From 129aef59a45a21a481bac14b276e0e8e9b7f64d5 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Mon, 8 Feb 2016 15:09:12 -0800
Subject: [PATCH] Use SSL for rabbitmq
Avoid using the private management address for rabbitmq, which was the
only service using this address, and instead use the public address
with SSL for security.
Change-Id: I6a00fed66dc8f3202ff31b6905011cfd95b528b8
Depends-On: I5a25a5e4aa70db66db2d9331d7f5e4ac8b785002
---
manifests/site.pp | 4 +---
modules/openstack_project/manifests/infracloud/compute.pp | 2 --
modules/openstack_project/manifests/infracloud/controller.pp | 2 --
3 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/manifests/site.pp b/manifests/site.pp
index be004a1e14..5462a5f710 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1145,7 +1145,7 @@ node /.*wheel-mirror-.*\.openstack\.org/ {
node 'controller00.hpuswest.ic.openstack.org' {
$group = 'infracloud'
class { '::openstack_project::server':
- iptables_public_tcp_ports => [5000,5672,8774,9292,9696,35357], # keystone,rabbit,nova,glance,neutron,keystone
+ iptables_public_tcp_ports => [5000,5671,8774,9292,9696,35357], # keystone,rabbit,nova,glance,neutron,keystone
sysadmins => hiera('sysadmins', []),
enable_unbound => false,
}
@@ -1166,7 +1166,6 @@ node 'controller00.hpuswest.ic.openstack.org' {
ssl_key_file_contents => hiera('ssl_key_file_contents'),
ssl_cert_file_contents => hiera('infracloud_hpuswest_ssl_cert_file_contents'),
br_name => 'br-vlan25',
- controller_management_address => '10.10.16.146',
controller_public_address => $::fqdn,
}
}
@@ -1183,7 +1182,6 @@ node /^compute\d{3}\.hpuswest\.ic\.openstack\.org$/ {
neutron_admin_password => hiera('neutron_admin_password'),
ssl_cert_file_contents => hiera('infracloud_hpuswest_ssl_cert_file_contents'),
br_name => 'br-vlan25',
- controller_management_address => '10.10.16.146',
controller_public_address => 'controller00.hpuswest.ic.openstack.org',
}
}
diff --git a/modules/openstack_project/manifests/infracloud/compute.pp b/modules/openstack_project/manifests/infracloud/compute.pp
index 5c82f78631..03c287bd6a 100644
--- a/modules/openstack_project/manifests/infracloud/compute.pp
+++ b/modules/openstack_project/manifests/infracloud/compute.pp
@@ -4,7 +4,6 @@ class openstack_project::infracloud::compute (
$neutron_admin_password,
$ssl_cert_file_contents,
$br_name,
- $controller_management_address,
$controller_public_address,
) {
class { '::infracloud::compute':
@@ -13,7 +12,6 @@ class openstack_project::infracloud::compute (
neutron_admin_password => $neutron_admin_password,
ssl_cert_file_contents => $ssl_cert_file_contents,
br_name => $br_name,
- controller_management_address => $controller_management_address,
controller_public_address => $controller_public_address,
}
}
diff --git a/modules/openstack_project/manifests/infracloud/controller.pp b/modules/openstack_project/manifests/infracloud/controller.pp
index 9ca3e750f7..edc2dd6efb 100644
--- a/modules/openstack_project/manifests/infracloud/controller.pp
+++ b/modules/openstack_project/manifests/infracloud/controller.pp
@@ -15,7 +15,6 @@ class openstack_project::infracloud::controller (
$ssl_key_file_contents,
$ssl_cert_file_contents,
$br_name,
- $controller_management_address,
$controller_public_address = $::fqdn,
) {
class { '::infracloud::controller':
@@ -35,7 +34,6 @@ class openstack_project::infracloud::controller (
ssl_key_file_contents => $ssl_key_file_contents,
ssl_cert_file_contents => $ssl_cert_file_contents,
br_name => $br_name,
- controller_management_address => $controller_management_address,
controller_public_address => $controller_public_address,
}
}