Merge "Flatten rabbitmq service - step 1"
This commit is contained in:
commit
a269c1a5a6
@ -30,25 +30,38 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/notify-rabbitmq-shared.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the oslo messaging notify role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]}
|
||||
service_name: oslo_messaging_notify
|
||||
global_config_settings:
|
||||
oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_notify_password: {get_param: RpcPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: RpcPort}
|
||||
|
@ -48,9 +48,25 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
NotifyPort:
|
||||
default: 5672
|
||||
description: The network port for messaging Notify backend
|
||||
type: number
|
||||
NotifyUserName:
|
||||
default: guest
|
||||
description: The username for messaging Notifications
|
||||
type: string
|
||||
NotifyPassword:
|
||||
description: The password for messaging Notifications
|
||||
type: string
|
||||
hidden: true
|
||||
NotifyUseSSL:
|
||||
default: false
|
||||
description: Messaging Notification client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
@ -58,13 +74,13 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/notify-rabbitmq.yaml
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -72,18 +88,68 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
service_name: oslo_messaging_notify
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
# RabbitMQ plugins initialization occurs on every node
|
||||
global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: NotifyUserName}
|
||||
oslo_messaging_notify_password: {get_param: NotifyPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: NotifyPort}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
- rabbitmq::admin_enable: false
|
||||
- if:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: NotifyUserName}
|
||||
rabbitmq::default_pass: {get_param: NotifyPassword}
|
||||
tripleo::oslo_messaging_notify::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: NotifyPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: NotifyPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: NotifyPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
rabbitmq::admin_enable: false
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rabbitmq
|
||||
@ -91,7 +157,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
@ -208,7 +274,13 @@ outputs:
|
||||
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
||||
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
@ -48,9 +48,26 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
@ -58,13 +75,13 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -72,18 +89,67 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
# RabbitMQ plugins initialization occurs on every node
|
||||
global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]}
|
||||
service_name: oslo_messaging_rpc
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_rpc_scheme: rabbit
|
||||
oslo_messaging_rpc_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_rpc_password: {get_param: RpcPassword}
|
||||
oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_rpc_port: {get_param: RpcPort }
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
- rabbitmq::admin_enable: false
|
||||
- if:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: RpcUserName}
|
||||
rabbitmq::default_pass: {get_param: RpcPassword}
|
||||
tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: RpcPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: RpcPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: RpcPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
rabbitmq::admin_enable: false
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rabbitmq
|
||||
@ -91,7 +157,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
@ -208,7 +274,13 @@ outputs:
|
||||
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
||||
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
@ -71,7 +71,7 @@ resources:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/notify-rabbitmq.yaml
|
||||
type: ../messaging/notify-rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -115,7 +115,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
|
@ -70,13 +70,13 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/rabbitmq.yaml
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -84,10 +84,12 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::service_manage: false
|
||||
- rabbitmq::service_manage: false
|
||||
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
|
||||
list_join:
|
||||
@ -257,7 +259,7 @@ outputs:
|
||||
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
|
||||
for pid in $(pgrep epmd --ns 1 --nslist pid); do kill $pid; done
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
|
||||
deploy_steps_tasks:
|
||||
- name: RabbitMQ tag container image for pacemaker
|
||||
when: step|int == 1
|
||||
|
@ -71,7 +71,7 @@ resources:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml
|
||||
type: ../messaging/rpc-rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
|
@ -48,6 +48,50 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RabbitUserName:
|
||||
default: guest
|
||||
description: The username for RabbitMQ
|
||||
type: string
|
||||
RabbitPassword:
|
||||
description: The password for RabbitMQ
|
||||
type: string
|
||||
hidden: true
|
||||
RabbitFDLimit:
|
||||
default: 65536
|
||||
description: Configures RabbitMQ FD limit
|
||||
type: number
|
||||
RabbitIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 in RabbitMQ
|
||||
type: boolean
|
||||
RabbitCookie:
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
RabbitHAQueues:
|
||||
description:
|
||||
The number of HA queues to be configured in rabbit. The default is -1 which
|
||||
translates to "ha-mode all". The special value 0 will be automatically
|
||||
overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
|
||||
default: 0
|
||||
type: number
|
||||
RabbitNetTickTime:
|
||||
description:
|
||||
The number of seconds to configure the value of the erlang
|
||||
net_ticktime kernel variable.
