RabbitMQ TLS support
Usage: see README.rst
Releases: Mitaka, Newton, Ocata
OSCORE-383
Change-Id: I5e51d5be3c07415e312d90bb0df89bf9639fcba6
diff --git a/README.rst b/README.rst
index 14403eb..bb7146f 100644
--- a/README.rst
+++ b/README.rst
@@ -305,6 +305,56 @@
virtual_host: '/openstack'
....
+Client-side RabbitMQ TLS configuration:
+
+|
+
+By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
+
+.. code-block:: yaml
+
+ keystone:
+ server:
+ ....
+ message_queue:
+ ssl:
+ enabled: True
+
+Use `cacert_file` option to specify the CA-cert file path explicitly:
+
+.. code-block:: yaml
+
+ keystone:
+ server:
+ ....
+ message_queue:
+ ssl:
+ enabled: True
+ cacert_file: /etc/ssl/rabbitmq-ca.pem
+
+To manage content of the `cacert_file` use the `cacert` option:
+
+.. code-block:: yaml
+
+ keystone:
+ server:
+ ....
+ message_queue:
+ ssl:
+ enabled: True
+ cacert: |
+
+ -----BEGIN CERTIFICATE-----
+ ...
+ -----END CERTIFICATE-------
+
+ cacert_file: /etc/openstack/rabbitmq-ca.pem
+
+
+Notice:
+ * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
+ * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
+
Enable CADF audit notification
.. code-block:: yaml