /swift +swift_oslomsg_rpc_password: "{{ swift_rabbitmq_password }}" swift_oslomsg_rpc_transport: "{{ oslomsg_notify_transport }}" swift_oslomsg_rpc_port: "{{ oslomsg_notify_port }}" swift_oslomsg_rpc_servers: "{{ oslomsg_notify_servers }}" swift_oslomsg_rpc_use_ssl: "{{ oslomsg_notify_use_ssl }}" swift_oslomsg_rpc_host_group: "{{ oslomsg_notify_host_group }}" # TODO: (andymccr) ceilometer with swift does not support SSL rabbitmq connections, so we are hard coding the port and use_ssl var -swift_oslomsg_notify_userid: swift -swift_oslomsg_notify_vhost: /swift +swift_oslomsg_notify_userid: "{{ swift_oslomsg_rpc_userid }}" +swift_oslomsg_notify_vhost: "{{ swift_oslomsg_rpc_vhost }}" +swift_oslomsg_notify_password: "{{ swift_oslomsg_rpc_password }}" swift_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" swift_oslomsg_notify_port: 5672 swift_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -335,13 +367,15 @@ swift_rabbitmq_telemetry_use_ssl: "{{ swift_oslomsg_notify_use_ssl }}" ## Tacker tacker_oslomsg_rpc_userid: tacker tacker_oslomsg_rpc_vhost: /tacker +tacker_oslomsg_rpc_password: "{{ tacker_rabbitmq_password }}" tacker_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" tacker_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" tacker_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" tacker_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" tacker_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -tacker_oslomsg_notify_userid: tacker -tacker_oslomsg_notify_vhost: /tacker +tacker_oslomsg_notify_userid: "{{ tacker_oslomsg_rpc_userid }}" +tacker_oslomsg_notify_vhost: "{{ tacker_oslomsg_rpc_vhost }}" +tacker_oslomsg_notify_password: "{{ tacker_oslomsg_rpc_password }}" tacker_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" tacker_oslomsg_notify_port: "{{ oslomsg_notify_port }}" tacker_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}" @@ -358,13 +392,15 @@ tacker_rabbitmq_vhost: "{{ tacker_oslomsg_rpc_vhost }}" ## Trove trove_oslomsg_rpc_userid: trove trove_oslomsg_rpc_vhost: /trove +trove_oslomsg_rpc_password: "{{ trove_rabbitmq_password }}" trove_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport }}" trove_oslomsg_rpc_port: "{{ oslomsg_rpc_port }}" trove_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers }}" trove_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl }}" trove_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group }}" -trove_oslomsg_notify_userid: trove -trove_oslomsg_notify_vhost: /trove +trove_oslomsg_notify_userid: "{{ trove_oslomsg_rpc_userid }}" +trove_oslomsg_notify_vhost: "{{ trove_oslomsg_rpc_vhost }}" +trove_oslomsg_notify_password: "{{ trove_oslomsg_rpc_password }}" trove_oslomsg_notify_transport: "{{ oslomsg_notify_transport }}" trove_oslomsg_notify_port: "{{ oslomsg_notify_port }}" trove_oslomsg_notify_servers: "{{ oslomsg_notify_servers }}"