Get rid of the global SSL switch

Change-Id: I5a61a0cdee17470ed8e505ac5c6f0c202dadd980
This commit is contained in:
Proskurin Kirill 2017-02-14 11:05:00 +00:00
parent f5d5b62c5d
commit e3a06d2dd1
3 changed files with 6 additions and 6 deletions

View File

@ -1,7 +1,7 @@
NODENAME=rabbit@{{ network_topology["private"]["address"] }}
USE_LONGNAME=true
LOG_BASE=/var/log/ccp/rabbitmq
{% if security.tls.enabled %}
{% if rabbitmq.tls.enabled or etcd.tls.enabled %}
ERL_SSL_PATH=`erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell`
SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile /opt/ccp/etc/tls/rabbitmq.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile /opt/ccp/etc/tls/ca.pem"
CTL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS"

View File

@ -1,7 +1,7 @@
[
{rabbit, [
{dummy_param_without_comma, true}
{% if security.tls.enabled and rabbitmq.tls.enabled %}
{% if rabbitmq.tls.enabled %}
,{tcp_listeners, [] }
,{ssl_listeners, [
{"0.0.0.0", {{ rabbitmq.port.cont }} }
@ -16,7 +16,7 @@
,{loopback_users, []}
,{cluster_partition_handling, pause_minority}
,{queue_master_locator, <<"random">>}
{% if security.tls.enabled and rabbitmq.tls.enabled %}
{% if rabbitmq.tls.enabled %}
,{ssl_options, [{cacertfile,"/opt/ccp/etc/tls/ca.pem"},
{certfile,"/opt/ccp/etc/tls/rabbitmq_certificate.pem"},
{keyfile,"/opt/ccp/etc/tls/rabbitmq_server_key.pem"},
@ -32,7 +32,7 @@
,{cluster_cleanup, true}
,{cleanup_warn_only, false}
,{etcd_ttl, 15}
{% if security.tls.enabled and etcd.tls.enabled %}
{% if etcd.tls.enabled %}
,{etcd_scheme, https}
{% else %}
,{etcd_scheme, http}

View File

@ -32,7 +32,7 @@ service:
- rabbitmq-readiness
- rabbitmq-liveness
- rabbitmq-check-helpers
# {% if security.tls.enabled %}
# {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
- server_certificate
- server_key
- ca_certificate
@ -67,7 +67,7 @@ files:
path: /opt/ccp/bin/rabbitmq-check-helpers.sh
content: rabbitmq-check-helpers.sh.j2
perm: "644"
# {% if security.tls.enabled %}
# {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
server_certificate:
path: /opt/ccp/etc/tls/rabbitmq_certificate.pem
content: server.pem.j2