From e3a06d2dd140456cd73cd2d696b21c90e8fca43a Mon Sep 17 00:00:00 2001
From: Proskurin Kirill <kproskurin@mirantis.com>
Date: Tue, 14 Feb 2017 11:05:00 +0000
Subject: [PATCH] Get rid of the global SSL switch

Change-Id: I5a61a0cdee17470ed8e505ac5c6f0c202dadd980
---
 service/files/rabbitmq-env.conf.j2 | 2 +-
 service/files/rabbitmq.config.j2   | 6 +++---
 service/rabbitmq.yaml              | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/service/files/rabbitmq-env.conf.j2 b/service/files/rabbitmq-env.conf.j2
index 1779740..ee8ccc9 100644
--- a/service/files/rabbitmq-env.conf.j2
+++ b/service/files/rabbitmq-env.conf.j2
@@ -1,7 +1,7 @@
 NODENAME=rabbit@{{ network_topology["private"]["address"] }}
 USE_LONGNAME=true
 LOG_BASE=/var/log/ccp/rabbitmq
-{% if security.tls.enabled %}
+{% if rabbitmq.tls.enabled or etcd.tls.enabled %}
 ERL_SSL_PATH=`erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell`
 SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile /opt/ccp/etc/tls/rabbitmq.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile /opt/ccp/etc/tls/ca.pem"
 CTL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS"
diff --git a/service/files/rabbitmq.config.j2 b/service/files/rabbitmq.config.j2
index 160f8b6..2de0d39 100644
--- a/service/files/rabbitmq.config.j2
+++ b/service/files/rabbitmq.config.j2
@@ -1,7 +1,7 @@
 [
    {rabbit, [
       {dummy_param_without_comma, true}
-     {% if security.tls.enabled and rabbitmq.tls.enabled %}
+     {% if rabbitmq.tls.enabled %}
      ,{tcp_listeners, [] }
      ,{ssl_listeners, [
         {"0.0.0.0", {{ rabbitmq.port.cont }} }
@@ -16,7 +16,7 @@
      ,{loopback_users, []}
      ,{cluster_partition_handling, pause_minority}
      ,{queue_master_locator, <<"random">>}
-     {% if security.tls.enabled and rabbitmq.tls.enabled %}
+     {% if rabbitmq.tls.enabled %}
      ,{ssl_options, [{cacertfile,"/opt/ccp/etc/tls/ca.pem"},
                     {certfile,"/opt/ccp/etc/tls/rabbitmq_certificate.pem"},
                     {keyfile,"/opt/ccp/etc/tls/rabbitmq_server_key.pem"},
@@ -32,7 +32,7 @@
      ,{cluster_cleanup, true}
      ,{cleanup_warn_only, false}
      ,{etcd_ttl, 15}
-    {% if security.tls.enabled and etcd.tls.enabled %}
+    {% if etcd.tls.enabled %}
      ,{etcd_scheme, https}
     {% else %}
      ,{etcd_scheme, http}
diff --git a/service/rabbitmq.yaml b/service/rabbitmq.yaml
index 52c5117..c5598ac 100644
--- a/service/rabbitmq.yaml
+++ b/service/rabbitmq.yaml
@@ -32,7 +32,7 @@ service:
           - rabbitmq-readiness
           - rabbitmq-liveness
           - rabbitmq-check-helpers
-        # {% if security.tls.enabled %}
+        # {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
           - server_certificate
           - server_key
           - ca_certificate
@@ -67,7 +67,7 @@ files:
     path: /opt/ccp/bin/rabbitmq-check-helpers.sh
     content: rabbitmq-check-helpers.sh.j2
     perm: "644"
-# {% if security.tls.enabled %}
+# {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
   server_certificate:
     path: /opt/ccp/etc/tls/rabbitmq_certificate.pem
     content: server.pem.j2