ssl listeners for rabbit

author Stephen Gran <steve@lobefin.net>

Mon, 26 Aug 2013 08:59:17 +0000 (09:59 +0100)

committer Stephen Gran <steve@lobefin.net>

Mon, 26 Aug 2013 08:59:17 +0000 (09:59 +0100)
author Stephen Gran <steve@lobefin.net>
Mon, 26 Aug 2013 08:59:17 +0000 (09:59 +0100)
committer Stephen Gran <steve@lobefin.net>
Mon, 26 Aug 2013 08:59:17 +0000 (09:59 +0100)
diff --git a/modules/rabbitmq/manifests/init.pp b/modules/rabbitmq/manifests/init.pp

index 5e12bd4be07d06094fc7ceccd15fda0d53890543..ba3c11f2e735c9ab8559638df0ccc97b3df760f1 100644 (file)
--- a/modules/rabbitmq/manifests/init.pp
+++ b/modules/rabbitmq/manifests/init.pp
@@ -32,6 +32,12 @@ class rabbitmq (
                 content => template('rabbitmq/rabbitmq.conf.erb'),
         }
  
+       concat::fragment { 'rabbit_foot':
+               target  => '/etc/rabbitmq/rabbitmq.config',
+               order   => 50,
+               content => "]}\n"
+       }
+
         concat::fragment { 'rabbitmq_conf_foot':
                 target  => '/etc/rabbitmq/rabbitmq.config',
                 order   => 99,
diff --git a/modules/rabbitmq/templates/rabbitmq.conf.erb b/modules/rabbitmq/templates/rabbitmq.conf.erb

index 46d3ee9be98f6d478db87d9b9ee460ebb659f2b1..6e69979b0db3e20f3d7f4d8a43fc33eb4c6c506a 100644 (file)
--- a/modules/rabbitmq/templates/rabbitmq.conf.erb
+++ b/modules/rabbitmq/templates/rabbitmq.conf.erb
@@ -1,4 +1,5 @@
  [
-<% if scope.lookupvar('cluster') -%>
-{rabbit, [{cluster_nodes, ['<%= scope.lookupvar('clustermembers').to_a.flatten.join("', '") %>']}]}
+{rabbit, [
+<% if @cluster -%>
+       {cluster_nodes, ['<%= @clustermembers.to_a.flatten.join("', '") %>']}
  <% end -%>
diff --git a/modules/roles/files/pubsub/rabbitmq.config b/modules/roles/files/pubsub/rabbitmq.config

new file mode 100644 (file)

index 0000000..cd34d88
--- /dev/null
+++ b/modules/roles/files/pubsub/rabbitmq.config
@@ -0,0 +1,7 @@
+     {ssl_listeners, [5671]},
+     {ssl_options, [{cacertfile,"/etc/ssl/debian/certs/ca.crt"},
+                    {certfile,"/etc/ssl/debian/certs/thishost-server.crt"},
+                    {keyfile,"/etc/ssl/debian/keys/thishost-server.key"},
+                    {verify,verify_none},
+                    {fail_if_no_peer_cert,false}]}
+
diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp

index e8eb2296de942027e55402f19893fbd66b72b3e4..e57e116249a7b7d1024b158b4393858affea7487 100644 (file)
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -18,6 +18,16 @@ class roles::pubsub {
                 master            => $cc_master,
         }
  
+       user { 'rabbitmq':
+               groups => 'ssl-cert'
+       }
+
+       concat::fragment { 'rabbit_ssl':
+               target => '/etc/rabbitmq/rabbitmq.config',
+               order  => 35,
+               source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
+       }
+
         rabbitmq_user { 'admin':
                 admin    => true,
                 password => $admin_password,
author	Stephen Gran <steve@lobefin.net>
	Mon, 26 Aug 2013 08:59:17 +0000 (09:59 +0100)
committer	Stephen Gran <steve@lobefin.net>
	Mon, 26 Aug 2013 08:59:17 +0000 (09:59 +0100)
modules/rabbitmq/manifests/init.pp		patch \| blob \| history
modules/rabbitmq/templates/rabbitmq.conf.erb		patch \| blob \| history
modules/roles/files/pubsub/rabbitmq.config	[new file with mode: 0644]	patch \| blob
modules/roles/manifests/pubsub.pp		patch \| blob \| history