Implement X.509 auth between Rabbitmq and Designate
Change-Id: I87f0a51000e278ec3b66dd866e94f0bf74d66b74
Related-Prod: PROD-22758
diff --git a/designate/server/cluster/default.yml b/designate/server/cluster/default.yml
index 36da38b..8b9e1d0 100644
--- a/designate/server/cluster/default.yml
+++ b/designate/server/cluster/default.yml
@@ -4,12 +4,15 @@
- system.haproxy.proxy.listen.openstack.designate
- service.designate.server.cluster
- system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designatev
parameters:
_param:
designate_admin_api_enabled: false
cluster_internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
openstack_rabbitmq_port: 5672
linux:
system:
@@ -68,3 +71,10 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+ key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}