Merge "Parametrize haproxy check parameters"
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index 6d756d1..444050a 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -14,6 +14,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
cron:
@@ -59,7 +60,7 @@
protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index b71198b..2dfdea9 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -11,6 +11,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
cron:
@@ -28,6 +29,7 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_aodh_ssl_ca_file}
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index aac0400..7e4c0e4 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -2,11 +2,15 @@
- service.barbican.server.cluster
- system.haproxy.proxy.listen.openstack.barbican
- system.salt.minion.cert.mysql.clients.openstack.barbican
+- system.salt.minion.cert.rabbitmq.clients.openstack.barbican
parameters:
_param:
cluster_internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
barbican:
server:
role: ${_param:openstack_node_role}
@@ -21,6 +25,15 @@
cert_file: ${_param:mysql_barbican_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_barbican_ssl_ca_file}
+ key_file: ${_param:rabbitmq_barbican_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_barbican_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
linux:
system:
package:
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index 6bed260..befad42 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -1,11 +1,15 @@
classes:
- service.barbican.server.single
- system.salt.minion.cert.mysql.clients.openstack.barbican
+- system.salt.minion.cert.rabbitmq.clients.openstack.barbican
parameters:
_param:
internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
barbican:
server:
database:
@@ -19,6 +23,15 @@
role: ${_param:openstack_node_role}
identity:
protocol: ${_param:internal_protocol}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_barbican_ssl_ca_file}
+ key_file: ${_param:rabbitmq_barbican_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_barbican_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
linux:
system:
package:
diff --git a/ceilometer/agent/cluster.yml b/ceilometer/agent/cluster.yml
index 769ff68..cadbaa9 100644
--- a/ceilometer/agent/cluster.yml
+++ b/ceilometer/agent/cluster.yml
@@ -1,6 +1,11 @@
classes:
- service.ceilometer.agent.cluster
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
agent:
region: ${_param:openstack_region}
@@ -17,6 +22,7 @@
region: ${_param:openstack_region}
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
@@ -26,6 +32,13 @@
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
ha_queues: true
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
notification:
diff --git a/ceilometer/agent/single.yml b/ceilometer/agent/single.yml
index 0b0bbc3..3803d12 100644
--- a/ceilometer/agent/single.yml
+++ b/ceilometer/agent/single.yml
@@ -1,7 +1,21 @@
classes:
- service.ceilometer.agent.single
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
agent:
identity:
protocol: ${_param:internal_protocol}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ceilometer/agent/telemetry/cluster.yml b/ceilometer/agent/telemetry/cluster.yml
index b761fd0..56ca6cc 100644
--- a/ceilometer/agent/telemetry/cluster.yml
+++ b/ceilometer/agent/telemetry/cluster.yml
@@ -1,6 +1,11 @@
classes:
- service.ceilometer.agent.cluster.common
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
agent:
region: ${_param:openstack_region}
@@ -17,6 +22,7 @@
region: ${_param:openstack_region}
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
@@ -26,6 +32,13 @@
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
ha_queues: true
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
notification:
diff --git a/ceilometer/agent/telemetry/single.yml b/ceilometer/agent/telemetry/single.yml
index 93a4c27..a5fcd51 100644
--- a/ceilometer/agent/telemetry/single.yml
+++ b/ceilometer/agent/telemetry/single.yml
@@ -1,7 +1,21 @@
classes:
- service.ceilometer.agent.single.common
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
agent:
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
diff --git a/ceilometer/server/cluster.yml b/ceilometer/server/cluster.yml
index 4a24dda..31a0abe 100644
--- a/ceilometer/server/cluster.yml
+++ b/ceilometer/server/cluster.yml
@@ -4,7 +4,12 @@
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.ceilometer
- system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
server:
enabled: true
@@ -32,11 +37,19 @@
region: ${_param:openstack_region}
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
- host: ${_param:openstack_message_queue_node03_address}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index 5f56244..37feddc 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -1,6 +1,11 @@
classes:
- service.ceilometer.server.single
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