|
||||
default: 15
|
||||
type: number
|
||||
RabbitAdditionalErlArgs:
|
||||
description:
|
||||
Additional parameters passed to the Erlang subsystem. The string
|
||||
needs to be enclosed in quotes twice. We default to +sbwt none
|
||||
in order to have the erlang vm be less busy on spinlocks, but
|
||||
we allow a simple way of overriding it.
|
||||
default: "'+sbwt none'"
|
||||
type: string
|
||||
MonitoringSubscriptionRabbitmq:
|
||||
default: 'overcloud-rabbitmq'
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
@ -58,31 +102,107 @@ resources:
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
RabbitmqBase:
|
||||
type: ../../puppet/services/rabbitmq.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Rabbitmq API role.
|
||||
value:
|
||||
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
|
||||
# RabbitMQ plugins initialization occurs on every node
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
||||
-
|
||||
rabbitmq::file_limit: {get_param: RabbitFDLimit}
|
||||
rabbitmq::default_user: {get_param: RabbitUserName}
|
||||
rabbitmq::default_pass: {get_param: RabbitPassword}
|
||||
rabbit_ipv6: {get_param: RabbitIPv6}
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- 5672
|
||||
- 25672
|
||||
rabbitmq::delete_guest_user: false
|
||||
rabbitmq::wipe_db_on_cookie_change: true
|
||||
rabbitmq::port: 5672
|
||||
rabbitmq::package_provider: yum
|
||||
rabbitmq::package_source: undef
|
||||
rabbitmq::repos_ensure: false
|
||||
rabbitmq::tcp_keepalive: true
|
||||
rabbitmq_environment:
|
||||
NODE_PORT: ''
|
||||
NODE_IP_ADDRESS: ''
|
||||
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
|
||||
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"'
|
||||
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs}
|
||||
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
|
||||
rabbitmq_kernel_variables:
|
||||
inet_dist_listen_min: '25672'
|
||||
inet_dist_listen_max: '25672'
|
||||
net_ticktime: {get_param: RabbitNetTickTime}
|
||||
rabbitmq_config_variables:
|
||||
cluster_partition_handling: 'ignore'
|
||||
queue_master_locator: '<<"min-masters">>'
|
||||
loopback_users: '[]'
|
||||
rabbitmq::erlang_cookie:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
- rabbitmq::admin_enable: false
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
||||
- {}
|
||||
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rabbitmq
|
||||
@ -90,7 +210,7 @@ outputs:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
||||
- get_attr: [RabbitmqBase, role_data, step_config]
|
||||
- "include ::tripleo::profile::base::rabbitmq"
|
||||
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/rabbitmq.json:
|
||||
@ -207,7 +327,13 @@ outputs:
|
||||
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
||||
- /var/lib/rabbitmq:/var/lib/rabbitmq
|
||||
metadata_settings:
|
||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
@ -49,7 +49,7 @@ resource_registry:
|
||||
OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml
|
||||
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
|
||||
OS::TripleO::Services::Qdr: OS::Heat::None
|
||||
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
|
||||
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
|
||||
OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml
|
||||
OS::TripleO::Services::Sshd: ../deployment/sshd/sshd-baremetal-puppet.yaml
|
||||
OS::TripleO::Services::SwiftDispersion: ../deployment/swift/swift-dispersion-baremetal-puppet.yaml
|
||||
|
@ -1,63 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service for messaging Notifications configured with Puppet
|
||||
using a single shared rabbit backend
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OsloMessagingNotify role.
|
||||
value:
|
||||
service_name: oslo_messaging_notify
|
||||
global_config_settings:
|
||||
oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_notify_password: {get_param: RpcPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: RpcPort}
|
@ -1,147 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service for messaging Notifications configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
NotifyPort:
|
||||
default: 5672
|
||||
description: The network port for messaging Notify backend
|
||||
type: number
|
||||
NotifyUserName:
|
||||
default: guest
|
||||
description: The username for messaging Notifications
|
||||
type: string
|
||||
NotifyPassword:
|
||||
description: The password for messaging Notifications
|
||||
type: string
|
||||
hidden: true
|
||||
NotifyUseSSL:
|
||||
default: false
|
||||
description: Messaging Notification client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
resources:
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OsloMessagingNotify role.
