Skip to content

Commit

Permalink
move variable declaration, option for mgnt cacert
Browse files Browse the repository at this point in the history 
- based on discussions in #648
  • Loading branch information
Simon Stier committed Oct 18, 2017
1 parent be63c20 commit 52d6248
Show file tree
Hide file tree
Showing 5 changed files with 90 additions and 103 deletions.
167 changes: 76 additions & 91 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,81 +3,82 @@
# config and ssl.
class rabbitmq::config {

$admin_enable = $rabbitmq::admin_enable
$cluster_node_type = $rabbitmq::cluster_node_type
$cluster_nodes = $rabbitmq::cluster_nodes
$config = $rabbitmq::config
$config_cluster = $rabbitmq::config_cluster
$config_path = $rabbitmq::config_path
$config_ranch = $rabbitmq::config_ranch
$config_stomp = $rabbitmq::config_stomp
$config_shovel = $rabbitmq::config_shovel
$config_shovel_statics = $rabbitmq::config_shovel_statics
$default_user = $rabbitmq::default_user
$default_pass = $rabbitmq::default_pass
$env_config = $rabbitmq::env_config
$env_config_path = $rabbitmq::env_config_path
$erlang_cookie = $rabbitmq::erlang_cookie
$interface = $rabbitmq::interface
$management_port = $rabbitmq::management_port
$management_ssl = $rabbitmq::management_ssl
$management_hostname = $rabbitmq::management_hostname
$node_ip_address = $rabbitmq::node_ip_address
$rabbitmq_user = $rabbitmq::rabbitmq_user
$rabbitmq_group = $rabbitmq::rabbitmq_group
$rabbitmq_home = $rabbitmq::rabbitmq_home
$port = $rabbitmq::port
$tcp_keepalive = $rabbitmq::tcp_keepalive
$tcp_backlog = $rabbitmq::tcp_backlog
$tcp_sndbuf = $rabbitmq::tcp_sndbuf
$tcp_recbuf = $rabbitmq::tcp_recbuf
$heartbeat = $rabbitmq::heartbeat
$service_name = $rabbitmq::service_name
$ssl = $rabbitmq::ssl
$ssl_only = $rabbitmq::ssl_only
$ssl_cacert = $rabbitmq::ssl_cacert
$ssl_cert = $rabbitmq::ssl_cert
$ssl_key = $rabbitmq::ssl_key
$ssl_depth = $rabbitmq::ssl_depth
$ssl_cert_password = $rabbitmq::ssl_cert_password
$ssl_port = $rabbitmq::ssl_port
$ssl_interface = $rabbitmq::ssl_interface
$ssl_management_port = $rabbitmq::ssl_management_port
$ssl_management_cacert = $rabbitmq::ssl_management_cacert
$ssl_management_cert = $rabbitmq::ssl_management_cert
$ssl_management_key = $rabbitmq::ssl_management_key
$ssl_stomp_port = $rabbitmq::ssl_stomp_port
$ssl_verify = $rabbitmq::ssl_verify
$ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert
$ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate
$ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions
$ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order
$ssl_dhfile = $rabbitmq::ssl_dhfile
$ssl_versions = $rabbitmq::ssl_versions
$ssl_ciphers = $rabbitmq::ssl_ciphers
$stomp_port = $rabbitmq::stomp_port
$stomp_ssl_only = $rabbitmq::stomp_ssl_only
$ldap_auth = $rabbitmq::ldap_auth
$ldap_server = $rabbitmq::ldap_server
$ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern
$ldap_other_bind = $rabbitmq::ldap_other_bind
$ldap_use_ssl = $rabbitmq::ldap_use_ssl
$ldap_port = $rabbitmq::ldap_port
$ldap_log = $rabbitmq::ldap_log
$ldap_config_variables = $rabbitmq::ldap_config_variables
$wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change
$config_variables = $rabbitmq::config_variables
$config_kernel_variables = $rabbitmq::config_kernel_variables
$config_management_variables = $rabbitmq::config_management_variables
$config_additional_variables = $rabbitmq::config_additional_variables
$auth_backends = $rabbitmq::auth_backends
$cluster_partition_handling = $rabbitmq::cluster_partition_handling
$file_limit = $rabbitmq::file_limit
