Fix x509 on Pike Change-Id: I0fa44c510d6af091386f63e2f19fe596358d4e27 Related-Prod: https://mirantis.jira.com/browse/PROD-25028

commit: fe695f56d048d9851d8c924c7fa35672ba55199f [log] [tgz]
author: Mykyta Karpin <mkarpin@mirantis.com> Fri Nov 16 18:08:38 2018 +0200
committer: Mykyta Karpin <mkarpin@mirantis.com> Sun Nov 18 11:31:45 2018 +0000
tree: 44e907ff1972bdcc6a82e5f0e85f73b2ae8aa354
parent: e9d53855eb81cb4ba6926c5ed9807050980cbe3d [diff]
diff --git a/README.rst b/README.rst
index 4c1d819..7b512c4 100644
--- a/README.rst
+++ b/README.rst

@@ -335,6 +335,41 @@
               sinks:
                 - meter_sink
 
+Enable x509 and ssl communication between Ceilometer and Rabbitmq cluster.
+---------------------
+By default communication between Ceilometer and Rabbitmq is unsecure.
+
+ceilometer:
+  server:
+    message_queue:
+      x509:
+        enabled: True
+
+ceilometer:
+  agent:
+    message_queue:
+      x509:
+        enabled: True
+
+You able to set custom certificates in pillar:
+
+ceilometer:
+  server:
+    message_queue:
+      x509:
+        ca_file: (ca certificate path)
+        cert_file: (certificate path)
+        key_file: (key path)
+
+ceilometer:
+  agent:
+    message_queue:
+      x509:
+        ca_file: (ca certificate path)
+        cert_file: (certificate path)
+        key_file: (key path)
+
+
 
 More Information
 ================

diff --git a/ceilometer/files/pike/ceilometer-agent.conf.Debian b/ceilometer/files/pike/ceilometer-agent.conf.Debian
index 4224ccc..4030300 100644
--- a/ceilometer/files/pike/ceilometer-agent.conf.Debian
+++ b/ceilometer/files/pike/ceilometer-agent.conf.Debian

@@ -69,7 +69,16 @@
 kombu_ssl_version = TLSv1_2
 {%- endif %}
 
+  {%- if agent.message_queue.get('x509',{}).get('enabled', False) %}
+kombu_ssl_ca_certs = {{ agent.message_queue.x509.ca_file}}
+
+kombu_ssl_keyfile = {{ agent.message_queue.x509.key_file}}
+
+kombu_ssl_certfile = {{ agent.message_queue.x509.cert_file}}
+
+  {%- else %}
 kombu_ssl_ca_certs = {{ agent.message_queue.ssl.get('cacert_file', agent.cacert_file) }}
+  {%- endif %}
 {%- endif %}
 
 [service_credentials]

diff --git a/ceilometer/files/pike/ceilometer-server.conf.Debian b/ceilometer/files/pike/ceilometer-server.conf.Debian
index 34d3284..a88721e 100644
--- a/ceilometer/files/pike/ceilometer-server.conf.Debian
+++ b/ceilometer/files/pike/ceilometer-server.conf.Debian

@@ -187,7 +187,16 @@
 kombu_ssl_version = TLSv1_2
 {%- endif %}
 
+  {%- if server.message_queue.get('x509',{}).get('enabled', False) %}
+kombu_ssl_ca_certs = {{ server.message_queue.x509.ca_file}}
+
+kombu_ssl_keyfile = {{ server.message_queue.x509.key_file}}
+
+kombu_ssl_certfile = {{ server.message_queue.x509.cert_file}}
+
+  {%- else %}
 kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+  {%- endif %}
 {%- endif %}
 
 [publisher]
commit	fe695f56d048d9851d8c924c7fa35672ba55199f	[log] [tgz]
author	Mykyta Karpin <mkarpin@mirantis.com>	Fri Nov 16 18:08:38 2018 +0200
committer	Mykyta Karpin <mkarpin@mirantis.com>	Sun Nov 18 11:31:45 2018 +0000
tree	44e907ff1972bdcc6a82e5f0e85f73b2ae8aa354
parent	e9d53855eb81cb4ba6926c5ed9807050980cbe3d [diff]