From 86b7d23f298426ce3c84ea6c7ab9afb682dffa69 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Wed, 1 Apr 2015 11:25:57 -0400 Subject: [PATCH] Sync amqp support with other openstack modules Kilo oslo-messaging deprecates rabbit/kombu settings in the DEFAULT section. Rabbitmq won't talk to us anymore if we try to use SSLv3 as it disabled support for SSLv3. Openstack components use python's openssl implementation which does not support TLSv1.1 and TLSv1.2 yet so we just switch to TLSv1. Support for newer TLS should come with python 2.7.9+ The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are used. Change-Id: I327dc193d878cb1574b69d5f5b502c25fa203a66 Closes-Bug: #1409667 Closes-Bug: #1356083 --- manifests/api.pp | 71 +++++++++++++++++++++------------ manifests/conductor.pp | 72 ++++++++++++++++++++++------------ manifests/guestagent.pp | 70 ++++++++++++++++++++------------- manifests/init.pp | 4 +- manifests/taskmanager.pp | 71 +++++++++++++++++++++------------ spec/classes/trove_api_spec.rb | 58 ++++++++++++++++++++++++++- spec/classes/trove_conductor_spec.rb | 58 ++++++++++++++++++++++++++- spec/classes/trove_guestagent_spec.rb | 57 ++++++++++++++++++++++++++- spec/classes/trove_taskmanager_spec.rb | 57 ++++++++++++++++++++++++++- 9 files changed, 405 insertions(+), 113 deletions(-) diff --git a/manifests/api.pp b/manifests/api.pp index c75db9b..a2f2d95 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -276,39 +276,60 @@ class trove::api( } if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' { - # I may want to support exporting and collecting these + if ! $::trove::rabbit_password { + fail('When rpc_backend is rabbitmq, you must set rabbit password') + } + if $::trove::rabbit_hosts { + trove_config { 'oslo_messaging_rabbit/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } + trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => true } + } else { + trove_config { 'oslo_messaging_rabbit/rabbit_host': value => $::trove::rabbit_host } + trove_config { 'oslo_messaging_rabbit/rabbit_port': value => $::trove::rabbit_port } + trove_config { 'oslo_messaging_rabbit/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } + trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false } + } + trove_config { - 'DEFAULT/rabbit_password': value => $::trove::rabbit_password, secret => true; - 'DEFAULT/rabbit_userid': value => $::trove::rabbit_userid; - 'DEFAULT/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; - 'DEFAULT/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; - 'DEFAULT/amqp_durable_queues': value => $::trove::amqp_durable_queues; + 'oslo_messaging_rabbit/rabbit_userid': value => $::trove::rabbit_user; + 'oslo_messaging_rabbit/rabbit_password': value => $::trove::rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; + 'oslo_messaging_rabbit/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; + 'oslo_messaging_rabbit/kombu_reconnect_delay': value => $::trove::kombu_reconnect_delay; } if $::trove::rabbit_use_ssl { - trove_config { - 'DEFAULT/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; - 'DEFAULT/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; - 'DEFAULT/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; - 'DEFAULT/kombu_ssl_version': value => $::trove::kombu_ssl_version; + + if $::trove::kombu_ssl_ca_certs { + trove_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; } + } else { + trove_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; } } - } else { - trove_config { - 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; - 'DEFAULT/kombu_ssl_certfile': ensure => absent; - 'DEFAULT/kombu_ssl_keyfile': ensure => absent; - 'DEFAULT/kombu_ssl_version': ensure => absent; + + if $::trove::kombu_ssl_certfile or $::trove::kombu_ssl_keyfile { + trove_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; + } + } else { + trove_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + } + } + + if $::trove::kombu_ssl_version { + trove_config { 'oslo_messaging_rabbit/kombu_ssl_version': value => $::trove::kombu_ssl_version; } + } else { + trove_config { 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; } } - } - if $::trove::rabbit_hosts { - trove_config { 'DEFAULT/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } - trove_config { 'DEFAULT/rabbit_ha_queues': value => true } } else { - trove_config { 'DEFAULT/rabbit_host': value => $::trove::rabbit_host } - trove_config { 'DEFAULT/rabbit_port': value => $::trove::rabbit_port } - trove_config { 'DEFAULT/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } - trove_config { 'DEFAULT/rabbit_ha_queues': value => false } + trove_config { + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; + } } } diff --git a/manifests/conductor.pp b/manifests/conductor.pp index 3403355..570e452 100644 --- a/manifests/conductor.pp +++ b/manifests/conductor.pp @@ -106,40 +106,60 @@ class trove::conductor( } if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' { - # I may want to support exporting and collecting these + if ! $::trove::rabbit_password { + fail('When rpc_backend is rabbitmq, you must set rabbit password') + } + if $::trove::rabbit_hosts { + trove_conductor_config { 'oslo_messaging_rabbit/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } + trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => true } + } else { + trove_conductor_config { 'oslo_messaging_rabbit/rabbit_host': value => $::trove::rabbit_host } + trove_conductor_config { 'oslo_messaging_rabbit/rabbit_port': value => $::trove::rabbit_port } + trove_conductor_config { 'oslo_messaging_rabbit/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } + trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false } + } + trove_conductor_config { - 'DEFAULT/rabbit_password': value => $::trove::rabbit_password, secret => true; - 'DEFAULT/rabbit_userid': value => $::trove::rabbit_userid; - 'DEFAULT/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; - 'DEFAULT/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; - 'DEFAULT/amqp_durable_queues': value => $::trove::amqp_durable_queues; - 'DEFAULT/rabbit_notification_topic': value => $::trove::rabbit_notification_topic; + 'oslo_messaging_rabbit/rabbit_userid': value => $::trove::rabbit_user; + 'oslo_messaging_rabbit/rabbit_password': value => $::trove::rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; + 'oslo_messaging_rabbit/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; + 'oslo_messaging_rabbit/kombu_reconnect_delay': value => $::trove::kombu_reconnect_delay; } if $::trove::rabbit_use_ssl { - trove_conductor_config { - 'DEFAULT/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; - 'DEFAULT/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; - 'DEFAULT/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; - 'DEFAULT/kombu_ssl_version': value => $::trove::kombu_ssl_version; + + if $::trove::kombu_ssl_ca_certs { + trove_conductor_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; } + } else { + trove_conductor_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; } } - } else { - trove_conductor_config { - 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; - 'DEFAULT/kombu_ssl_certfile': ensure => absent; - 'DEFAULT/kombu_ssl_keyfile': ensure => absent; - 'DEFAULT/kombu_ssl_version': ensure => absent; + + if $::trove::kombu_ssl_certfile or $::trove::kombu_ssl_keyfile { + trove_conductor_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; + } + } else { + trove_conductor_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + } + } + + if $::trove::kombu_ssl_version { + trove_conductor_config { 'oslo_messaging_rabbit/kombu_ssl_version': value => $::trove::kombu_ssl_version; } + } else { + trove_conductor_config { 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; } } - } - if $::trove::rabbit_hosts { - trove_conductor_config { 'DEFAULT/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } - trove_conductor_config { 'DEFAULT/rabbit_ha_queues': value => true } } else { - trove_conductor_config { 'DEFAULT/rabbit_host': value => $::trove::rabbit_host } - trove_conductor_config { 'DEFAULT/rabbit_port': value => $::trove::rabbit_port } - trove_conductor_config { 'DEFAULT/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } - trove_conductor_config { 'DEFAULT/rabbit_ha_queues': value => false } + trove_conductor_config { + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; + } } } diff --git a/manifests/guestagent.pp b/manifests/guestagent.pp index 1916979..f8dcbcc 100644 --- a/manifests/guestagent.pp +++ b/manifests/guestagent.pp @@ -95,43 +95,59 @@ class trove::guestagent( } if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' { - # I may want to support exporting and collecting these + if ! $::trove::rabbit_password { + fail('When rpc_backend is rabbitmq, you must set rabbit password') + } + if $::trove::rabbit_hosts { + trove_guestagent_config { 'oslo_messaging_rabbit/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } + trove_guestagent_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => true } + } else { + trove_guestagent_config { 'oslo_messaging_rabbit/rabbit_host': value => $::trove::rabbit_host } + trove_guestagent_config { 'oslo_messaging_rabbit/rabbit_port': value => $::trove::rabbit_port } + trove_guestagent_config { 'oslo_messaging_rabbit/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } + trove_guestagent_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false } + } + trove_guestagent_config { - 'DEFAULT/rabbit_password': value => $::trove::rabbit_password, secret => true; - 'DEFAULT/rabbit_userid': value => $::trove::rabbit_userid; - 'DEFAULT/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; - 'DEFAULT/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; - 'DEFAULT/amqp_durable_queues': value => $::trove::amqp_durable_queues; - 'DEFAULT/rabbit_notification_topic': value => $::trove::rabbit_notification_topic; + 'oslo_messaging_rabbit/rabbit_userid': value => $::trove::rabbit_user; + 'oslo_messaging_rabbit/rabbit_password': value => $::trove::rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; + 'oslo_messaging_rabbit/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; + 'oslo_messaging_rabbit/kombu_reconnect_delay': value => $::trove::kombu_reconnect_delay; } if $::trove::rabbit_use_ssl { - trove_guestagent_config { - 'DEFAULT/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; - 'DEFAULT/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; - 'DEFAULT/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; - 'DEFAULT/kombu_ssl_version': value => $::trove::kombu_ssl_version; + + if $::trove::kombu_ssl_ca_certs { + trove_guestagent_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; } + } else { + trove_guestagent_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; } } - } else { - trove_guestagent_config { - 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; - 'DEFAULT/kombu_ssl_certfile': ensure => absent; - 'DEFAULT/kombu_ssl_keyfile': ensure => absent; - 'DEFAULT/kombu_ssl_version': ensure => absent; + + if $::trove::kombu_ssl_certfile or $::trove::kombu_ssl_keyfile { + trove_guestagent_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; + } + } else { + trove_guestagent_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + } } - } - if $::trove::rabbit_hosts { - trove_guestagent_config { - 'DEFAULT/rabbit_hosts': value => join($::trove::rabbit_hosts, ','); - 'DEFAULT/rabbit_ha_queues': value => true + if $::trove::kombu_ssl_version { + trove_guestagent_config { 'oslo_messaging_rabbit/kombu_ssl_version': value => $::trove::kombu_ssl_version; } + } else { + trove_guestagent_config { 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; } } + } else { trove_guestagent_config { - 'DEFAULT/rabbit_host': value => $::trove::rabbit_host; - 'DEFAULT/rabbit_port': value => $::trove::rabbit_port; - 'DEFAULT/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}"; - 'DEFAULT/rabbit_ha_queues': value => false + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; } } } diff --git a/manifests/init.pp b/manifests/init.pp index ea3ce33..bc1b45b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -75,7 +75,7 @@ # (optional) SSL version to use (valid only if SSL enabled). # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be # available on some distributions. -# Defaults to 'SSLv3' +# Defaults to 'TLSv1' # # [*amqp_durable_queues*] # (optional) Define queues as "durable" to rabbitmq. @@ -179,7 +179,7 @@ class trove( $kombu_ssl_ca_certs = undef, $kombu_ssl_certfile = undef, $kombu_ssl_keyfile = undef, - $kombu_ssl_version = 'SSLv3', + $kombu_ssl_version = 'TLSv1', $amqp_durable_queues = false, $database_connection = 'sqlite:////var/lib/trove/trove.sqlite', $database_idle_timeout = 3600, diff --git a/manifests/taskmanager.pp b/manifests/taskmanager.pp index a416790..0b29a4c 100644 --- a/manifests/taskmanager.pp +++ b/manifests/taskmanager.pp @@ -120,39 +120,60 @@ class trove::taskmanager( } if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' { - # I may want to support exporting and collecting these + if ! $::trove::rabbit_password { + fail('When rpc_backend is rabbitmq, you must set rabbit password') + } + if $::trove::rabbit_hosts { + trove_taskmanager_config { 'oslo_messaging_rabbit/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } + trove_taskmanager_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => true } + } else { + trove_taskmanager_config { 'oslo_messaging_rabbit/rabbit_host': value => $::trove::rabbit_host } + trove_taskmanager_config { 'oslo_messaging_rabbit/rabbit_port': value => $::trove::rabbit_port } + trove_taskmanager_config { 'oslo_messaging_rabbit/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } + trove_taskmanager_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false } + } + trove_taskmanager_config { - 'DEFAULT/rabbit_password': value => $::trove::rabbit_password, secret => true; - 'DEFAULT/rabbit_userid': value => $::trove::rabbit_userid; - 'DEFAULT/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; - 'DEFAULT/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; - 'DEFAULT/amqp_durable_queues': value => $::trove::amqp_durable_queues; + 'oslo_messaging_rabbit/rabbit_userid': value => $::trove::rabbit_user; + 'oslo_messaging_rabbit/rabbit_password': value => $::trove::rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_virtual_host': value => $::trove::rabbit_virtual_host; + 'oslo_messaging_rabbit/rabbit_use_ssl': value => $::trove::rabbit_use_ssl; + 'oslo_messaging_rabbit/kombu_reconnect_delay': value => $::trove::kombu_reconnect_delay; } if $::trove::rabbit_use_ssl { - trove_taskmanager_config { - 'DEFAULT/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; - 'DEFAULT/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; - 'DEFAULT/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; - 'DEFAULT/kombu_ssl_version': value => $::trove::kombu_ssl_version; + + if $::trove::kombu_ssl_ca_certs { + trove_taskmanager_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $::trove::kombu_ssl_ca_certs; } + } else { + trove_taskmanager_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; } } - } else { - trove_taskmanager_config { - 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; - 'DEFAULT/kombu_ssl_certfile': ensure => absent; - 'DEFAULT/kombu_ssl_keyfile': ensure => absent; - 'DEFAULT/kombu_ssl_version': ensure => absent; + + if $::trove::kombu_ssl_certfile or $::trove::kombu_ssl_keyfile { + trove_taskmanager_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $::trove::kombu_ssl_certfile; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $::trove::kombu_ssl_keyfile; + } + } else { + trove_taskmanager_config { + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + } + } + + if $::trove::kombu_ssl_version { + trove_taskmanager_config { 'oslo_messaging_rabbit/kombu_ssl_version': value => $::trove::kombu_ssl_version; } + } else { + trove_taskmanager_config { 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; } } - } - if $::trove::rabbit_hosts { - trove_taskmanager_config { 'DEFAULT/rabbit_hosts': value => join($::trove::rabbit_hosts, ',') } - trove_taskmanager_config { 'DEFAULT/rabbit_ha_queues': value => true } } else { - trove_taskmanager_config { 'DEFAULT/rabbit_host': value => $::trove::rabbit_host } - trove_taskmanager_config { 'DEFAULT/rabbit_port': value => $::trove::rabbit_port } - trove_taskmanager_config { 'DEFAULT/rabbit_hosts': value => "${::trove::rabbit_host}:${::trove::rabbit_port}" } - trove_taskmanager_config { 'DEFAULT/rabbit_ha_queues': value => false } + trove_taskmanager_config { + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; + } } } diff --git a/spec/classes/trove_api_spec.rb b/spec/classes/trove_api_spec.rb index 56ddb1b..148c925 100644 --- a/spec/classes/trove_api_spec.rb +++ b/spec/classes/trove_api_spec.rb @@ -81,7 +81,7 @@ describe 'trove::api' do rabbit_host => '10.0.0.1'}" end it 'configures trove-api with RabbitMQ' do - is_expected.to contain_trove_config('DEFAULT/rabbit_host').with_value('10.0.0.1') + is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_host').with_value('10.0.0.1') end end @@ -92,7 +92,7 @@ describe 'trove::api' do rabbit_hosts => ['10.0.0.1','10.0.0.2']}" end it 'configures trove-api with RabbitMQ' do - is_expected.to contain_trove_config('DEFAULT/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) + is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) end end @@ -107,6 +107,60 @@ describe 'trove::api' do end end end + + context 'with SSL enabled with kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true, + kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', + kombu_ssl_certfile => '/path/to/ssl/cert/file', + kombu_ssl_keyfile => '/path/to/ssl/keyfile', + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL enabled without kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true}" + end + + it do + is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL disabled' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => false, + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') + end + end + end context 'on Debian platforms' do diff --git a/spec/classes/trove_conductor_spec.rb b/spec/classes/trove_conductor_spec.rb index d3dc4c5..1414e77 100644 --- a/spec/classes/trove_conductor_spec.rb +++ b/spec/classes/trove_conductor_spec.rb @@ -40,7 +40,7 @@ describe 'trove::conductor' do rabbit_host => '10.0.0.1'}" end