diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-09-06 09:05:12 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-09-06 09:05:12 +0000 |
| commit | 46a34f0a6fbf73b555d70ecd828222a325763a01 (patch) | |
| tree | c3733130c27c6f93eb980935b65d9655a654fe3d | |
| parent | a3f44bb6af9acc64569391dca8e85b854ae37072 (diff) | |
| parent | 4d09ff3881b51938a71d69c713848cc8ae2c3f1d (diff) | |
Merge "Enable TLS for rabbitmq's replication traffic" into stable/pike
| -rw-r--r-- | manifests/profile/base/rabbitmq.pp | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index fbe5113..9f5819a 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -93,9 +93,19 @@ class tripleo::profile::base::rabbitmq ( if $enable_internal_tls { $tls_certfile = $certificate_specs['service_certificate'] $tls_keyfile = $certificate_specs['service_key'] + $cert_option = "-ssl_dist_opt server_certfile ${tls_certfile}" + $key_option = "-ssl_dist_opt server_keyfile ${tls_keyfile}" + $secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true' + + $rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${secure_renegotiate}\"" + $environment_real = merge($environment, { + 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args, + 'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args + }) } else { $tls_certfile = undef $tls_keyfile = undef + $environment_real = $environment } if $inet_dist_interface { @@ -116,7 +126,7 @@ class tripleo::profile::base::rabbitmq ( cluster_nodes => $nodes, config_kernel_variables => $real_kernel_variables, config_variables => $config_variables, - environment_variables => $environment, + environment_variables => $environment_real, # TLS options ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, |