|
||||
value:
|
||||
service_name: oslo_messaging_notify
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_notify_scheme: rabbit
|
||||
oslo_messaging_notify_user_name: {get_param: NotifyUserName}
|
||||
oslo_messaging_notify_password: {get_param: NotifyPassword}
|
||||
oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL}
|
||||
oslo_messaging_notify_port: {get_param: NotifyPort}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: NotifyUserName}
|
||||
rabbitmq::default_pass: {get_param: NotifyPassword}
|
||||
tripleo::oslo_messaging_notify::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: NotifyPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: NotifyPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: NotifyPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
upgrade_tasks:
|
||||
- name: Stop rabbitmq service
|
||||
when: step|int == 2
|
||||
service: name=rabbitmq-server state=stopped
|
||||
- name: Start rabbitmq service
|
||||
when: step|int == 4
|
||||
service: name=rabbitmq-server state=started
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
type: node
|
||||
- null
|
@ -1,148 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service for messaging RPCs configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
RpcUserName:
|
||||
default: guest
|
||||
description: The username for messaging backend
|
||||
type: string
|
||||
RpcPassword:
|
||||
description: The password for messaging backend
|
||||
type: string
|
||||
hidden: true
|
||||
RpcUseSSL:
|
||||
default: false
|
||||
description: >
|
||||
Messaging client subscriber parameter to specify
|
||||
an SSL connection to the messaging host.
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
resources:
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OsloMessagingRpc role.
|
||||
value:
|
||||
service_name: oslo_messaging_rpc
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
global_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, global_config_settings]
|
||||
- oslo_messaging_rpc_scheme: rabbit
|
||||
oslo_messaging_rpc_user_name: {get_param: RpcUserName}
|
||||
oslo_messaging_rpc_password: {get_param: RpcPassword}
|
||||
oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL}
|
||||
oslo_messaging_rpc_port: {get_param: RpcPort }
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: RpcUserName}
|
||||
rabbitmq::default_pass: {get_param: RpcPassword}
|
||||
tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- {get_param: RpcPort}
|
||||
- 25672
|
||||
rabbitmq::port: {get_param: RpcPort}
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: {get_param: RpcPort}
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
upgrade_tasks:
|
||||
- name: Stop rabbitmq service
|
||||
when: step|int == 2
|
||||
service: name=rabbitmq-server state=stopped
|
||||
- name: Start rabbitmq service
|
||||
when: step|int == 4
|
||||
service: name=rabbitmq-server state=started
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
type: node
|
||||
- null
|
@ -1,58 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service with Pacemaker configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
||||
resources:
|
||||
RabbitMQServiceBase:
|
||||
type: ../rabbitmq.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the RabbitMQ pacemaker role.
|
||||
value:
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::service_manage: false
|
||||
step_config: |
|
||||
include ::tripleo::profile::pacemaker::rabbitmq
|
||||
metadata_settings:
|
||||
get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
|
@ -1,195 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
RabbitMQ service configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RabbitUserName:
|
||||
default: guest
|
||||
description: The username for RabbitMQ
|
||||
type: string
|
||||
RabbitPassword:
|
||||
description: The password for RabbitMQ
|
||||
type: string
|
||||
hidden: true
|
||||
RabbitFDLimit:
|
||||
default: 65536
|
||||
description: Configures RabbitMQ FD limit
|
||||
type: number
|
||||
RabbitIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 in RabbitMQ
|
||||
type: boolean
|
||||
RabbitCookie:
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
RabbitHAQueues:
|
||||
description:
|
||||
The number of HA queues to be configured in rabbit. The default is -1 which
|
||||
translates to "ha-mode all". The special value 0 will be automatically
|
||||
overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
|
||||
default: 0
|
||||
type: number
|
||||
RabbitNetTickTime:
|
||||
description:
|
||||
The number of seconds to configure the value of the erlang
|
||||
net_ticktime kernel variable.
|
||||
default: 15
|
||||
type: number
|
||||
RabbitAdditionalErlArgs:
|
||||
description:
|
||||
Additional parameters passed to the Erlang subsystem. The string
|
||||
needs to be enclosed in quotes twice. We default to +sbwt none
|
||||
in order to have the erlang vm be less busy on spinlocks, but
|
||||
we allow a simple way of overriding it.
