openstack/kolla-ansible
Code Issues Proposed changes
f12a4a6dad
kolla-ansible/ansible/roles/rabbitmq/templates/rabbitmq-env.conf.j2
Paul Bourke d8fe3ea780 Add a new 'outward' rabbitmq instance 
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]

Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.

This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.

Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.

Based on the original work by bdaca[2]

[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525

Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
2017-06-15 11:12:22 +00:00

20 lines
870 B
Django/Jinja
Raw Blame History

RABBITMQ_NODENAME=rabbit
{% if orchestration_engine == 'ANSIBLE' %}
RABBITMQ_BOOT_MODULE=rabbit_clusterer
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-pa /usr/lib/rabbitmq/lib/{{ rabbitmq_version }}"
{%- endif %}
RABBITMQ_LOG_BASE=/var/log/kolla/{{ project_name }}
# TODO(sdake, vhosakot)
# erlang by default binds to wildcard (all interfaces) and can potentially
# interfere with the neutron external or tenant networks. We should in theory
# bind epmd to the host's IPv4 address to address the issue however this also
# has issues and can crash erlang when it is compiled with IPv6 support.
# See bugs:
# https://bugs.launchpad.net/ubuntu/+source/erlang/+bug/1374109
# https://bugs.launchpad.net/kolla/+bug/1562701
# https://bugzilla.redhat.com/show_bug.cgi?id=1324922
#export ERL_EPMD_ADDRESS={{ api_interface_address }}
export ERL_EPMD_PORT={{ role_rabbitmq_epmd_port }}
View Git Blame Copy Permalink