server:
role: ${_param:openstack_node_role}
@@ -15,5 +20,14 @@
enabled: true
host: ${_param:stacklight_monitor_address}
port: 9200
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
identity:
protocol: ${_param:cluster_internal_protocol}
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index 9a361eb..a887536 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -2,7 +2,12 @@
classes:
- service.ceilometer.server.cluster.common
- system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
server:
enabled: true
@@ -28,6 +33,7 @@
region: ${_param:openstack_region}
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
@@ -36,3 +42,10 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 8dfb277..9ff35d1 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,8 +1,22 @@
classes:
- service.ceilometer.server.single.common
+- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
+ _param:
+ openstack_rabbitmq_port: 5672
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
ceilometer:
server:
role: ${_param:openstack_node_role}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 503537e..e4a0718 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -12,6 +12,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -62,6 +63,7 @@
port: 9292
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index ce01579..0d29e31 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -9,6 +9,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -35,6 +36,7 @@
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_cinder_ssl_ca_file}
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index d1634d0..b0e179a 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -8,6 +8,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
cinder:
volume:
enabled: True
@@ -23,6 +24,7 @@
glance:
host: ${_param:single_address}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
host: ${_param:single_address}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 637e45a..03c4b3c 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -9,6 +9,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -31,6 +32,7 @@
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
diff --git a/designate/server/cluster/default.yml b/designate/server/cluster/default.yml
index 112d953..8b9e1d0 100644
--- a/designate/server/cluster/default.yml
+++ b/designate/server/cluster/default.yml
@@ -4,12 +4,16 @@
- system.haproxy.proxy.listen.openstack.designate
- service.designate.server.cluster
- system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designatev
parameters:
_param:
designate_admin_api_enabled: false
cluster_internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -59,7 +63,7 @@
address: ${_param:single_address}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
@@ -67,3 +71,10 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+ key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/designate/server/cluster/simple.yml b/designate/server/cluster/simple.yml
index 06c6a33..459ab96 100644
--- a/designate/server/cluster/simple.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,12 +1,16 @@
classes:
- service.designate.server.cluster
- system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
_param:
designate_admin_api_enabled: false
cluster_internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -56,7 +60,7 @@
address: ${_param:single_address}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
@@ -64,6 +68,13 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+ key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
pools:
default:
description: 'default pool'
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 1bb51cb..e89afe1 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -1,12 +1,16 @@
classes:
- service.designate.server.single
- system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
_param:
designate_admin_api_enabled: false
internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -54,10 +58,17 @@
message_queue:
engine: rabbitmq
host: ${_param:cluster_vip_address}
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+ key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
pools:
default:
description: 'default pool'
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index 542e80e..c69cf55 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -11,6 +11,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
cron:
@@ -59,7 +60,7 @@
protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/glance/control/single.yml b/glance/control/single.yml
index d636346..a789a56 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -8,6 +8,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
cron:
@@ -37,6 +38,7 @@
protocol: ${_param:internal_protocol}
show_multiple_locations: True
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_glance_ssl_ca_file}
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 4504e89..e11feae 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -13,6 +13,7 @@
openstack_rabbitmq_x509_enabled: False
galera_ssl_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -72,7 +73,7 @@
protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 9ef10c9..1ecb122 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -8,6 +8,7 @@
openstack_rabbitmq_x509_enabled: False
galera_ssl_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -37,6 +38,7 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_heat_ssl_ca_file}
diff --git a/ironic/api/cluster.yml b/ironic/api/cluster.yml
index acf635e..849b923 100644
--- a/ironic/api/cluster.yml
+++ b/ironic/api/cluster.yml
@@ -1,10 +1,14 @@
classes:
- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
- service.ironic.api.cluster
parameters:
_param:
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -26,3 +30,12 @@
cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
\ No newline at end of file
diff --git a/ironic/api/single.yml b/ironic/api/single.yml
index 0d4ae09..3313eb2 100644
--- a/ironic/api/single.yml
+++ b/ironic/api/single.yml
@@ -1,10 +1,14 @@
classes:
- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
- service.ironic.api.single
parameters:
_param:
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -24,3 +28,12 @@
cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ironic/conductor/cluster.yml b/ironic/conductor/cluster.yml
index c97624b..81fa2b5 100644
--- a/ironic/conductor/cluster.yml
+++ b/ironic/conductor/cluster.yml
@@ -1,10 +1,14 @@
classes:
- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
- service.ironic.conductor.cluster
parameters:
_param:
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -22,3 +26,12 @@
cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/ironic/conductor/single.yml b/ironic/conductor/single.yml
index 80215a5..7a24028 100644
--- a/ironic/conductor/single.yml
+++ b/ironic/conductor/single.yml
@@ -1,10 +1,14 @@
classes:
- system.salt.minion.cert.mysql.clients.openstack.ironic
+- system.salt.minion.cert.rabbitmq.clients.openstack.ironic
- service.ironic.conductor.single
parameters:
_param:
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -23,3 +27,12 @@
cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ message_queue:
+ port: ${_param:openstack_rabbitmq_port}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+ key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 1a5f4a3..a42d3b6 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -15,6 +15,7 @@
openstack_rabbitmq_x509_enabled: False
galera_ssl_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -63,6 +64,7 @@
credential:
location: /var/lib/keystone/credential-keys
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 03cd75d..10a5331 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -17,6 +17,7 @@
openstack_rabbitmq_x509_enabled: False
galera_ssl_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -62,6 +63,7 @@
credential:
location: /var/lib/keystone/credential-keys
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
host: ${_param:single_address}
user: openstack
diff --git a/manila/common/cluster.yml b/manila/common/cluster.yml
index 5c34bd6..9ea811e 100644
--- a/manila/common/cluster.yml
+++ b/manila/common/cluster.yml
@@ -3,21 +3,32 @@
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.manila
- system.salt.minion.cert.mysql.clients.openstack.manila
+- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
_param:
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
manila_cluster_vip_address: ${_param:cluster_vip_address}
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
manila:
common:
version: ${_param:openstack_version}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
host: ${_param:openstack_message_queue_address}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_manila_ssl_ca_file}
+ key_file: ${_param:rabbitmq_manila_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_manila_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
database:
engine: mysql
host: ${_param:openstack_database_address}
diff --git a/manila/common/single.yml b/manila/common/single.yml
index f9d8c6e..f984ab7 100644
--- a/manila/common/single.yml
+++ b/manila/common/single.yml
@@ -1,20 +1,31 @@
classes:
- service.manila.common.single
- system.salt.minion.cert.mysql.clients.openstack.manila
+- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
_param:
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
manila:
common:
version: ${_param:openstack_version}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_manila_ssl_ca_file}
+ key_file: ${_param:rabbitmq_manila_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_manila_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
database:
engine: mysql
host: ${_param:single_address}
