Implement X.509 auth between Rabbitmq and Cinder Related-Prod: PROD-22757 Change-Id: I52de12e7d846bcb2a1e261026c9965933a712a3d

commit: 0386b1999af82b13f34954856f47800ed77862b9 [log] [tgz]
author: Oleksandr Bryndzii <obryndzii@mirantis.com> Fri Sep 14 15:26:18 2018 +0000
committer: Oleksandr Bryndzii <obryndzii@mirantis.com> Wed Sep 19 07:19:19 2018 +0000
tree: 6eff58aeb2d86003be11ab6d15dd9dae362c2bbd
parent: 9491727670852e33dbe2ce89bc60e95bb8c923fd [diff] [blame]
diff --git a/cinder/files/pike/cinder.conf.volume.Debian b/cinder/files/pike/cinder.conf.volume.Debian
index c88948b..b9dcbfb 100644
--- a/cinder/files/pike/cinder.conf.volume.Debian
+++ b/cinder/files/pike/cinder.conf.volume.Debian

@@ -149,13 +149,19 @@
 [oslo_messaging_rabbit]
 rabbit_use_ssl=true
 
-{%- if volume.message_queue.ssl.version is defined %}
+  {%- if volume.message_queue.ssl.version is defined %}
 kombu_ssl_version = {{ volume.message_queue.ssl.version }}
-{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+  {%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
 kombu_ssl_version = TLSv1_2
-{%- endif %}
+  {%- endif %}
 
+  {%- if volume.message_queue.get('x509',{}).get('enabled', False) %}
+kombu_ssl_ca_certs = {{ volume.message_queue.x509.ca_file }}
+kombu_ssl_keyfile = {{ volume.message_queue.x509.key_file }}
+kombu_ssl_certfile = {{ volume.message_queue.x509.cert_file }}
+  {%- else %}
 kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
+  {%- endif %}
 {%- endif %}
 
 [keystone_authtoken]
commit	0386b1999af82b13f34954856f47800ed77862b9	[log] [tgz]
author	Oleksandr Bryndzii <obryndzii@mirantis.com>	Fri Sep 14 15:26:18 2018 +0000
committer	Oleksandr Bryndzii <obryndzii@mirantis.com>	Wed Sep 19 07:19:19 2018 +0000
tree	6eff58aeb2d86003be11ab6d15dd9dae362c2bbd
parent	9491727670852e33dbe2ce89bc60e95bb8c923fd [diff] [blame]