Implement X.509 auth between Rabbitmq and Designate
Change-Id: I87f0a51000e278ec3b66dd866e94f0bf74d66b74
Related-Prod: PROD-22758
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 11bd1d1..e89afe1 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -1,12 +1,15 @@
classes:
- service.designate.server.single
- system.salt.minion.cert.mysql.clients.openstack.designate
+- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
_param:
designate_admin_api_enabled: false
internal_protocol: 'http'
openstack_mysql_x509_enabled: False
galera_ssl_enabled: False
+ openstack_rabbitmq_x509_enabled: False
+ rabbitmq_ssl_enabled: False
openstack_rabbitmq_port: 5672
linux:
system:
@@ -59,6 +62,13 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
+ ca_file: ${_param:rabbitmq_designate_ssl_ca_file}
+ key_file: ${_param:rabbitmq_designate_client_ssl_key_file}
+ cert_file: ${_param:rabbitmq_designate_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
pools:
default:
description: 'default pool'