From 50f760610b3a73738e3ebd2bc77e4618324d2b09 Mon Sep 17 00:00:00 2001 From: James Page Date: Wed, 21 May 2014 17:12:49 +0100 Subject: [PATCH] Tune heartbeat --- hooks/rabbit_utils.py | 6 ++-- hooks/rabbitmq_server_relations.py | 45 +++++++++++++++++------------- templates/rabbitmq.config | 20 ++++++++----- 3 files changed, 40 insertions(+), 31 deletions(-) diff --git a/hooks/rabbit_utils.py b/hooks/rabbit_utils.py index cd5008b9..d71edd31 100644 --- a/hooks/rabbit_utils.py +++ b/hooks/rabbit_utils.py @@ -280,10 +280,8 @@ def enable_ssl(ssl_key, ssl_cert, ssl_port, if ssl_ca: data["ssl_ca_file"] = ssl_ca_file - - with open(RABBITMQ_CONF, 'w') as rmq_conf: - rmq_conf.write(render_template( - os.path.basename(RABBITMQ_CONF), data)) + + return data def execute(cmd, die=False, echo=False): diff --git a/hooks/rabbitmq_server_relations.py b/hooks/rabbitmq_server_relations.py index eb329ba5..9297548c 100755 --- a/hooks/rabbitmq_server_relations.py +++ b/hooks/rabbitmq_server_relations.py @@ -475,32 +475,37 @@ def configure_rabbit_ssl(): """ ssl_mode, external_ca = _get_ssl_mode() + data = {} if ssl_mode == 'off': if os.path.exists(rabbit.RABBITMQ_CONF): os.remove(rabbit.RABBITMQ_CONF) close_port(config('ssl_port')) reconfigure_client_ssl() - return - ssl_key = _convert_from_base64(config('ssl_key')) - ssl_cert = _convert_from_base64(config('ssl_cert')) - ssl_ca = _convert_from_base64(config('ssl_ca')) - ssl_port = config('ssl_port') + else: + ssl_key = _convert_from_base64(config('ssl_key')) + ssl_cert = _convert_from_base64(config('ssl_cert')) + ssl_ca = _convert_from_base64(config('ssl_ca')) + ssl_port = config('ssl_port') + + # If external managed certs then we need all the fields. + if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and + not all((ssl_key, ssl_cert))): + log('If ssl_key or ssl_cert are specified both are required.', + level=ERROR) + sys.exit(1) + + if not external_ca: + ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() + + data.update(rabbit.enable_ssl(ssl_key, ssl_cert, ssl_port, ssl_ca, + ssl_only=(ssl_mode == "only"), + ssl_client=False)) + reconfigure_client_ssl(True) + open_port(ssl_port) - # If external managed certs then we need all the fields. - if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and - not all((ssl_key, ssl_cert))): - log('If ssl_key or ssl_cert are specified both are required.', - level=ERROR) - sys.exit(1) - - if not external_ca: - ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() - - rabbit.enable_ssl( - ssl_key, ssl_cert, ssl_port, ssl_ca, - ssl_only=(ssl_mode == "only"), ssl_client=False) - reconfigure_client_ssl(True) - open_port(ssl_port) + with open(rabbit.RABBITMQ_CONF, 'w') as rmq_conf: + rmq_conf.write(rabbit.render_template( + os.path.basename(rabbit.RABBITMQ_CONF), data)) @hooks.hook('config-changed') diff --git a/templates/rabbitmq.config b/templates/rabbitmq.config index 7246ee94..b74d4393 100644 --- a/templates/rabbitmq.config +++ b/templates/rabbitmq.config @@ -1,5 +1,6 @@ [ - {rabbit, [ + {rabbit, [ +{% if ssl_key_file %} {% if ssl_only %} {tcp_listeners, []}, {% else %} @@ -9,13 +10,18 @@ {ssl_options, [ {verify, verify_peer}, {% if ssl_client %} - {fail_if_no_peer_cert, true}, + {fail_if_no_peer_cert, true}, {% else %} - {fail_if_no_peer_cert, false}, -{% endif %}{% if ssl_ca_file %} - {cacertfile, "{{ ssl_ca_file }}"}, {% endif %} + {fail_if_no_peer_cert, false}, +{% endif %} +{% if ssl_ca_file %} + {cacertfile, "{{ ssl_ca_file }}"}, +{% endif %} {certfile, "{{ ssl_cert_file }}"}, {keyfile, "{{ ssl_key_file }}"} - ]} + ]}, +{% endif %} + {heartbeat, 60} ]} -]. \ No newline at end of file +]. +