Merge "RabbitMQ TLS support"
diff --git a/README.rst b/README.rst
index 899d5c1..e9eb4cf 100644
--- a/README.rst
+++ b/README.rst
@@ -59,7 +59,7 @@
multihost: true
multipath: true
pool: SAS7K2
- audit:
+ audit:
enabled: false
osapi_max_limit: 500
@@ -161,6 +161,62 @@
virtual_host: '/openstack'
....
+
+**Client-side RabbitMQ TLS configuration.**
+
+|
+
+To enable TLS for oslo.messaging you need to provide the CA certificate.
+By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
+
+.. code-block:: yaml
+
+ cinder:
+ controller or volume:
+ ....
+ message_queue:
+ ssl:
+ enabled: True
+
+
+
+Use `cacert_file` option to specify the CA-cert file path explicitly:
+
+.. code-block:: yaml
+
+ cinder:
+ controller or volume:
+ ....
+ message_queue:
+ ssl:
+ enabled: True
+ cacert_file: /etc/ssl/rabbitmq-ca.pem
+
+To manage content of the `cacert_file` use the `cacert` option:
+
+.. code-block:: yaml
+
+ cinder:
+ controller or volume:
+ ....
+ message_queue:
+ ssl:
+ enabled: True
+ cacert: |
+
+ -----BEGIN CERTIFICATE-----
+ ...
+ -----END CERTIFICATE-------
+
+ cacert_file: /etc/openstack/rabbitmq-ca.pem
+
+
+Notice:
+ * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
+ * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
+
+
+
Cinder setup with zeroing deleted volumes
.. code-block:: yaml
@@ -438,7 +494,7 @@
type_name: GPFS-SILVER
engine: gpfs
mount_point: '/mnt/gpfs-openstack/cinder/silver'
-
+
Cinder setup with HP LeftHand
.. code-block:: yaml
@@ -460,7 +516,7 @@
.. code-block:: yaml
- cinder type-key normal-storage set hplh:data_pl=r-10-2 hplh:provisioning=full
+ cinder type-key normal-storage set hplh:data_pl=r-10-2 hplh:provisioning=full
Cinder setup with Solidfire
@@ -525,7 +581,7 @@
ceph_user: cinder
ceph_chunk_size: 134217728
restore_discard_excess_bytes: false
-
+
Enable auditing filter, ie: CADF
.. code-block:: yaml
diff --git a/cinder/controller.sls b/cinder/controller.sls
index 251abca..05c3c99 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller with context %}
+{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
{%- if controller.get('enabled', False) %}
{%- set user = controller %}
@@ -63,6 +63,9 @@
- onlyif: /bin/false
{%- endif %}
- watch:
+ {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca
+ {%- endif %}
- file: /etc/cinder/cinder.conf
- file: /etc/cinder/api-paste.ini
- file: /etc/apache2/conf-available/cinder-wsgi.conf
@@ -77,6 +80,9 @@
- onlyif: /bin/false
{%- endif %}
- watch:
+ {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca
+ {%- endif %}
- file: /etc/cinder/cinder.conf
- file: /etc/cinder/api-paste.ini
@@ -102,6 +108,9 @@
- onlyif: /bin/false
{%- endif %}
- watch:
+ {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca
+ {%- endif %}
- file: /etc/cinder/cinder.conf
- file: /etc/cinder/api-paste.ini
@@ -175,9 +184,26 @@
- names: {{ controller.backup.services }}
- enable: true
- watch:
+ {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca
+ {%- endif %}
- file: /etc/cinder/cinder.conf
- file: /etc/cinder/api-paste.ini
{%- endif %}
+{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca:
+{%- if controller.message_queue.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ controller.message_queue.ssl.cacert_file }}
+ - contents_pillar: cinder:controller:message_queue:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ controller.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+{%- endif %}
+{%- endif %}
+
{%- endif %}
diff --git a/cinder/files/mitaka/cinder.conf.controller.Debian b/cinder/files/mitaka/cinder.conf.controller.Debian
index b1ba8c2..2fd4277 100644
--- a/cinder/files/mitaka/cinder.conf.controller.Debian
+++ b/cinder/files/mitaka/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller with context %}
+{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -122,14 +122,31 @@
lock_path=/var/lock/cinder
[oslo_messaging_rabbit]
+{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if controller.message_queue.members is defined %}
rabbit_hosts = {% for member in controller.message_queue.members -%}
- {{ member.host }}:{{ member.get('port', 5672) }}
+ {{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
{%- else %}
rabbit_host = {{ controller.message_queue.host }}
-rabbit_port = {{ controller.message_queue.port }}
+rabbit_port = {{ rabbit_port }}
+{%- endif %}
+
+{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if controller.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ controller.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+{%- if controller.message_queue.ssl.cacert_file is defined %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
+{%- else %}
+kombu_ssl_ca_certs={{ system_cacerts_file }}
+{%- endif %}
{%- endif %}
rabbit_userid = {{ controller.message_queue.user }}
diff --git a/cinder/files/mitaka/cinder.conf.volume.Debian b/cinder/files/mitaka/cinder.conf.volume.Debian
index 5eee92a..8e90e4d 100644
--- a/cinder/files/mitaka/cinder.conf.volume.Debian
+++ b/cinder/files/mitaka/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume with context %}
+{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -107,14 +107,31 @@
lock_path=/var/lock/cinder
[oslo_messaging_rabbit]
+{%- set rabbit_port = volume.message_queue.get('port', 5671 if volume.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if volume.message_queue.members is defined %}
rabbit_hosts = {% for member in volume.message_queue.members -%}
- {{ member.host }}:{{ member.get('port', 5672) }}
+ {{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
{%- else %}
rabbit_host = {{ volume.message_queue.host }}
-rabbit_port = {{ volume.message_queue.port }}
+rabbit_port = {{ rabbit_port }}
+{%- endif %}
+
+{%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if volume.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ volume.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+{%- if volume.message_queue.ssl.cacert_file is defined %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
+{%- else %}
+kombu_ssl_ca_certs={{ system_cacerts_file }}
+{%- endif %}
{%- endif %}
rabbit_userid = {{ volume.message_queue.user }}
diff --git a/cinder/files/newton/cinder.conf.controller.Debian b/cinder/files/newton/cinder.conf.controller.Debian
index c8f137c..9d2e42b 100644
--- a/cinder/files/newton/cinder.conf.controller.Debian
+++ b/cinder/files/newton/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller with context %}
+{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -65,7 +65,6 @@
rpc_response_timeout=3600
#Rabbit
-rpc_backend=rabbit
control_exchange=cinder
@@ -96,14 +95,15 @@
osapi_volume_extension = cinder.api.contrib.standard_extensions
+{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if controller.message_queue.members is defined %}
transport_url = rabbit://{% for member in controller.message_queue.members -%}
- {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ controller.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ controller.message_queue.port }}/{{ controller.message_queue.virtual_host }}
+transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port }}/{{ controller.message_queue.virtual_host }}
{%- endif %}
{%- if controller.backup.engine != None %}
@@ -141,7 +141,23 @@
enable_proxy_headers_parsing = True
+{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
[oslo_messaging_rabbit]
+rabbit_use_ssl=true
+
+{%- if controller.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ controller.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+{%- if controller.message_queue.ssl.cacert_file is defined %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
+{%- else %}
+kombu_ssl_ca_certs={{ system_cacerts_file }}
+{%- endif %}
+{%- endif %}
+
[keystone_authtoken]
signing_dir=/tmp/keystone-signing-cinder
diff --git a/cinder/files/newton/cinder.conf.volume.Debian b/cinder/files/newton/cinder.conf.volume.Debian
index d5ff9cf..04d8cc0 100644
--- a/cinder/files/newton/cinder.conf.volume.Debian
+++ b/cinder/files/newton/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume with context %}
+{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -62,7 +62,6 @@
rpc_response_timeout=3600
#Rabbit
-rpc_backend=rabbit
control_exchange=cinder
@@ -85,14 +84,15 @@
nova_catalog_admin_info = compute:nova:adminURL
nova_catalog_info = compute:nova:{{ volume.identity.get('endpoint_type', 'publicURL') }}
+{%- set rabbit_port = volume.message_queue.get('port', 5671 if volume.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if volume.message_queue.members is defined %}
transport_url = rabbit://{% for member in volume.message_queue.members -%}
- {{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ volume.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ volume.message_queue.host }}:{{ volume.message_queue.port }}/{{ volume.message_queue.virtual_host }}
+transport_url = rabbit://{{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ volume.message_queue.host }}:{{ rabbit_port }}/{{ volume.message_queue.virtual_host }}
{%- endif %}
{%- if volume.backup.engine != None %}
@@ -130,7 +130,22 @@
enable_proxy_headers_parsing = True
+{%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
[oslo_messaging_rabbit]
+rabbit_use_ssl=true
+
+{%- if volume.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ volume.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+{%- if volume.message_queue.ssl.cacert_file is defined %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
+{%- else %}
+kombu_ssl_ca_certs={{ system_cacerts_file }}
+{%- endif %}
+{%- endif %}
[keystone_authtoken]
signing_dir=/tmp/keystone-signing-cinder
diff --git a/cinder/files/ocata/cinder.conf.controller.Debian b/cinder/files/ocata/cinder.conf.controller.Debian
index c8f137c..9d2e42b 100644
--- a/cinder/files/ocata/cinder.conf.controller.Debian
+++ b/cinder/files/ocata/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller with context %}
+{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -65,7 +65,6 @@
rpc_response_timeout=3600
#Rabbit
-rpc_backend=rabbit
control_exchange=cinder
@@ -96,14 +95,15 @@
osapi_volume_extension = cinder.api.contrib.standard_extensions
+{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if controller.message_queue.members is defined %}
transport_url = rabbit://{% for member in controller.message_queue.members -%}
- {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ controller.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ controller.message_queue.port }}/{{ controller.message_queue.virtual_host }}
+transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port }}/{{ controller.message_queue.virtual_host }}
{%- endif %}
{%- if controller.backup.engine != None %}
@@ -141,7 +141,23 @@
enable_proxy_headers_parsing = True
+{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
[oslo_messaging_rabbit]
+rabbit_use_ssl=true
+
+{%- if controller.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ controller.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+{%- if controller.message_queue.ssl.cacert_file is defined %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
+{%- else %}
+kombu_ssl_ca_certs={{ system_cacerts_file }}
+{%- endif %}
+{%- endif %}
+
[keystone_authtoken]
signing_dir=/tmp/keystone-signing-cinder
diff --git a/cinder/files/ocata/cinder.conf.volume.Debian b/cinder/files/ocata/cinder.conf.volume.Debian
index d5ff9cf..04d8cc0 100644
--- a/cinder/files/ocata/cinder.conf.volume.Debian
+++ b/cinder/files/ocata/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume with context %}
+{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -62,7 +62,6 @@
rpc_response_timeout=3600
#Rabbit
-rpc_backend=rabbit
control_exchange=cinder
@@ -85,14 +84,15 @@
nova_catalog_admin_info = compute:nova:adminURL
nova_catalog_info = compute:nova:{{ volume.identity.get('endpoint_type', 'publicURL') }}
+{%- set rabbit_port = volume.message_queue.get('port', 5671 if volume.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if volume.message_queue.members is defined %}
transport_url = rabbit://{% for member in volume.message_queue.members -%}
- {{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ volume.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ volume.message_queue.host }}:{{ volume.message_queue.port }}/{{ volume.message_queue.virtual_host }}
+transport_url = rabbit://{{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ volume.message_queue.host }}:{{ rabbit_port }}/{{ volume.message_queue.virtual_host }}
{%- endif %}
{%- if volume.backup.engine != None %}
@@ -130,7 +130,22 @@
enable_proxy_headers_parsing = True
+{%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
[oslo_messaging_rabbit]
+rabbit_use_ssl=true
+
+{%- if volume.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ volume.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+{%- if volume.message_queue.ssl.cacert_file is defined %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
+{%- else %}
+kombu_ssl_ca_certs={{ system_cacerts_file }}
+{%- endif %}
+{%- endif %}
[keystone_authtoken]
signing_dir=/tmp/keystone-signing-cinder
diff --git a/cinder/map.jinja b/cinder/map.jinja
index d0ea11a..134ac55 100644
--- a/cinder/map.jinja
+++ b/cinder/map.jinja
@@ -1,3 +1,7 @@
+{%- set system_cacerts_file = salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+})%}
{% set controller = salt['grains.filter_by']({
'Debian': {
diff --git a/cinder/volume.sls b/cinder/volume.sls
index d257902..80addca 100644
--- a/cinder/volume.sls
+++ b/cinder/volume.sls
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume with context %}
+{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
{%- if volume.enabled %}
{%- if not pillar.cinder.get('controller', {}).get('enabled', False) %}
@@ -22,6 +22,20 @@
{%- if not pillar.cinder.get('controller', {}).get('enabled', False) %}
+{%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca:
+{%- if volume.message_queue.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ volume.message_queue.ssl.cacert_file }}
+ - contents_pillar: cinder:volume:message_queue:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ volume.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+{%- endif %}
+{%- endif %}
+
/etc/cinder/cinder.conf:
file.managed:
- source: salt://cinder/files/{{ volume.version }}/cinder.conf.volume.{{ grains.os_family }}
@@ -50,6 +64,9 @@
- onlyif: /bin/false
{%- endif %}
- watch:
+ {%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca
+ {%- endif %}
- file: /etc/cinder/cinder.conf
- file: /etc/cinder/api-paste.ini
@@ -65,6 +82,9 @@
- onlyif: /bin/false
{%- endif %}
- watch:
+ {%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca
+ {%- endif %}
- file: /etc/cinder/cinder.conf
- file: /etc/cinder/api-paste.ini
diff --git a/tests/pillar/netapp.sls b/tests/pillar/netapp.sls
index 7746433..5390d66 100644
--- a/tests/pillar/netapp.sls
+++ b/tests/pillar/netapp.sls
@@ -2,6 +2,13 @@
controller:
enabled: true
version: mitaka
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ port: 5672
+ user: openstack
+ password: pwd
+ virtual_host: '/openstack'
backend:
netapp:
engine: netapp
@@ -22,6 +29,13 @@
volume:
enabled: true
version: mitaka
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ port: 5672
+ user: openstack
+ password: pwd
+ virtual_host: '/openstack'
linux:
system:
package:
diff --git a/tests/pillar/nfs.sls b/tests/pillar/nfs.sls
index c79b3c1..f882c79 100644
--- a/tests/pillar/nfs.sls
+++ b/tests/pillar/nfs.sls
@@ -3,6 +3,13 @@
enabled: true
version: liberty
default_volume_type: nfs-driver
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ port: 5672
+ user: openstack
+ password: pwd
+ virtual_host: '/openstack'
backend:
nfs-driver:
engine: nfs
@@ -16,9 +23,16 @@
enabled: true
version: liberty
default_volume_type: nfs-driver
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ port: 5672
+ user: openstack
+ password: pwd
+ virtual_host: '/openstack'
backend:
nfs-driver:
enabled: true
engine: nfs
type_name: nfs-driver
- volume_group: cinder-volume
\ No newline at end of file
+ volume_group: cinder-volume
diff --git a/tests/pillar/ssl.sls b/tests/pillar/ssl.sls
new file mode 100644
index 0000000..c929373
--- /dev/null
+++ b/tests/pillar/ssl.sls
@@ -0,0 +1,13 @@
+include:
+ - .ceph_single
+cinder:
+ controller:
+ message_queue:
+ port: 5671
+ ssl:
+ enabled: True
+ volume:
+ message_queue:
+ port: 5671
+ ssl:
+ enabled: True