Store RabbitMQ cert/key in config dir
Storing rabbit's private key in /etc/ssl/private causes problems since that
directory (and the files within it) can only be accessed by root on Ubuntu
systems. Storing the key within the RabbitMQ configuration directory would
allow the key to be read by the 'rabbitmq' user.
The key can also be set to mode 0600 as well by moving its location and
changing it to be owned by the rabbitmq user.
Closes-bug: 1506992
Change-Id: Iede0748b57a86b33879d759505dd8f80476b574c
(cherry picked from commit 5ea3dba04e
)
This commit is contained in:
parent
72eaf7c5f2
commit
6c669034f3
|
@ -55,9 +55,9 @@ rabbitmq_plugins:
|
|||
state: enabled
|
||||
|
||||
# RabbitMQ SSL support
|
||||
rabbitmq_ssl_cert: /etc/ssl/certs/rabbitmq.pem
|
||||
rabbitmq_ssl_key: /etc/ssl/private/rabbitmq.key
|
||||
rabbitmq_ssl_ca_cert: /etc/ssl/certs/rabbitmq-ca.pem
|
||||
rabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem
|
||||
rabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key
|
||||
rabbitmq_ssl_ca_cert: /etc/rabbitmq/rabbitmq-ca.pem
|
||||
|
||||
# Set rabbitmq_ssl_self_signed_regen to true if you want to generate a new
|
||||
# SSL certificate for RabbitMQ when this playbook runs. You can also change
|
||||
|
|
|
@ -20,12 +20,12 @@
|
|||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
owner: "rabbitmq"
|
||||
group: "rabbitmq"
|
||||
mode: "{{ item.mode }}"
|
||||
with_items:
|
||||
- { src: "{{ rabbitmq_user_ssl_cert }}", dest: "{{ rabbitmq_ssl_cert }}", mode: "0644" }
|
||||
- { src: "{{ rabbitmq_user_ssl_key }}", dest: "{{ rabbitmq_ssl_key }}", mode: "0640" }
|
||||
- { src: "{{ rabbitmq_user_ssl_key }}", dest: "{{ rabbitmq_ssl_key }}", mode: "0600" }
|
||||
when: rabbitmq_user_ssl_cert is defined and rabbitmq_user_ssl_key is defined
|
||||
tags:
|
||||
- rabbitmq-configs
|
||||
|
@ -37,8 +37,8 @@
|
|||
copy:
|
||||
src: "{{ rabbitmq_user_ssl_ca_cert }}"
|
||||
dest: "{{ rabbitmq_ssl_ca_cert }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
owner: "rabbitmq"
|
||||
group: "rabbitmq"
|
||||
mode: "0644"
|
||||
when: rabbitmq_user_ssl_ca_cert is defined
|
||||
tags:
|
||||
|
|
Loading…
Reference in New Issue