From 5fbdf22a45196aa338fefad350049a61b12d658e Mon Sep 17 00:00:00 2001 From: Simon Stier Date: Wed, 11 Oct 2017 14:55:43 +0200 Subject: [PATCH] Add optional variables for SSL management-console - fallback to old variable for backwards compatibility --- manifests/config.pp | 3 +++ manifests/init.pp | 9 ++++++++- templates/rabbitmq.config.erb | 8 ++++---- templates/rabbitmqadmin.conf.erb | 6 +++--- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index d6589de0e..780a89848 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -43,6 +43,9 @@ $ssl_port = $rabbitmq::ssl_port $ssl_interface = $rabbitmq::ssl_interface $ssl_management_port = $rabbitmq::ssl_management_port + $ssl_management_cacert = $rabbitmq::ssl_management_cacert + $ssl_management_cert = $rabbitmq::ssl_management_cert + $ssl_management_key = $rabbitmq::ssl_management_key $ssl_stomp_port = $rabbitmq::ssl_stomp_port $ssl_verify = $rabbitmq::ssl_verify $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert diff --git a/manifests/init.pp b/manifests/init.pp index 227604863..05aabe5a3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -163,6 +163,10 @@ # @param ssl_key Key to use for SSL. # @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and # @param ssl_management_port SSL management port. +# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. If you want to set no +# management CA cert path, set this to false. +# @param ssl_management_cert SSL management cert. if unset set to ssl_cert for backwards compatibility. +# @param ssl_management_key SSL management key. if unset set to ssl_key for backwards compatibility. # @param ssl_port SSL port for RabbitMQ # @param ssl_reuse_sessions Reuse ssl sessions # @param ssl_secure_renegotiate Use ssl secure renegotiate @@ -243,7 +247,10 @@ $ssl_port = $rabbitmq::params::ssl_port, Optional[String] $ssl_interface = undef, Integer $ssl_management_port = $rabbitmq::params::ssl_management_port, - Integer $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port, + Variant[String, Boolean] $ssl_management_cacert= $ssl_cacert, + Optional[String] $ssl_management_cert = $ssl_cert, + Optional[String]$ssl_management_key = $ssl_key, + Integer $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port, $ssl_verify = $rabbitmq::params::ssl_verify, $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert, Optional[Array] $ssl_versions = undef, diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 4895d6b5a..c693527cd 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -109,11 +109,11 @@ <%- end -%> {port, <%= @ssl_management_port %>}, {ssl, true}, - {ssl_opts, [<%- if @ssl_cacert %> - {cacertfile, "<%= @ssl_cacert %>"}, + {ssl_opts, [<%- if @ssl_management_cacert %> + {cacertfile, "<%= @ssl_management_cacert %>"}, <%- end -%> - {certfile, "<%= @ssl_cert %>"}, - {keyfile, "<%= @ssl_key %>"} + {certfile, "<%= @ssl_management_cert %>"}, + {keyfile, "<%= @ssl_management_key %>"} <%- if @ssl_versions -%> ,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]} <%- end -%> diff --git a/templates/rabbitmqadmin.conf.erb b/templates/rabbitmqadmin.conf.erb index c7ed0a276..2665f22bc 100644 --- a/templates/rabbitmqadmin.conf.erb +++ b/templates/rabbitmqadmin.conf.erb @@ -1,9 +1,9 @@ [default] <% if @ssl && @management_ssl -%> ssl = True -ssl_ca_cert_file = <%= @ssl_cacert %> -ssl_cert_file = <%= @ssl_cert %> -ssl_key_file = <%= @ssl_key %> +ssl_ca_cert_file = <%= @ssl_management_cacert %> +ssl_cert_file = <%= @ssl_management_cert %> +ssl_key_file = <%= @ssl_management_key %> port = <%= @ssl_management_port %> <% unless @management_hostname -%> hostname = <%= @fqdn %>