OpenStack containerized Rabbitmq service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerRabbitmqImage:
description: image
- default: 'centos-binary-rabbitmq:latest'
type: string
DockerRabbitmqConfigImage:
description: The container image to use for the rabbitmq config_volume
- default: 'centos-binary-rabbitmq:latest'
type: string
EndpointMap:
default: {}
type: string
default: ''
hidden: true
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::admin_enable: false
+ - if:
+ - internal_tls_enabled
+ - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
+ - {}
+ logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]}
+ logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
puppet_config:
config_volume: rabbitmq
step_config: *step_config
- config_image: &rabbitmq_config_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqConfigImage} ]
+ config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/lib/rabbitmq/bin/rabbitmq-server
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
+ - path: /etc/pki/tls/certs/rabbitmq.crt
+ owner: rabbitmq:rabbitmq
+ optional: true
+ - path: /etc/pki/tls/private/rabbitmq.key
+ owner: rabbitmq:rabbitmq
+ optional: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
rabbitmq_init_logs:
start_order: 0
detach: false
- image: &rabbitmq_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ]
+ image: &rabbitmq_image {get_param: DockerRabbitmqImage}
privileged: false
user: root
volumes:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
+ - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
+ - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
+ metadata_settings:
+ get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file: