Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nova / fc1cf9b155b5a9b1ab4413b494a116acc230b967 / . / nova / _ssl / rabbitmq.sls
blob: 6abb6f46c2664657632f8c2e8d361ff77a8d4cc0 [file] [log] [blame]
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]1{% from "nova/map.jinja" import controller, compute with context %}
2
obryndziicd76ebc2018-09-20 11:01:32 +0000[diff] [blame]3{%- if controller.get('enabled') %}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]4 {%- set nova_msg = controller.message_queue %}
Oleksandr Bryndzii17d6fe02018-09-17 10:15:17 +0000[diff] [blame]5 {%- set nova_cacert = controller.cacert_file %}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]6 {%- set role = 'controller' %}
7{%- else %}
8 {%- set nova_msg = compute.message_queue %}
Oleksandr Bryndzii17d6fe02018-09-17 10:15:17 +0000[diff] [blame]9 {%- set nova_cacert = compute.cacert_file %}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]10 {%- set role = 'compute' %}
11{%- endif %}
12
13nova_{{ role }}_ssl_rabbitmq:
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]14 test.show_notification:
15 - text: "Running nova._ssl.rabbitmq"
16
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]17{%- if nova_msg.get('x509',{}).get('enabled',False) %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]18
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]19 {%- set ca_file=nova_msg.x509.ca_file %}
20 {%- set key_file=nova_msg.x509.key_file %}
21 {%- set cert_file=nova_msg.x509.cert_file %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]22
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]23rabbitmq_nova_{{ role }}_ssl_x509_ca:
24 {%- if nova_msg.x509.cacert is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]25 file.managed:
26 - name: {{ ca_file }}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]27 - contents_pillar: nova:{{ role }}:message_queue:x509:cacert
Vasyl Saienko55f3b712018-10-03 14:31:17 +0000[diff] [blame]28 - mode: 644
29 - user: root
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]30 - group: nova
31 - makedirs: true
32 {%- else %}
33 file.exists:
34 - name: {{ ca_file }}
35 {%- endif %}
36
obryndziicd76ebc2018-09-20 11:01:32 +0000[diff] [blame]37rabbitmq_nova_{{ role }}_client_ssl_cert:
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]38 {%- if nova_msg.x509.cert is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]39 file.managed:
40 - name: {{ cert_file }}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]41 - contents_pillar: nova:{{ role }}:message_queue:x509:cert
Vasyl Saienko55f3b712018-10-03 14:31:17 +0000[diff] [blame]42 - mode: 640
43 - user: root
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]44 - group: nova
45 - makedirs: true
46 {%- else %}
47 file.exists:
48 - name: {{ cert_file }}
49 {%- endif %}
50
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]51rabbitmq_nova_{{ role }}_client_ssl_private_key:
52 {%- if nova_msg.x509.key is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]53 file.managed:
54 - name: {{ key_file }}
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]55 - contents_pillar: nova:{{ role }}:message_queue:x509:key
Vasyl Saienko55f3b712018-10-03 14:31:17 +0000[diff] [blame]56 - mode: 640
57 - user: root
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]58 - group: nova
59 - makedirs: true
60 {%- else %}
61 file.exists:
62 - name: {{ key_file }}
63 {%- endif %}
64
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]65rabbitmq_nova_{{ role }}_ssl_x509_set_user_and_group:
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]66 file.managed:
67 - names:
68 - {{ ca_file }}
69 - {{ cert_file }}
70 - {{ key_file }}
Vasyl Saienko55f3b712018-10-03 14:31:17 +0000[diff] [blame]71 - user: root
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]72 - group: nova
73
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]74 {% elif nova_msg.get('ssl',{}).get('enabled',False) %}
75rabbitmq_ca_nova_client_{{ role }}:
76 {%- if nova_msg.ssl.cacert is defined %}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]77 file.managed:
Oleksandr Bryndzii0e417932018-09-14 14:39:11 +0000[diff] [blame]78 - name: {{ nova_msg.ssl.cacert_file }}
79 - contents_pillar: nova:{{ role }}:message_queue:ssl:cacert
Vasyl Saienko55f3b712018-10-03 14:31:17 +0000[diff] [blame]80 - mode: 644
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]81 - makedirs: true
82 {%- else %}
83 file.exists:
Oleksandr Bryndzii17d6fe02018-09-17 10:15:17 +0000[diff] [blame]84 - name: {{ nova_msg.ssl.get('cacert_file', nova_cacert) }}
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]85 {%- endif %}
86
Vasyl Saienko55f3b712018-10-03 14:31:17 +0000[diff] [blame]87rabbitmq_nova_{{ role }}_ssl_set_user_and_group:
88 file.managed:
89 - name: {{ nova_msg.ssl.get('cacert_file', nova_cacert) }}
90 - user: root
91 - group: nova
Oleksandr Bryndzii1d5fa542018-09-13 14:18:08 +0000[diff] [blame]92{%- endif %}