it 'configures trove-conductor with RabbitMQ' do - is_expected.to contain_trove_conductor_config('DEFAULT/rabbit_host').with_value('10.0.0.1') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/rabbit_host').with_value('10.0.0.1') end end @@ -51,7 +51,7 @@ describe 'trove::conductor' do rabbit_hosts => ['10.0.0.1','10.0.0.2']}" end it 'configures trove-conductor with RabbitMQ' do - is_expected.to contain_trove_conductor_config('DEFAULT/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) end end @@ -66,6 +66,60 @@ describe 'trove::conductor' do end end end + + context 'with SSL enabled with kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true, + kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', + kombu_ssl_certfile => '/path/to/ssl/cert/file', + kombu_ssl_keyfile => '/path/to/ssl/keyfile', + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL enabled without kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true}" + end + + it do + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL disabled' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => false, + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_conductor_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') + end + end + end context 'on Debian platforms' do diff --git a/spec/classes/trove_guestagent_spec.rb b/spec/classes/trove_guestagent_spec.rb index 09846c6..f142b83 100644 --- a/spec/classes/trove_guestagent_spec.rb +++ b/spec/classes/trove_guestagent_spec.rb @@ -40,7 +40,7 @@ describe 'trove::guestagent' do rabbit_host => '10.0.0.1'}" end it 'configures trove-guestagent with RabbitMQ' do - is_expected.to contain_trove_guestagent_config('DEFAULT/rabbit_host').with_value('10.0.0.1') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/rabbit_host').with_value('10.0.0.1') end end @@ -51,7 +51,7 @@ describe 'trove::guestagent' do rabbit_hosts => ['10.0.0.1','10.0.0.2']}" end it 'configures trove-guestagent with RabbitMQ' do - is_expected.to contain_trove_guestagent_config('DEFAULT/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) end end end @@ -72,6 +72,59 @@ describe 'trove::guestagent' do end end + context 'with SSL enabled with kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true, + kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', + kombu_ssl_certfile => '/path/to/ssl/cert/file', + kombu_ssl_keyfile => '/path/to/ssl/keyfile', + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL enabled without kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true}" + end + + it do + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL disabled' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => false, + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_guestagent_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') + end + end + end context 'on Debian platforms' do diff --git a/spec/classes/trove_taskmanager_spec.rb b/spec/classes/trove_taskmanager_spec.rb index 6c2ffc6..09e4303 100644 --- a/spec/classes/trove_taskmanager_spec.rb +++ b/spec/classes/trove_taskmanager_spec.rb @@ -59,7 +59,7 @@ describe 'trove::taskmanager' do rabbit_host => '10.0.0.1'}" end it 'configures trove-taskmanager with RabbitMQ' do - is_expected.to contain_trove_taskmanager_config('DEFAULT/rabbit_host').with_value('10.0.0.1') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/rabbit_host').with_value('10.0.0.1') end end @@ -70,7 +70,7 @@ describe 'trove::taskmanager' do rabbit_hosts => ['10.0.0.1','10.0.0.2']}" end it 'configures trove-taskmanager with RabbitMQ' do - is_expected.to contain_trove_taskmanager_config('DEFAULT/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/rabbit_hosts').with_value(['10.0.0.1,10.0.0.2']) end end @@ -125,6 +125,59 @@ describe 'trove::taskmanager' do end end end + context 'with SSL enabled with kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true, + kombu_ssl_ca_certs => '/path/to/ssl/ca/certs', + kombu_ssl_certfile => '/path/to/ssl/cert/file', + kombu_ssl_keyfile => '/path/to/ssl/keyfile', + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL enabled without kombu' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => true}" + end + + it do + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') + end + end + + context 'with SSL disabled' do + let :pre_condition do + "class { 'trove': + nova_proxy_admin_pass => 'verysecrete', + rabbit_use_ssl => false, + kombu_ssl_version => 'TLSv1'}" + end + + it do + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_trove_taskmanager_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') + end + end + end context 'on Debian platforms' do -- 1.9.1