diff --git a/manifests/config.pp b/manifests/config.pp index 275a25bae..9b7520a29 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -3,81 +3,82 @@ # config and ssl. class rabbitmq::config { - $admin_enable = $rabbitmq::admin_enable - $cluster_node_type = $rabbitmq::cluster_node_type - $cluster_nodes = $rabbitmq::cluster_nodes - $config = $rabbitmq::config - $config_cluster = $rabbitmq::config_cluster - $config_path = $rabbitmq::config_path - $config_ranch = $rabbitmq::config_ranch - $config_stomp = $rabbitmq::config_stomp - $config_shovel = $rabbitmq::config_shovel - $config_shovel_statics = $rabbitmq::config_shovel_statics - $default_user = $rabbitmq::default_user - $default_pass = $rabbitmq::default_pass - $env_config = $rabbitmq::env_config - $env_config_path = $rabbitmq::env_config_path - $erlang_cookie = $rabbitmq::erlang_cookie - $interface = $rabbitmq::interface - $management_port = $rabbitmq::management_port - $management_ssl = $rabbitmq::management_ssl - $management_hostname = $rabbitmq::management_hostname - $node_ip_address = $rabbitmq::node_ip_address - $rabbitmq_user = $rabbitmq::rabbitmq_user - $rabbitmq_group = $rabbitmq::rabbitmq_group - $rabbitmq_home = $rabbitmq::rabbitmq_home - $port = $rabbitmq::port - $tcp_keepalive = $rabbitmq::tcp_keepalive - $tcp_backlog = $rabbitmq::tcp_backlog - $tcp_sndbuf = $rabbitmq::tcp_sndbuf - $tcp_recbuf = $rabbitmq::tcp_recbuf - $heartbeat = $rabbitmq::heartbeat - $service_name = $rabbitmq::service_name - $ssl = $rabbitmq::ssl - $ssl_only = $rabbitmq::ssl_only - $ssl_cacert = $rabbitmq::ssl_cacert - $ssl_cert = $rabbitmq::ssl_cert - $ssl_key = $rabbitmq::ssl_key - $ssl_depth = $rabbitmq::ssl_depth - $ssl_cert_password = $rabbitmq::ssl_cert_password - $ssl_port = $rabbitmq::ssl_port - $ssl_interface = $rabbitmq::ssl_interface - $ssl_management_port = $rabbitmq::ssl_management_port - $ssl_management_cacert = $rabbitmq::ssl_management_cacert - $ssl_management_cert = $rabbitmq::ssl_management_cert - $ssl_management_key = $rabbitmq::ssl_management_key - $ssl_stomp_port = $rabbitmq::ssl_stomp_port - $ssl_verify = $rabbitmq::ssl_verify - $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert - $ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate - $ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions - $ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order - $ssl_dhfile = $rabbitmq::ssl_dhfile - $ssl_versions = $rabbitmq::ssl_versions - $ssl_ciphers = $rabbitmq::ssl_ciphers - $stomp_port = $rabbitmq::stomp_port - $stomp_ssl_only = $rabbitmq::stomp_ssl_only - $ldap_auth = $rabbitmq::ldap_auth - $ldap_server = $rabbitmq::ldap_server - $ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern - $ldap_other_bind = $rabbitmq::ldap_other_bind - $ldap_use_ssl = $rabbitmq::ldap_use_ssl - $ldap_port = $rabbitmq::ldap_port - $ldap_log = $rabbitmq::ldap_log - $ldap_config_variables = $rabbitmq::ldap_config_variables - $wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change - $config_variables = $rabbitmq::config_variables - $config_kernel_variables = $rabbitmq::config_kernel_variables - $config_management_variables = $rabbitmq::config_management_variables - $config_additional_variables = $rabbitmq::config_additional_variables - $auth_backends = $rabbitmq::auth_backends - $cluster_partition_handling = $rabbitmq::cluster_partition_handling - $file_limit = $rabbitmq::file_limit - $collect_statistics_interval = $rabbitmq::collect_statistics_interval - $ipv6 = $rabbitmq::ipv6 - $inetrc_config = $rabbitmq::inetrc_config - $inetrc_config_path = $rabbitmq::inetrc_config_path - $ssl_erl_dist = $rabbitmq::ssl_erl_dist + $admin_enable = $rabbitmq::admin_enable + $cluster_node_type = $rabbitmq::cluster_node_type + $cluster_nodes = $rabbitmq::cluster_nodes + $config = $rabbitmq::config + $config_cluster = $rabbitmq::config_cluster + $config_path = $rabbitmq::config_path + $config_ranch = $rabbitmq::config_ranch + $config_stomp = $rabbitmq::config_stomp + $config_shovel = $rabbitmq::config_shovel + $config_shovel_statics = $rabbitmq::config_shovel_statics + $default_user = $rabbitmq::default_user + $default_pass = $rabbitmq::default_pass + $env_config = $rabbitmq::env_config + $env_config_path = $rabbitmq::env_config_path + $erlang_cookie = $rabbitmq::erlang_cookie + $interface = $rabbitmq::interface + $management_port = $rabbitmq::management_port + $management_ssl = $rabbitmq::management_ssl + $management_hostname = $rabbitmq::management_hostname + $node_ip_address = $rabbitmq::node_ip_address + $rabbitmq_user = $rabbitmq::rabbitmq_user + $rabbitmq_group = $rabbitmq::rabbitmq_group + $rabbitmq_home = $rabbitmq::rabbitmq_home + $port = $rabbitmq::port + $tcp_keepalive = $rabbitmq::tcp_keepalive + $tcp_backlog = $rabbitmq::tcp_backlog + $tcp_sndbuf = $rabbitmq::tcp_sndbuf + $tcp_recbuf = $rabbitmq::tcp_recbuf + $heartbeat = $rabbitmq::heartbeat + $service_name = $rabbitmq::service_name + $ssl = $rabbitmq::ssl + $ssl_only = $rabbitmq::ssl_only + $ssl_cacert = $rabbitmq::ssl_cacert + $ssl_cert = $rabbitmq::ssl_cert + $ssl_key = $rabbitmq::ssl_key + $ssl_depth = $rabbitmq::ssl_depth + $ssl_cert_password = $rabbitmq::ssl_cert_password + $ssl_port = $rabbitmq::ssl_port + $ssl_interface = $rabbitmq::ssl_interface + $ssl_management_port = $rabbitmq::ssl_management_port + $ssl_management_cacert_enable = $rabbitmq::ssl_management_cacert_enable + $ssl_management_cacert = $rabbitmq::ssl_management_cacert + $ssl_management_cert = $rabbitmq::ssl_management_cert + $ssl_management_key = $rabbitmq::ssl_management_key + $ssl_stomp_port = $rabbitmq::ssl_stomp_port + $ssl_verify = $rabbitmq::ssl_verify + $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert + $ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate + $ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions + $ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order + $ssl_dhfile = $rabbitmq::ssl_dhfile + $ssl_versions = $rabbitmq::ssl_versions + $ssl_ciphers = $rabbitmq::ssl_ciphers + $stomp_port = $rabbitmq::stomp_port + $stomp_ssl_only = $rabbitmq::stomp_ssl_only + $ldap_auth = $rabbitmq::ldap_auth + $ldap_server = $rabbitmq::ldap_server + $ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern + $ldap_other_bind = $rabbitmq::ldap_other_bind + $ldap_use_ssl = $rabbitmq::ldap_use_ssl + $ldap_port = $rabbitmq::ldap_port + $ldap_log = $rabbitmq::ldap_log + $ldap_config_variables = $rabbitmq::ldap_config_variables + $wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change + $config_variables = $rabbitmq::config_variables + $config_kernel_variables = $rabbitmq::config_kernel_variables + $config_management_variables = $rabbitmq::config_management_variables + $config_additional_variables = $rabbitmq::config_additional_variables + $auth_backends = $rabbitmq::auth_backends + $cluster_partition_handling = $rabbitmq::cluster_partition_handling + $file_limit = $rabbitmq::file_limit + $collect_statistics_interval = $rabbitmq::collect_statistics_interval + $ipv6 = $rabbitmq::ipv6 + $inetrc_config = $rabbitmq::inetrc_config + $inetrc_config_path = $rabbitmq::inetrc_config_path + $ssl_erl_dist = $rabbitmq::ssl_erl_dist if $ssl_only { $default_ssl_env_variables = {} @@ -137,22 +138,6 @@ $environment_variables = $_environment_variables } - if ($ssl_management_cacert) { - $_ssl_management_cacert = $ssl_management_cacert - } else { - $_ssl_management_cacert = $ssl_cacert - } - if ($ssl_management_cert) { - $_ssl_management_cert = $ssl_management_cert - } else { - $_ssl_management_cert = $ssl_cert - } - if ($ssl_management_key) { - $_ssl_management_key = $ssl_management_key - } else { - $_ssl_management_key = $ssl_key - } - file { '/etc/rabbitmq': ensure => directory, owner => '0', diff --git a/manifests/init.pp b/manifests/init.pp index 365f61c5b..0f5b31c34 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -158,8 +158,8 @@ # @param ssl_key Key to use for SSL. # @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and # @param ssl_management_port SSL management port. -# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. If you want to set no -# management CA cert path, set this to false. +# @param ssl_management_cacert_enable If you want to set no management CA cert path, set this to false. +# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. # @param ssl_management_cert SSL management cert. if unset set to ssl_cert for backwards compatibility. # @param ssl_management_key SSL management key. if unset set to ssl_key for backwards compatibility. # @param ssl_port SSL port for RabbitMQ @@ -239,9 +239,10 @@ Integer[1, 65535] $ssl_port = $rabbitmq::params::ssl_port, Optional[String] $ssl_interface = undef, Integer[1, 65535] $ssl_management_port = $rabbitmq::params::ssl_management_port, - Optional[Stdlib::Absolutepath] $ssl_management_cacert = undef, - Optional[Stdlib::Absolutepath] $ssl_management_cert = undef, - Optional[Stdlib::Absolutepath] $ssl_management_key = undef, + Boolean $ssl_management_cacert_enable = $rabbitmq::params::ssl_management_cacert_enable, + Optional[Stdlib::Absolutepath] $ssl_management_cacert = $ssl_cacert, + Optional[Stdlib::Absolutepath] $ssl_management_cert = $ssl_cert, + Optional[Stdlib::Absolutepath] $ssl_management_key = $ssl_key, Integer[1, 65535] $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port, Enum['verify_none','verify_peer'] $ssl_verify = $rabbitmq::params::ssl_verify, Boolean $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert, diff --git a/manifests/params.pp b/manifests/params.pp index 717a4b858..8cad7795d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -106,6 +106,7 @@ $ssl_erl_dist = false $ssl_fail_if_no_peer_cert = false $ssl_honor_cipher_order = true + $ssl_management_cacert_enable= true $ssl_management_port = 15671 $ssl_only = false $ssl_port = 5671 diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 3a86ea643..9ebc754f8 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -109,11 +109,11 @@ <%- end -%> {port, <%= @ssl_management_port %>}, {ssl, true}, - {ssl_opts, [<%- if @_ssl_management_cacert %> - {cacertfile, "<%= @_ssl_management_cacert %>"}, + {ssl_opts, [<%- if @ssl_management_cacert_enable and @ssl_management_cacert %> + {cacertfile, "<%= @ssl_management_cacert %>"}, <%- end -%> - {certfile, "<%= @_ssl_management_cert %>"}, - {keyfile, "<%= @_ssl_management_key %>"} + {certfile, "<%= @ssl_management_cert %>"}, + {keyfile, "<%= @ssl_management_key %>"} <%- if @ssl_versions -%> ,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]} <%- end -%> diff --git a/templates/rabbitmqadmin.conf.erb b/templates/rabbitmqadmin.conf.erb index 5bafbc183..2665f22bc 100644 --- a/templates/rabbitmqadmin.conf.erb +++ b/templates/rabbitmqadmin.conf.erb @@ -1,9 +1,9 @@ [default] <% if @ssl && @management_ssl -%> ssl = True -ssl_ca_cert_file = <%= @_ssl_management_cacert %> -ssl_cert_file = <%= @_ssl_management_cert %> -ssl_key_file = <%= @_ssl_management_key %> +ssl_ca_cert_file = <%= @ssl_management_cacert %> +ssl_cert_file = <%= @ssl_management_cert %> +ssl_key_file = <%= @ssl_management_key %> port = <%= @ssl_management_port %> <% unless @management_hostname -%> hostname = <%= @fqdn %>