Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nova / 17d6fe060fa82896f8b8a2433efd3828866aed7d / . / nova / _ssl / rabbitmq.sls
blob: 8e236e6471371d86207a1aa2fc30811d4b5f2ce9 [file] [log] [blame]
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]1{% from "nova/map.jinja" import controller, compute with context %}
2
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]3{%- if controller.enabled == True %}
4 {%- set nova_msg = controller.message_queue %}
Oleksandr Bryndzii17d6fe02018-09-17 10:15:17 +0000[diff] [blame^]5 {%- set nova_cacert = controller.cacert_file %}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]6 {%- set role = 'controller' %}
7{%- else %}
8 {%- set nova_msg = compute.message_queue %}
Oleksandr Bryndzii17d6fe02018-09-17 10:15:17 +0000[diff] [blame^]9 {%- set nova_cacert = compute.cacert_file %}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]10 {%- set role = 'compute' %}
11{%- endif %}
12
13nova_{{ role }}_ssl_rabbitmq:
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]14 test.show_notification:
15 - text: "Running nova._ssl.rabbitmq"
16
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]17{%- if nova_msg.get('x509',{}).get('enabled',False) %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]18
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]19 {%- set ca_file=nova_msg.x509.ca_file %}
20 {%- set key_file=nova_msg.x509.key_file %}
21 {%- set cert_file=nova_msg.x509.cert_file %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]22
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]23rabbitmq_nova_{{ role }}_ssl_x509_ca:
24 {%- if nova_msg.x509.cacert is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]25 file.managed:
26 - name: {{ ca_file }}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]27 - contents_pillar: nova:{{ role }}:message_queue:x509:cacert
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]28 - mode: 444
29 - user: nova
30 - group: nova
31 - makedirs: true
32 {%- else %}
33 file.exists:
34 - name: {{ ca_file }}
35 {%- endif %}
36
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]37rabbitmq_nova_{{ role }}_ssl_cert:
38 {%- if nova_msg.x509.cert is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]39 file.managed:
40 - name: {{ cert_file }}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]41 - contents_pillar: nova:{{ role }}:message_queue:x509:cert
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]42 - mode: 440
43 - user: nova
44 - group: nova
45 - makedirs: true
46 {%- else %}
47 file.exists:
48 - name: {{ cert_file }}
49 {%- endif %}
50
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]51rabbitmq_nova_{{ role }}_client_ssl_private_key:
52 {%- if nova_msg.x509.key is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]53 file.managed:
54 - name: {{ key_file }}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]55 - contents_pillar: nova:{{ role }}:message_queue:x509:key
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]56 - mode: 400
57 - user: nova
58 - group: nova
59 - makedirs: true
60 {%- else %}
61 file.exists:
62 - name: {{ key_file }}
63 {%- endif %}
64
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]65rabbitmq_nova_{{ role }}_ssl_x509_set_user_and_group:
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]66 file.managed:
67 - names:
68 - {{ ca_file }}
69 - {{ cert_file }}
70 - {{ key_file }}
71 - user: nova
72 - group: nova
73
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]74 {% elif nova_msg.get('ssl',{}).get('enabled',False) %}
75rabbitmq_ca_nova_client_{{ role }}:
76 {%- if nova_msg.ssl.cacert is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]77 file.managed:
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]78 - name: {{ nova_msg.ssl.cacert_file }}
79 - contents_pillar: nova:{{ role }}:message_queue:ssl:cacert
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]80 - mode: 0444
81 - makedirs: true
82 {%- else %}
83 file.exists:
Oleksandr Bryndzii17d6fe02018-09-17 10:15:17 +0000[diff] [blame^]84 - name: {{ nova_msg.ssl.get('cacert_file', nova_cacert) }}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]85 {%- endif %}
86
87{%- endif %}