Add metadata for X.509 auth between Aodh and RMQ
Related-Prod: PROD-22754
Change-Id: I5ffcd41515bc3b0354031e74cf09817d2f7c8c66
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index db6b39b..2098ec1 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -4,6 +4,7 @@
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.aodh
- system.keepalived.cluster.instance.openstack_telemetry_vip
+- system.salt.minion.cert.rabbitmq.clients.openstack.aodh
parameters:
_param:
openstack_event_alarm_topic: alarm.all
@@ -11,6 +12,8 @@
aodh_alarm_history_ttl: 2592000
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
linux:
system:
cron:
@@ -63,6 +66,13 @@
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
- host: ${_param:openstack_message_queue_node03_address}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_aodh_ssl_ca_file}
+ key_file: ${_param:rabbitmq_aodh_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_aodh_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
# Check for expired alarm history every day at 2 AM
expirer:
cron: