summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-09-06 09:05:12 +0000
committerGerrit Code Review <review@openstack.org>2017-09-06 09:05:12 +0000
commit46a34f0a6fbf73b555d70ecd828222a325763a01 (patch)
treec3733130c27c6f93eb980935b65d9655a654fe3d
parenta3f44bb6af9acc64569391dca8e85b854ae37072 (diff)
parent4d09ff3881b51938a71d69c713848cc8ae2c3f1d (diff)
Merge "Enable TLS for rabbitmq's replication traffic" into stable/pike
-rw-r--r--manifests/profile/base/rabbitmq.pp12
1 files changed, 11 insertions, 1 deletions
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index fbe5113..9f5819a 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -93,9 +93,19 @@ class tripleo::profile::base::rabbitmq (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+ $cert_option = "-ssl_dist_opt server_certfile ${tls_certfile}"
+ $key_option = "-ssl_dist_opt server_keyfile ${tls_keyfile}"
+ $secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true'
+
+ $rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${secure_renegotiate}\""
+ $environment_real = merge($environment, {
+ 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
+ 'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args
+ })
} else {
$tls_certfile = undef
$tls_keyfile = undef
+ $environment_real = $environment
}
if $inet_dist_interface {
@@ -116,7 +126,7 @@ class tripleo::profile::base::rabbitmq (
cluster_nodes => $nodes,
config_kernel_variables => $real_kernel_variables,
config_variables => $config_variables,
- environment_variables => $environment,
+ environment_variables => $environment_real,
# TLS options
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,