|
||||
default: "'+sbwt none'"
|
||||
type: string
|
||||
MonitoringSubscriptionRabbitmq:
|
||||
default: 'overcloud-rabbitmq'
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the RabbitMQ role.
|
||||
value:
|
||||
service_name: rabbitmq
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
|
||||
config_settings:
|
||||
map_merge:
|
||||
-
|
||||
rabbitmq::file_limit: {get_param: RabbitFDLimit}
|
||||
rabbitmq::default_user: {get_param: RabbitUserName}
|
||||
rabbitmq::default_pass: {get_param: RabbitPassword}
|
||||
rabbit_ipv6: {get_param: RabbitIPv6}
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
- 5672
|
||||
- 25672
|
||||
rabbitmq::delete_guest_user: false
|
||||
rabbitmq::wipe_db_on_cookie_change: true
|
||||
rabbitmq::port: 5672
|
||||
rabbitmq::package_provider: yum
|
||||
rabbitmq::package_source: undef
|
||||
rabbitmq::repos_ensure: false
|
||||
rabbitmq::tcp_keepalive: true
|
||||
rabbitmq_environment:
|
||||
NODE_PORT: ''
|
||||
NODE_IP_ADDRESS: ''
|
||||
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
|
||||
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"'
|
||||
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs}
|
||||
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
|
||||
rabbitmq_kernel_variables:
|
||||
inet_dist_listen_min: '25672'
|
||||
inet_dist_listen_max: '25672'
|
||||
net_ticktime: {get_param: RabbitNetTickTime}
|
||||
rabbitmq_config_variables:
|
||||
cluster_partition_handling: 'ignore'
|
||||
queue_master_locator: '<<"min-masters">>'
|
||||
loopback_users: '[]'
|
||||
rabbitmq::erlang_cookie:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: RabbitCookie}
|
||||
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
rabbitmq::interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
|
||||
rabbitmq::ssl: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
# TODO(jaosorior): Remove this once we set a proper default in
|
||||
# puppet-tripleo
|
||||
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
upgrade_tasks:
|
||||
- name: Stop rabbitmq service
|
||||
when: step|int == 2
|
||||
service: name=rabbitmq-server state=stopped
|
||||
- name: Start rabbitmq service
|
||||
when: step|int == 4
|
||||
service: name=rabbitmq-server state=started
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: rabbitmq
|
||||
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
type: node
|
||||
- null
|
@ -3,7 +3,7 @@ environments:
|
||||
name: messaging/rpc-rabbitmq-notify-rabbitmq-shared
|
||||
title: Share single rabbitmq backend for rpc and notify messaging backend
|
||||
files:
|
||||
puppet/services/messaging/rpc-rabbitmq.yaml:
|
||||
docker/services/messaging/rpc-rabbitmq.yaml:
|
||||
parameters:
|
||||
- RpcPort
|
||||
sample_value:
|
||||
@ -21,7 +21,7 @@ environments:
|
||||
puppet/services/messaging/rpc-qdrouterd.yaml:
|
||||
parameters:
|
||||
- RpcPort
|
||||
puppet/services/messaging/notify-rabbitmq.yaml:
|
||||
docker/services/messaging/notify-rabbitmq.yaml:
|
||||
parameters:
|
||||
- NotifyPort
|
||||
sample_values:
|
||||
|
@ -37,7 +37,7 @@ environments:
|
||||
puppet/services/nova-base.yaml:
|
||||
parameters:
|
||||
- RpcUseSSL
|
||||
puppet/services/messaging/notify-rabbitmq.yaml:
|
||||
docker/services/messaging/notify-rabbitmq.yaml:
|
||||
parameters:
|
||||
- NotifyUseSSL
|
||||
overcloud.yaml:
|
||||
|
@ -235,9 +235,6 @@ VALIDATE_PUPPET_OVERRIDE = {
|
||||
# qdr aliases rabbitmq service to provide alternative messaging backend
|
||||
'./puppet/services/qdr.yaml': False,
|
||||
# puppet/services/messaging/*.yaml provide oslo_messaging services
|
||||
'./puppet/services/messaging/notify-rabbitmq-shared.yaml': False,
|
||||
'./puppet/services/messaging/notify-rabbitmq.yaml': False,
|
||||
'./puppet/services/messaging/rpc-rabbitmq.yaml': False,
|
||||
'./puppet/services/messaging/rpc-qdrouterd.yaml': False,
|
||||
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user