Add optional variables for SSL management-console

- fallback to old variable for backwards compatibility
voxpupuli · Oct 13, 2017 · 5fbdf22 · 5fbdf22
1 parent 1726e62
commit 5fbdf22
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 8 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -43,6 +43,9 @@
  $ssl_port = $rabbitmq::ssl_port
  $ssl_interface = $rabbitmq::ssl_interface
  $ssl_management_port = $rabbitmq::ssl_management_port
+ $ssl_management_cacert = $rabbitmq::ssl_management_cacert
+ $ssl_management_cert = $rabbitmq::ssl_management_cert
+ $ssl_management_key = $rabbitmq::ssl_management_key
  $ssl_stomp_port = $rabbitmq::ssl_stomp_port
  $ssl_verify = $rabbitmq::ssl_verify
  $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -163,6 +163,10 @@
 # @param ssl_key Key to use for SSL.
 # @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and
 # @param ssl_management_port SSL management port.
+# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. If you want to set no
+# management CA cert path, set this to false.
+# @param ssl_management_cert SSL management cert. if unset set to ssl_cert for backwards compatibility.
+# @param ssl_management_key SSL management key. if unset set to ssl_key for backwards compatibility.
 # @param ssl_port SSL port for RabbitMQ
 # @param ssl_reuse_sessions Reuse ssl sessions
 # @param ssl_secure_renegotiate Use ssl secure renegotiate
@@ -243,7 +247,10 @@
  $ssl_port = $rabbitmq::params::ssl_port,
  Optional[String] $ssl_interface = undef,
  Integer $ssl_management_port = $rabbitmq::params::ssl_management_port,
- Integer $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port,
+ Variant[String, Boolean] $ssl_management_cacert= $ssl_cacert,
+ Optional[String] $ssl_management_cert = $ssl_cert,
+ Optional[String]$ssl_management_key = $ssl_key,
+ Integer $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port,
  $ssl_verify = $rabbitmq::params::ssl_verify,
  $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert,
  Optional[Array] $ssl_versions = undef,

diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb
@@ -109,11 +109,11 @@
  <%- end -%>
  {port, <%= @ssl_management_port %>},
  {ssl, true},
- {ssl_opts, [<%- if @ssl_cacert %>
- {cacertfile, "<%= @ssl_cacert %>"},
+ {ssl_opts, [<%- if @ssl_management_cacert %>
+ {cacertfile, "<%= @ssl_management_cacert %>"},
  <%- end -%>
- {certfile, "<%= @ssl_cert %>"},
- {keyfile, "<%= @ssl_key %>"}
+ {certfile, "<%= @ssl_management_cert %>"},
+ {keyfile, "<%= @ssl_management_key %>"}
  <%- if @ssl_versions -%>
  ,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}
  <%- end -%>

diff --git a/templates/rabbitmqadmin.conf.erb b/templates/rabbitmqadmin.conf.erb
@@ -1,9 +1,9 @@
 [default]
 <% if @ssl && @management_ssl -%>
 ssl = True
-ssl_ca_cert_file = <%= @ssl_cacert %>
-ssl_cert_file = <%= @ssl_cert %>
-ssl_key_file = <%= @ssl_key %>
+ssl_ca_cert_file = <%= @ssl_management_cacert %>
+ssl_cert_file = <%= @ssl_management_cert %>
+ssl_key_file = <%= @ssl_management_key %>
 port = <%= @ssl_management_port %>
 <% unless @management_hostname -%>
 hostname = <%= @fqdn %>