Backout heartbeat changes

2014-05-23 09:13:05 +01:00 · 2014-05-23 09:13:05 +01:00 · ffd8c5b9a6
parent 50f760610b
commit ffd8c5b9a6
3 changed files with 31 additions and 40 deletions
--- a/hooks/rabbit_utils.py
+++ b/hooks/rabbit_utils.py
@ -280,8 +280,10 @@ def enable_ssl(ssl_key, ssl_cert, ssl_port,

    if ssl_ca:
        data["ssl_ca_file"] = ssl_ca_file
-    
-    return data
+
+    with open(RABBITMQ_CONF, 'w') as rmq_conf:
+        rmq_conf.write(render_template(
+            os.path.basename(RABBITMQ_CONF), data))


 def execute(cmd, die=False, echo=False):
--- a/hooks/rabbitmq_server_relations.py
+++ b/hooks/rabbitmq_server_relations.py
@ -475,37 +475,32 @@ def configure_rabbit_ssl():
    """
    ssl_mode, external_ca = _get_ssl_mode()

-    data = {}
    if ssl_mode == 'off':
        if os.path.exists(rabbit.RABBITMQ_CONF):
            os.remove(rabbit.RABBITMQ_CONF)
        close_port(config('ssl_port'))
        reconfigure_client_ssl()
-    else:
-        ssl_key = _convert_from_base64(config('ssl_key'))
-        ssl_cert = _convert_from_base64(config('ssl_cert'))
-        ssl_ca = _convert_from_base64(config('ssl_ca'))
-        ssl_port = config('ssl_port')
-    
-        # If external managed certs then we need all the fields.
-        if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and
-                not all((ssl_key, ssl_cert))):
-            log('If ssl_key or ssl_cert are specified both are required.',
-                level=ERROR)
-            sys.exit(1)
-    
-        if not external_ca:
-            ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert()
-    
-        data.update(rabbit.enable_ssl(ssl_key, ssl_cert, ssl_port, ssl_ca,
-                                      ssl_only=(ssl_mode == "only"),
-                                      ssl_client=False))
-        reconfigure_client_ssl(True)
-        open_port(ssl_port)
+        return
+    ssl_key = _convert_from_base64(config('ssl_key'))
+    ssl_cert = _convert_from_base64(config('ssl_cert'))
+    ssl_ca = _convert_from_base64(config('ssl_ca'))
+    ssl_port = config('ssl_port')

-    with open(rabbit.RABBITMQ_CONF, 'w') as rmq_conf:
-        rmq_conf.write(rabbit.render_template(
-            os.path.basename(rabbit.RABBITMQ_CONF), data))
+    # If external managed certs then we need all the fields.
+    if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and
+            not all((ssl_key, ssl_cert))):
+        log('If ssl_key or ssl_cert are specified both are required.',
+            level=ERROR)
+        sys.exit(1)
+
+    if not external_ca:
+        ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert()
+
+    rabbit.enable_ssl(
+        ssl_key, ssl_cert, ssl_port, ssl_ca,
+        ssl_only=(ssl_mode == "only"), ssl_client=False)
+    reconfigure_client_ssl(True)
+    open_port(ssl_port)


@hooks.hook('config-changed')
--- a/templates/rabbitmq.config
+++ b/templates/rabbitmq.config
@ -1,6 +1,5 @@
 [
-    {rabbit, [
-{% if ssl_key_file %}
+    {rabbit, [    
 {% if ssl_only %} 
        {tcp_listeners, []},
 {% else %}
@ -10,18 +9,13 @@
    	{ssl_options, [
 	        {verify, verify_peer},
 {% if ssl_client %} 
-            {fail_if_no_peer_cert, true}, 
+                {fail_if_no_peer_cert, true}, 
 {% else %}
-            {fail_if_no_peer_cert, false},
-{% endif %}
-{% if ssl_ca_file %} 
-            {cacertfile, "{{ ssl_ca_file }}"},
-{% endif %}
+                {fail_if_no_peer_cert, false},
+{% endif %}{% if ssl_ca_file %} 
+                {cacertfile, "{{ ssl_ca_file }}"}, {% endif %}
        	{certfile, "{{ ssl_cert_file }}"},
        	{keyfile, "{{ ssl_key_file }}"}
-    	]},
-{% endif %}
-        {heartbeat, 60}
+    	]}
    ]}
-].
-
+].