$collect_statistics_interval = $rabbitmq::collect_statistics_interval
$ipv6 = $rabbitmq::ipv6
$inetrc_config = $rabbitmq::inetrc_config
$inetrc_config_path = $rabbitmq::inetrc_config_path
$ssl_erl_dist = $rabbitmq::ssl_erl_dist
$admin_enable = $rabbitmq::admin_enable
$cluster_node_type = $rabbitmq::cluster_node_type
$cluster_nodes = $rabbitmq::cluster_nodes
$config = $rabbitmq::config
$config_cluster = $rabbitmq::config_cluster
$config_path = $rabbitmq::config_path
$config_ranch = $rabbitmq::config_ranch
$config_stomp = $rabbitmq::config_stomp
$config_shovel = $rabbitmq::config_shovel
$config_shovel_statics = $rabbitmq::config_shovel_statics
$default_user = $rabbitmq::default_user
$default_pass = $rabbitmq::default_pass
$env_config = $rabbitmq::env_config
$env_config_path = $rabbitmq::env_config_path
$erlang_cookie = $rabbitmq::erlang_cookie
$interface = $rabbitmq::interface
$management_port = $rabbitmq::management_port
$management_ssl = $rabbitmq::management_ssl
$management_hostname = $rabbitmq::management_hostname
$node_ip_address = $rabbitmq::node_ip_address
$rabbitmq_user = $rabbitmq::rabbitmq_user
$rabbitmq_group = $rabbitmq::rabbitmq_group
$rabbitmq_home = $rabbitmq::rabbitmq_home
$port = $rabbitmq::port
$tcp_keepalive = $rabbitmq::tcp_keepalive
$tcp_backlog = $rabbitmq::tcp_backlog
$tcp_sndbuf = $rabbitmq::tcp_sndbuf
$tcp_recbuf = $rabbitmq::tcp_recbuf
$heartbeat = $rabbitmq::heartbeat
$service_name = $rabbitmq::service_name
$ssl = $rabbitmq::ssl
$ssl_only = $rabbitmq::ssl_only
$ssl_cacert = $rabbitmq::ssl_cacert
$ssl_cert = $rabbitmq::ssl_cert
$ssl_key = $rabbitmq::ssl_key
$ssl_depth = $rabbitmq::ssl_depth
$ssl_cert_password = $rabbitmq::ssl_cert_password
$ssl_port = $rabbitmq::ssl_port
$ssl_interface = $rabbitmq::ssl_interface
$ssl_management_port = $rabbitmq::ssl_management_port
$ssl_management_cacert_enable = $rabbitmq::ssl_management_cacert_enable
$ssl_management_cacert = $rabbitmq::ssl_management_cacert
$ssl_management_cert = $rabbitmq::ssl_management_cert
$ssl_management_key = $rabbitmq::ssl_management_key
$ssl_stomp_port = $rabbitmq::ssl_stomp_port
$ssl_verify = $rabbitmq::ssl_verify
$ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert
$ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate
$ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions
$ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order
$ssl_dhfile = $rabbitmq::ssl_dhfile
$ssl_versions = $rabbitmq::ssl_versions
$ssl_ciphers = $rabbitmq::ssl_ciphers
$stomp_port = $rabbitmq::stomp_port
$stomp_ssl_only = $rabbitmq::stomp_ssl_only
$ldap_auth = $rabbitmq::ldap_auth
$ldap_server = $rabbitmq::ldap_server
$ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern
$ldap_other_bind = $rabbitmq::ldap_other_bind
$ldap_use_ssl = $rabbitmq::ldap_use_ssl
$ldap_port = $rabbitmq::ldap_port
$ldap_log = $rabbitmq::ldap_log
$ldap_config_variables = $rabbitmq::ldap_config_variables
$wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change
$config_variables = $rabbitmq::config_variables
$config_kernel_variables = $rabbitmq::config_kernel_variables
$config_management_variables = $rabbitmq::config_management_variables
$config_additional_variables = $rabbitmq::config_additional_variables
$auth_backends = $rabbitmq::auth_backends
$cluster_partition_handling = $rabbitmq::cluster_partition_handling
$file_limit = $rabbitmq::file_limit
$collect_statistics_interval = $rabbitmq::collect_statistics_interval
$ipv6 = $rabbitmq::ipv6
$inetrc_config = $rabbitmq::inetrc_config
$inetrc_config_path = $rabbitmq::inetrc_config_path
$ssl_erl_dist = $rabbitmq::ssl_erl_dist

