commit 0f932dbdcbb8377f4ffc60d04546257a3f821af1
author Oleksandr Shyshko <oshyshko@mirantis.com> Fri Sep 21 17:24:27 2018 +0300
committer Oleksandr <oshyshko@mirantis.com> Fri Sep 21 21:16:19 2018 +0300
tree 1cf1d85685d8cb5193ec82a390715ca84c73afb9
parent eab0fe5e810c89b202a69b574870ace17a60b57f

Implement X.509 auth to Rabbitmq

Related-Prod: PROD-22758

Change-Id: Ie7d7dcd2bfab322ed3086c2f644be59dea4096a1

oslo_templates/files/queens/oslo/messaging/_rabbit.conf

diff --git a/oslo_templates/files/queens/oslo/messaging/_rabbit.conf b/oslo_templates/files/queens/oslo/messaging/_rabbit.conf
index cc7aa9d..9924709 100644
--- a/oslo_templates/files/queens/oslo/messaging/_rabbit.conf
+++ b/oslo_templates/files/queens/oslo/messaging/_rabbit.conf
@@ -22,11 +22,16 @@
 # available on some distributions. (string value)
 # Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
 #ssl_version =
-{%- if _data.ssl.version is defined %}
+  {%- if _data.ssl.version is defined %}
 ssl_version = {{ _data.ssl.version }}
-{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+  {%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
 ssl_version = TLSv1_2
-{%- endif %}
+  {%- endif %}
+  {%- if _data.get('x509',{}).get('enabled', False) %}
+kombu_ssl_ca_certs = {{ _data.x509.ca_file}}
+kombu_ssl_keyfile = {{ _data.x509.key_file}}
+kombu_ssl_certfile = {{ _data.x509.cert_file}}
+  {%- else %}
 
 
 # SSL key file (valid only if SSL enabled). (string value)
@@ -42,6 +47,7 @@
 # Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
 #ssl_ca_file =
 ssl_ca_certs = {{ _data.ssl.cacert_file }}
+  {%- endif %}
 {%- endif %}