x/packstack
Code Issues Proposed changes
packstack/packstack/plugins/amqp_002.py
Lukas Bezdicka 1c0c36bf40 Refactor SSL setup to use CA to sign certificates 
Users can now use Packstack generated CA or provide Subordinate CA to packstack
to sign certificates used by OpenStack.

Resolves: rhbz#1163866

Change-Id: Idd89dbb7f197a194fd87576be6d95a75d059231e
2015-05-27 17:19:27 +02:00

213 lines
7.8 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Installs and configures AMQP
"""
from packstack.installer import basedefs
from packstack.installer import validators
from packstack.installer import processors
from packstack.installer import utils
from packstack.modules.common import filtered_hosts
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- AMQP Packstack Plugin Initialization --------------
PLUGIN_NAME = "AMQP"
PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue')
def initConfig(controller):
params = [
{"CMD_OPTION": "amqp-backend",
"PROMPT": "Set the AMQP service backend",
"OPTION_LIST": ["qpid", "rabbitmq"],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": "rabbitmq",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_AMQP_BACKEND",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False,
"DEPRECATES": ['CONFIG_AMQP_SERVER']},
{"CMD_OPTION": "amqp-host",
"PROMPT": "Enter the IP address of the AMQP service",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_ssh],
"DEFAULT_VALUE": utils.get_localhost_ip(),
"MASK_INPUT": False,
"LOOSE_VALIDATION": True,
"CONF_NAME": "CONFIG_AMQP_HOST",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "amqp-enable-ssl",
"PROMPT": "Enable SSL for the AMQP service?",
"OPTION_LIST": ["y", "n"],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": "n",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_AMQP_ENABLE_SSL",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "amqp-enable-auth",
"PROMPT": "Enable Authentication for the AMQP service?",
"OPTION_LIST": ["y", "n"],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": "n",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_AMQP_ENABLE_AUTH",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
]
update_params_usage(basedefs.PACKSTACK_DOC, params, sectioned=False)
group = {"GROUP_NAME": "AMQP",
"DESCRIPTION": "AMQP Config parameters",
"PRE_CONDITION": False,
"PRE_CONDITION_MATCH": True,
"POST_CONDITION": False,
"POST_CONDITION_MATCH": True}
controller.addGroup(group, params)
params = [
{"CMD_OPTION": "amqp-nss-certdb-pw",
"PROMPT": "Enter the password for NSS certificate database",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_not_empty],
"DEFAULT_VALUE": "PW_PLACEHOLDER",
"PROCESSORS": [processors.process_password],
"MASK_INPUT": True,
"LOOSE_VALIDATION": True,
"CONF_NAME": "CONFIG_AMQP_NSS_CERTDB_PW",
"USE_DEFAULT": False,
"NEED_CONFIRM": True,
"CONDITION": False},
]
update_params_usage(basedefs.PACKSTACK_DOC, params, sectioned=False)
group = {"GROUP_NAME": "AMQPSSL",
"DESCRIPTION": "AMQP Config SSL parameters",
"PRE_CONDITION": "CONFIG_AMQP_ENABLE_SSL",
"PRE_CONDITION_MATCH": "y",
"POST_CONDITION": False,
"POST_CONDITION_MATCH": True}
controller.addGroup(group, params)
params = [
{"CMD_OPTION": "amqp-auth-user",
"PROMPT": "Enter the user for amqp authentication",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_not_empty],
"DEFAULT_VALUE": "amqp_user",
"MASK_INPUT": False,
"LOOSE_VALIDATION": True,
"CONF_NAME": "CONFIG_AMQP_AUTH_USER",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "amqp-auth-password",
"PROMPT": "Enter the password for user authentication",
"OPTION_LIST": ["y", "n"],
"VALIDATORS": [validators.validate_not_empty],
"PROCESSORS": [processors.process_password],
"DEFAULT_VALUE": "PW_PLACEHOLDER",
"MASK_INPUT": True,
"LOOSE_VALIDATION": True,
"CONF_NAME": "CONFIG_AMQP_AUTH_PASSWORD",
"USE_DEFAULT": False,
"NEED_CONFIRM": True,
"CONDITION": False},
]
update_params_usage(basedefs.PACKSTACK_DOC, params, sectioned=False)
group = {"GROUP_NAME": "AMQPAUTH",
"DESCRIPTION": "AMQP Config Athentication parameters",
"PRE_CONDITION": "CONFIG_AMQP_ENABLE_AUTH",
"PRE_CONDITION_MATCH": "y",
"POST_CONDITION": False,
"POST_CONDITION_MATCH": True}
controller.addGroup(group, params)
def initSequences(controller):
amqpsteps = [
{'title': 'Adding AMQP manifest entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing AMQP", [], [], amqpsteps)
# ------------------------ step functions -------------------------
def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_SSL_ENABLED'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
amqp_host = config['CONFIG_AMQP_HOST']
service = 'AMQP'
ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
config['CONFIG_SSL_CACERT_FILE']
)
generate_ssl_cert(config, amqp_host, service, ssl_key_file,
ssl_cert_file)
else:
# Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_ENABLED'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
config['CONFIG_AMQP_AUTH_PASSWORD'] = 'guest'
config['CONFIG_AMQP_AUTH_USER'] = 'guest'
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp')
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
else:
config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']
fw_details = dict()
# All hosts should be able to talk to amqp
for host in filtered_hosts(config, exclude=False):
key = "amqp_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
View Git Blame Copy Permalink