Add support for TLS to Murano

Registered by Felipe Monteiro on 2017-02-06

According to http://docs.openstack.org/security-guide/secure-communication/tls-proxies-and-http-services.html, "It is highly recommended that all ... requests, both internal and external, operate over TLS." Currently, murano-agent and murano-engine do not support TLS. Support for the 'kombo_ssl_version' in rabbit_mq needs to be added; see here: https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/_drivers/impl_rabbit.py#L57

The rabbit_mq flag needs to be added to/supported in murano-agent in the following places:
https://github.com/openstack/murano-agent/blob/master/muranoagent/common/config.py#L39
https://github.com/openstack/murano-agent/blob/master/muranoagent/common/messaging/mqclient.py#L38
https://github.com/openstack/murano-agent/blob/master/muranoagent/app.py#L112

The rabbit_mq flag needs to be added to/supported in murano-engine in the following places:
https://github.com/openstack/murano/blob/master/murano/common/config.py#L36
https://github.com/openstack/murano/blob/master/murano/common/messaging/mqclient.py#L26
https://github.com/openstack/murano/blob/master/murano/engine/system/common.py#L23

MuranoPL template changes are also needed:
https://github.com/openstack/murano/blob/kilo-eol/meta/io.murano/Classes/resources/LinuxMuranoInstance.yaml#L12
https://github.com/openstack/murano/blob/kilo-eol/meta/io.murano/Resources/Agent-v2.template

Additional testing/investigation is required to see if changes above are sufficient or whether additional changes are needed.

Blueprint information

Status:
Not started
Approver:
Serg Melikyan
Priority:
High
Drafter:
Felipe Monteiro
Direction:
Approved
Assignee:
Felipe Monteiro
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/add-tls-support,n,z

Addressed by: https://review.openstack.org/435077
    [WIP] Adds TLS/SSL Version Support to Murano Agent.

Addressed by: https://review.openstack.org/435596
    [WIP] Adds TLS/SSL Version Support to Murano Engine.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.