Use SSL for rabbitmq

Avoid using the private management address for rabbitmq, which was the only service using this address, and instead use the public address with SSL for security. Change-Id: I6a00fed66dc8f3202ff31b6905011cfd95b528b8 Depends-On: I5a25a5e4aa70db66db2d9331d7f5e4ac8b785002
2016-02-08 15:09:12 -08:00 · 2016-02-08 15:09:12 -08:00 · 129aef59a4
commit 129aef59a4
parent 1c75db64a6
3 changed files with 1 additions and 7 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -1145,7 +1145,7 @@ node /.*wheel-mirror-.*\.openstack\.org/ {
 node 'controller00.hpuswest.ic.openstack.org' {
  $group = 'infracloud'
  class { '::openstack_project::server':
-    iptables_public_tcp_ports => [5000,5672,8774,9292,9696,35357], # keystone,rabbit,nova,glance,neutron,keystone
+    iptables_public_tcp_ports => [5000,5671,8774,9292,9696,35357], # keystone,rabbit,nova,glance,neutron,keystone
    sysadmins                 => hiera('sysadmins', []),
    enable_unbound            => false,
  }
@ -1166,7 +1166,6 @@ node 'controller00.hpuswest.ic.openstack.org' {
    ssl_key_file_contents            => hiera('ssl_key_file_contents'),
    ssl_cert_file_contents           => hiera('infracloud_hpuswest_ssl_cert_file_contents'),
    br_name                          => 'br-vlan25',
-    controller_management_address    => '10.10.16.146',
    controller_public_address        => $::fqdn,
  }
 }
@ -1183,7 +1182,6 @@ node /^compute\d{3}\.hpuswest\.ic\.openstack\.org$/ {
    neutron_admin_password           => hiera('neutron_admin_password'),
    ssl_cert_file_contents           => hiera('infracloud_hpuswest_ssl_cert_file_contents'),
    br_name                          => 'br-vlan25',
-    controller_management_address    => '10.10.16.146',
    controller_public_address        => 'controller00.hpuswest.ic.openstack.org',
  }
 }
--- a/modules/openstack_project/manifests/infracloud/compute.pp
+++ b/modules/openstack_project/manifests/infracloud/compute.pp
@ -4,7 +4,6 @@ class openstack_project::infracloud::compute (
  $neutron_admin_password,
  $ssl_cert_file_contents,
  $br_name,
-  $controller_management_address,
  $controller_public_address,
 ) {
  class { '::infracloud::compute':
@ -13,7 +12,6 @@ class openstack_project::infracloud::compute (
    neutron_admin_password        => $neutron_admin_password,
    ssl_cert_file_contents        => $ssl_cert_file_contents,
    br_name                       => $br_name,
-    controller_management_address => $controller_management_address,
    controller_public_address     => $controller_public_address,
  }
 }
--- a/modules/openstack_project/manifests/infracloud/controller.pp
+++ b/modules/openstack_project/manifests/infracloud/controller.pp
@ -15,7 +15,6 @@ class openstack_project::infracloud::controller (
  $ssl_key_file_contents,
  $ssl_cert_file_contents,
  $br_name,
-  $controller_management_address,
  $controller_public_address = $::fqdn,
 ) {
  class { '::infracloud::controller':
@ -35,7 +34,6 @@ class openstack_project::infracloud::controller (
    ssl_key_file_contents            => $ssl_key_file_contents,
    ssl_cert_file_contents           => $ssl_cert_file_contents,
    br_name                          => $br_name,
-    controller_management_address    => $controller_management_address,
    controller_public_address        => $controller_public_address,
  }
 }