if $ssl_only {
$default_ssl_env_variables = {}
Expand Down Expand Up @@ -137,22 +138,6 @@
$environment_variables = $_environment_variables
}
if ($ssl_management_cacert) {
$_ssl_management_cacert = $ssl_management_cacert
} else {
$_ssl_management_cacert = $ssl_cacert
}
if ($ssl_management_cert) {
$_ssl_management_cert = $ssl_management_cert
} else {
$_ssl_management_cert = $ssl_cert
}
if ($ssl_management_key) {
$_ssl_management_key = $ssl_management_key
} else {
$_ssl_management_key = $ssl_key
}
file { '/etc/rabbitmq':
ensure => directory,
owner => '0',
Expand Down
11 changes: 6 additions & 5 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,8 +158,8 @@
# @param ssl_key Key to use for SSL.
# @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and
# @param ssl_management_port SSL management port.
# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. If you want to set no
# management CA cert path, set this to false.
# @param ssl_management_cacert_enable If you want to set no management CA cert path, set this to false.
# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility.
# @param ssl_management_cert SSL management cert. if unset set to ssl_cert for backwards compatibility.
# @param ssl_management_key SSL management key. if unset set to ssl_key for backwards compatibility.
# @param ssl_port SSL port for RabbitMQ
Expand Down Expand Up @@ -239,9 +239,10 @@
Integer[1, 65535] $ssl_port = $rabbitmq::params::ssl_port,
Optional[String] $ssl_interface = undef,
Integer[1, 65535] $ssl_management_port = $rabbitmq::params::ssl_management_port,
Optional[Stdlib::Absolutepath] $ssl_management_cacert = undef,
Optional[Stdlib::Absolutepath] $ssl_management_cert = undef,
Optional[Stdlib::Absolutepath] $ssl_management_key = undef,
Boolean $ssl_management_cacert_enable = $rabbitmq::params::ssl_management_cacert_enable,
Optional[Stdlib::Absolutepath] $ssl_management_cacert = $ssl_cacert,
Optional[Stdlib::Absolutepath] $ssl_management_cert = $ssl_cert,
Optional[Stdlib::Absolutepath] $ssl_management_key = $ssl_key,
Integer[1, 65535] $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port,
Enum['verify_none','verify_peer'] $ssl_verify = $rabbitmq::params::ssl_verify,
Boolean $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert,
Expand Down
1 change: 1 addition & 0 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@
$ssl_erl_dist = false
$ssl_fail_if_no_peer_cert = false
$ssl_honor_cipher_order = true
$ssl_management_cacert_enable= true
$ssl_management_port = 15671
$ssl_only = false
$ssl_port = 5671
Expand Down
8 changes: 4 additions & 4 deletions templates/rabbitmq.config.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,11 @@
<%- end -%>
{port, <%= @ssl_management_port %>},
{ssl, true},
{ssl_opts, [<%- if @_ssl_management_cacert %>
{cacertfile, "<%= @_ssl_management_cacert %>"},
{ssl_opts, [<%- if @ssl_management_cacert_enable and @ssl_management_cacert %>
{cacertfile, "<%= @ssl_management_cacert %>"},
<%- end -%>
{certfile, "<%= @_ssl_management_cert %>"},
{keyfile, "<%= @_ssl_management_key %>"}
{certfile, "<%= @ssl_management_cert %>"},
{keyfile, "<%= @ssl_management_key %>"}
<%- if @ssl_versions -%>
,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}
<%- end -%>
Expand Down
6 changes: 3 additions & 3 deletions templates/rabbitmqadmin.conf.erb
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
[default]
<% if @ssl && @management_ssl -%>
ssl = True
ssl_ca_cert_file = <%= @_ssl_management_cacert %>
ssl_cert_file = <%= @_ssl_management_cert %>
ssl_key_file = <%= @_ssl_management_key %>
ssl_ca_cert_file = <%= @ssl_management_cacert %>
ssl_cert_file = <%= @ssl_management_cert %>
ssl_key_file = <%= @ssl_management_key %>
port = <%= @ssl_management_port %>
<% unless @management_hostname -%>
hostname = <%= @fqdn %>
Expand Down

0 comments on commit 52d6248

Please sign in to comment.