summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorProskurin Kirill <kproskurin@mirantis.com>2017-02-14 11:05:00 +0000
committerProskurin Kirill <kproskurin@mirantis.com>2017-02-14 11:05:27 +0000
commite3a06d2dd140456cd73cd2d696b21c90e8fca43a (patch)
treeb6f461860d691aa3e34026842439e40d90c6c846
parentf5d5b62c5d87aa39c4cd9097af591f5fc1d9e90a (diff)
Get rid of the global SSL switch
Notes
Notes (review): Code-Review+1: Sergey Kraynev <skraynev@mirantis.com> Code-Review+2: Sergey Reshetnyak <sreshetniak@mirantis.com> Verified+1: Mirantis CCP CI <mirantis-fuel-ccp-ci@mirantis.com> Code-Review+2: Andrey Pavlov <apavlov@mirantis.com> Workflow+1: Andrey Pavlov <apavlov@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 14 Feb 2017 18:05:36 +0000 Reviewed-on: https://review.openstack.org/433593 Project: openstack/fuel-ccp-rabbitmq Branch: refs/heads/master
-rw-r--r--service/files/rabbitmq-env.conf.j22
-rw-r--r--service/files/rabbitmq.config.j26
-rw-r--r--service/rabbitmq.yaml4
3 files changed, 6 insertions, 6 deletions
diff --git a/service/files/rabbitmq-env.conf.j2 b/service/files/rabbitmq-env.conf.j2
index 1779740..ee8ccc9 100644
--- a/service/files/rabbitmq-env.conf.j2
+++ b/service/files/rabbitmq-env.conf.j2
@@ -1,7 +1,7 @@
1NODENAME=rabbit@{{ network_topology["private"]["address"] }} 1NODENAME=rabbit@{{ network_topology["private"]["address"] }}
2USE_LONGNAME=true 2USE_LONGNAME=true
3LOG_BASE=/var/log/ccp/rabbitmq 3LOG_BASE=/var/log/ccp/rabbitmq
4{% if security.tls.enabled %} 4{% if rabbitmq.tls.enabled or etcd.tls.enabled %}
5ERL_SSL_PATH=`erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell` 5ERL_SSL_PATH=`erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell`
6SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile /opt/ccp/etc/tls/rabbitmq.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile /opt/ccp/etc/tls/ca.pem" 6SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile /opt/ccp/etc/tls/rabbitmq.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile /opt/ccp/etc/tls/ca.pem"
7CTL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS" 7CTL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS"
diff --git a/service/files/rabbitmq.config.j2 b/service/files/rabbitmq.config.j2
index 160f8b6..2de0d39 100644
--- a/service/files/rabbitmq.config.j2
+++ b/service/files/rabbitmq.config.j2
@@ -1,7 +1,7 @@
1[ 1[
2 {rabbit, [ 2 {rabbit, [
3 {dummy_param_without_comma, true} 3 {dummy_param_without_comma, true}
4 {% if security.tls.enabled and rabbitmq.tls.enabled %} 4 {% if rabbitmq.tls.enabled %}
5 ,{tcp_listeners, [] } 5 ,{tcp_listeners, [] }
6 ,{ssl_listeners, [ 6 ,{ssl_listeners, [
7 {"0.0.0.0", {{ rabbitmq.port.cont }} } 7 {"0.0.0.0", {{ rabbitmq.port.cont }} }
@@ -16,7 +16,7 @@
16 ,{loopback_users, []} 16 ,{loopback_users, []}
17 ,{cluster_partition_handling, pause_minority} 17 ,{cluster_partition_handling, pause_minority}
18 ,{queue_master_locator, <<"random">>} 18 ,{queue_master_locator, <<"random">>}
19 {% if security.tls.enabled and rabbitmq.tls.enabled %} 19 {% if rabbitmq.tls.enabled %}
20 ,{ssl_options, [{cacertfile,"/opt/ccp/etc/tls/ca.pem"}, 20 ,{ssl_options, [{cacertfile,"/opt/ccp/etc/tls/ca.pem"},
21 {certfile,"/opt/ccp/etc/tls/rabbitmq_certificate.pem"}, 21 {certfile,"/opt/ccp/etc/tls/rabbitmq_certificate.pem"},
22 {keyfile,"/opt/ccp/etc/tls/rabbitmq_server_key.pem"}, 22 {keyfile,"/opt/ccp/etc/tls/rabbitmq_server_key.pem"},
@@ -32,7 +32,7 @@
32 ,{cluster_cleanup, true} 32 ,{cluster_cleanup, true}
33 ,{cleanup_warn_only, false} 33 ,{cleanup_warn_only, false}
34 ,{etcd_ttl, 15} 34 ,{etcd_ttl, 15}
35 {% if security.tls.enabled and etcd.tls.enabled %} 35 {% if etcd.tls.enabled %}
36 ,{etcd_scheme, https} 36 ,{etcd_scheme, https}
37 {% else %} 37 {% else %}
38 ,{etcd_scheme, http} 38 ,{etcd_scheme, http}
diff --git a/service/rabbitmq.yaml b/service/rabbitmq.yaml
index 52c5117..c5598ac 100644
--- a/service/rabbitmq.yaml
+++ b/service/rabbitmq.yaml
@@ -32,7 +32,7 @@ service:
32 - rabbitmq-readiness 32 - rabbitmq-readiness
33 - rabbitmq-liveness 33 - rabbitmq-liveness
34 - rabbitmq-check-helpers 34 - rabbitmq-check-helpers
35 # {% if security.tls.enabled %} 35 # {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
36 - server_certificate 36 - server_certificate
37 - server_key 37 - server_key
38 - ca_certificate 38 - ca_certificate
@@ -67,7 +67,7 @@ files:
67 path: /opt/ccp/bin/rabbitmq-check-helpers.sh 67 path: /opt/ccp/bin/rabbitmq-check-helpers.sh
68 content: rabbitmq-check-helpers.sh.j2 68 content: rabbitmq-check-helpers.sh.j2
69 perm: "644" 69 perm: "644"
70# {% if security.tls.enabled %} 70# {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
71 server_certificate: 71 server_certificate:
72 path: /opt/ccp/etc/tls/rabbitmq_certificate.pem 72 path: /opt/ccp/etc/tls/rabbitmq_certificate.pem
73 content: server.pem.j2 73 content: server.pem.j2