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index 4263295..92e3a2e 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -9,6 +9,7 @@
neutron_bgp_vpn_driver: bagpipe
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -28,6 +29,7 @@
backend:
tenant_network_types: ${_param:neutron_tenant_network_types}"
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index be69bf8..ceaed1d 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -13,6 +13,7 @@
openstack_rabbitmq_x509_enabled: False
galera_ssl_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -22,6 +23,7 @@
neutron:
server:
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index b261fe8..27d16e1 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -10,6 +10,7 @@
openstack_rabbitmq_x509_enabled: False
galera_ssl_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -28,6 +29,7 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_neutron_ssl_ca_file}
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 60fc4e5..03ab583 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -7,6 +7,7 @@
neutron_enable_vlan_aware_vms: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
kernel:
@@ -21,6 +22,7 @@
backend:
tenant_network_types: ${_param:neutron_tenant_network_types}"
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
members:
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 4482b52..b281f4d 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -39,6 +39,7 @@
cluster_internal_protocol: 'http'
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
openssh:
client:
enabled: True
@@ -75,7 +76,7 @@
protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 5f4f8ef..32d5087 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -39,6 +39,7 @@
cluster_internal_protocol: 'http'
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
openssh:
client:
enabled: True
@@ -75,7 +76,7 @@
message_queue:
engine: rabbitmq
host: ${_param:control_address}
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index c21bee4..3f0a644 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -18,6 +18,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -68,7 +69,7 @@
protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
- port: 5672
+ port: ${_param:openstack_rabbitmq_port}
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 689be66..2a28cc7 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -9,6 +9,7 @@
galera_ssl_enabled: False
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
+ openstack_rabbitmq_port: 5672
linux:
system:
package:
@@ -36,6 +37,7 @@
glance:
protocol: ${_param:cluster_internal_protocol}
message_queue:
+ port: ${_param:openstack_rabbitmq_port}
x509:
enabled: ${_param:openstack_rabbitmq_x509_enabled}
ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
diff --git a/openssh/server/team/drivetrain.yml b/openssh/server/team/drivetrain.yml
index a48400a..65117cd 100644
--- a/openssh/server/team/drivetrain.yml
+++ b/openssh/server/team/drivetrain.yml
@@ -1,7 +1,7 @@
classes:
+- system.openssh.server.team.members.azvyagintsev
- system.openssh.server.team.members.degorenko
- system.openssh.server.team.members.iberezovskiy
-
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/members/azvyagintsev.yml b/openssh/server/team/members/azvyagintsev.yml
new file mode 100644
index 0000000..c6c62a0
--- /dev/null
+++ b/openssh/server/team/members/azvyagintsev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ azvyagintsev:
+ enabled: true
+ name: azvyagintsev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Aleksey Zvyagintsev
+ home: /home/azvyagintsev
+ email: azvyagintsev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ azvyagintsev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGmNI+xV2sgIZX6tr5i4eQcxM4rkNoMiFbUuxtZYw5rKci9cSp9C/NC11VnJzpLG3lf11vLwTztlaM7hjdYlKoynpfDhfRhg1p5w/Pd/uoh6bO7KP/r2QuSpVsc6NGAHD2f0qxmrFX81xMG6zq0MCHXc+BGMZTKWAW7dMGsjJUnIa/wv24J25DOILoEBhclGQHx5r7R5ysqSOTdBEgN304KL8XPP+bAwDFTNJIwtfBdNt8jSv6yR2CyfB7t8pqXf93DvwaGBJfuu1r4gljj5ozCyvGExEtRTzvAC+oLq2NIfDOCC3iRWXrls3iDLZYxwm7VLcQSre4Yp6jfp+WuRI7 azvyagintsev@mirantis.com
+ user: ${linux:system:user:azvyagintsev}
diff --git a/openssh/server/team/members/mrasskazov.yml b/openssh/server/team/members/mrasskazov.yml
new file mode 100644
index 0000000..23926e8
--- /dev/null
+++ b/openssh/server/team/members/mrasskazov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ mrasskazov:
+ enabled: true
+ name: mrasskazov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Maxim Rasskazov
+ home: /home/mrasskazov
+ email: mrasskazov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ mrasskazov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCysPXCuMbUjqjtO/n0jVZK13/uMA/TI6Qsdyciih6jWJLbd6FCL/GWvkykngLHGH9lVGFYsOPRiAmlh8gXfYohCZFYuHxE88GoiycvJGRGoBDdxd/beDca6nP4Peqlg3TUUum9PefULDiv3eVHKwX4BC9mGIR6bWB41O003OxJMwEN9lLGmWqxAlAdCUwRIm9TlgTu6Fq3ZIkjSwGsZg4E+saBLnUiOjwYWSwmTiB8WTR2b19lZhXFEovdVY3/gF8Td84WT1TDXeWBAvwmAcFLRPEx/AI1Nt4AhM1toMMoq64pYbGCOYSgI7DZR/2vtxGa0IjQclLZ+M8YktyNErc9
