Major Hayden d930a7b55c Enable encryption for all RabbitMQ connections

This change enables encryption between OpenStack services and RabbitMQ by
default.

Closes-bug: 1509086

Change-Id: Ic95a556e001f66df935ea7db613b497b47062851

2015-10-27 14:42:59 +00:00

1.4 KiB

Raw Blame History

Home OpenStack-Ansible Installation Guide

Configuring RabbitMQ (optional)

RabbitMQ provides the messaging broker for various OpenStack services. The openstack-ansible project configures a plaintext listener on port 5672 and a SSL/TLS encrypted listener on port 5671.

Customizing the RabbitMQ deployment is done within /etc/openstack_deploy/user_variables.yml.

Add a TLS encrypted listener to RabbitMQ

The openstack-ansible project provides the ability to secure RabbitMQ communications with self-signed or user-provided SSL certificates. Refer to Securing services with SSL certificates for available configuration options.

Enable encrypted connections to RabbitMQ

SSL communication between various OpenStack services and RabbitMQ is controlled via the Ansible variable rabbit_use_ssl:

rabbit_use_ssl: true

Setting this variable to true will adjust the RabbitMQ port to 5671 (the default SSL/TLS listener port) and enable SSL connectivity between each OpenStack service and RabbitMQ.

Setting this variable to false will disable SSL encryption between OpenStack services and RabbitMQ. The plaintext port for RabbitMQ, 5672, will be used for all services.

1.4 KiB Raw Blame History

Configuring RabbitMQ (optional)

Add a TLS encrypted listener to RabbitMQ

Enable encrypted connections to RabbitMQ

1.4 KiB

Raw Blame History