+ user: ${linux:system:user:mrasskazov}
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index 219c2ee..b314c59 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -9,6 +9,7 @@
- system.openssh.server.team.members.gzimin
- system.openssh.server.team.members.dpyzhov
- system.openssh.server.team.members.asamoylov
+- system.openssh.server.team.members.mrasskazov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/rabbitmq/server/ssl/init.yml b/rabbitmq/server/ssl/init.yml
index 71cc1a7..961d28d 100644
--- a/rabbitmq/server/ssl/init.yml
+++ b/rabbitmq/server/ssl/init.yml
@@ -5,7 +5,7 @@
_param:
rabbitmq_ssl_enabled: true
openstack_rabbitmq_x509_enabled: false
- rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
+ openstack_rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
rabbitmq:
server:
ssl:
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
new file mode 100644
index 0000000..9fa04ef
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ rabbitmq_barbican_client_ssl_key_file: /etc/barbican/ssl/rabbitmq/client-key.pem
+ rabbitmq_barbican_client_ssl_cert_file: /etc/barbican/ssl/rabbitmq/client-cert.pem
+ rabbitmq_barbican_ssl_ca_file: /etc/barbican/ssl/rabbitmq/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ rabbitmq-barbican-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: rabbitmq-barbican-client
+ signing_policy: cert_client
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:rabbitmq_barbican_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_barbican_client_ssl_cert_file}
+ ca_file: ${_param:rabbitmq_barbican_ssl_ca_file}
+ user: barbican
+ group: barbican
+ mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
new file mode 100644
index 0000000..a2b91fd
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ rabbitmq_ceilometer_client_ssl_key_file: /etc/ceilometer/ssl/rabbitmq/client-key.pem
+ rabbitmq_ceilometer_client_ssl_cert_file: /etc/ceilometer/ssl/rabbitmq/client-cert.pem
+ rabbitmq_ceilometer_ssl_ca_file: /etc/ceilometer/ssl/rabbitmq/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ rabbitmq-ceilometer-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: rabbitmq-ceilometer-client
+ signing_policy: cert_client
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:rabbitmq_ceilometer_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ceilometer_client_ssl_cert_file}
+ ca_file: ${_param:rabbitmq_ceilometer_ssl_ca_file}
+ user: ceilometer
+ group: ceilometer
+ mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
new file mode 100644
index 0000000..f5eb631
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ rabbitmq_designate_client_ssl_key_file: /etc/designate/ssl/rabbitmq/client-key.pem
+ rabbitmq_designate_client_ssl_cert_file: /etc/designate/ssl/rabbitmq/client-cert.pem
+ rabbitmq_designate_ssl_ca_file: /etc/designate/ssl/rabbitmq/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ rabbitmq-designate-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: rabbitmq-designate-client
+ signing_policy: cert_client
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+ ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+ user: designate
+ group: designate
+ mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
new file mode 100644
index 0000000..f9b0d74
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ rabbitmq_ironic_client_ssl_key_file: /etc/ironic/ssl/rabbitmq/client-key.pem
+ rabbitmq_ironic_client_ssl_cert_file: /etc/ironic/ssl/rabbitmq/client-cert.pem
+ rabbitmq_ironic_ssl_ca_file: /etc/ironic/ssl/rabbitmq/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ rabbitmq-ironic-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: rabbitmq-ironic-client
+ signing_policy: cert_client
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:rabbitmq_ironic_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_ironic_client_ssl_cert_file}
+ ca_file: ${_param:rabbitmq_ironic_ssl_ca_file}
+ user: ironic
+ group: ironic
+ mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
new file mode 100644
index 0000000..345b697
--- /dev/null
+++ b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ rabbitmq_manila_client_ssl_key_file: /etc/manila/ssl/rabbitmq/client-key.pem
+ rabbitmq_manila_client_ssl_cert_file: /etc/manila/ssl/rabbitmq/client-cert.pem
+ rabbitmq_manila_ssl_ca_file: /etc/manila/ssl/rabbitmq/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ rabbitmq-manila-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: rabbitmq-manila-client
+ signing_policy: cert_client
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:rabbitmq_manila_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_manila_client_ssl_cert_file}
+ ca_file: ${_param:rabbitmq_manila_ssl_ca_file}
+ user: manila
+ group: manila
+ mode: 640