move variable declaration, option for mgnt cacert

- based on discussions in voxpupuli#648
slm0n87 · Oct 16, 2017 · 3d5ba4b · wyardley · Oct 18, 2017 · 3d5ba4b
1 parent e24a0e4
commit 3d5ba4b
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 28 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -43,6 +43,7 @@
   $ssl_port                    = $rabbitmq::ssl_port
   $ssl_interface               = $rabbitmq::ssl_interface
   $ssl_management_port         = $rabbitmq::ssl_management_port
+  $ssl_management_cacert_enable= $rabbitmq::ssl_management_cacert_enable
   $ssl_management_cacert       = $rabbitmq::ssl_management_cacert
   $ssl_management_cert         = $rabbitmq::ssl_management_cert
   $ssl_management_key          = $rabbitmq::ssl_management_key
@@ -137,22 +138,6 @@
     $environment_variables = $_environment_variables
   }
 
-  if ($ssl_management_cacert) {
-    $_ssl_management_cacert = $ssl_management_cacert
-  } else {
-    $_ssl_management_cacert = $ssl_cacert
-  }
-  if ($ssl_management_cert) {
-    $_ssl_management_cert = $ssl_management_cert
-  } else {
-    $_ssl_management_cert = $ssl_cert
-  }
-  if ($ssl_management_key) {
-    $_ssl_management_key = $ssl_management_key
-  } else {
-    $_ssl_management_key = $ssl_key
-  }
-
   file { '/etc/rabbitmq':
     ensure => directory,
     owner  => '0',

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -163,8 +163,8 @@
 # @param ssl_key Key to use for SSL.
 # @param ssl_only Configures the service to only use SSL.  No cleartext TCP listeners will be created. Requires that ssl => true and
 # @param ssl_management_port SSL management port.
-# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. If you want to set no
-# management CA cert path, set this to false.
+# @param ssl_management_cacert_enable If you want to set no management CA cert path, set this to false.
+# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility.
 # @param ssl_management_cert SSL management cert. if unset set to ssl_cert for backwards compatibility.
 # @param ssl_management_key SSL management key. if unset set to ssl_key for backwards compatibility.
 # @param ssl_port SSL port for RabbitMQ
@@ -247,9 +247,10 @@
   $ssl_port                                             = $rabbitmq::params::ssl_port,
   Optional[String] $ssl_interface                       = undef,
   Integer $ssl_management_port                          = $rabbitmq::params::ssl_management_port,
-  Optional[Stdlib::Absolutepath] $ssl_management_cacert = undef,
-  Optional[Stdlib::Absolutepath] $ssl_management_cert   = undef,
-  Optional[Stdlib::Absolutepath] $ssl_management_key    = undef,
+  Boolean $ssl_management_cacert_enable                 = $rabbitmq::params::ssl_management_cacert_enable,
+  Optional[Stdlib::Absolutepath] $ssl_management_cacert = $ssl_cacert,
+  Optional[Stdlib::Absolutepath] $ssl_management_cert   = $ssl_cert,
+  Optional[Stdlib::Absolutepath] $ssl_management_key    = $ssl_key,
   Integer $ssl_stomp_port                               = $rabbitmq::params::ssl_stomp_port,
   $ssl_verify                                           = $rabbitmq::params::ssl_verify,
   $ssl_fail_if_no_peer_cert                             = $rabbitmq::params::ssl_fail_if_no_peer_cert,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -107,6 +107,7 @@
   $ssl_erl_dist                = false
   $ssl_fail_if_no_peer_cert    = false
   $ssl_honor_cipher_order      = true
+  $ssl_management_cacert_enable= true
   $ssl_management_port         = 15671
   $ssl_only                    = false
   $ssl_port                    = 5671

diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb
@@ -109,11 +109,11 @@
   <%- end -%>
       {port, <%= @ssl_management_port %>},
       {ssl, true},
-      {ssl_opts, [<%- if @_ssl_management_cacert %>
-                  {cacertfile, "<%= @_ssl_management_cacert %>"},
+      {ssl_opts, [<%- if @ssl_management_cacert_enable and @ssl_management_cacert %>
+                  {cacertfile, "<%= @ssl_management_cacert %>"},
                   <%- end -%>
-                  {certfile, "<%= @_ssl_management_cert %>"},
-                  {keyfile, "<%= @_ssl_management_key %>"}
+                  {certfile, "<%= @ssl_management_cert %>"},
+                  {keyfile, "<%= @ssl_management_key %>"}
                    <%- if @ssl_versions -%>
                      ,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}
                    <%- end -%>

diff --git a/templates/rabbitmqadmin.conf.erb b/templates/rabbitmqadmin.conf.erb
@@ -1,9 +1,9 @@
 [default]
 <% if @ssl && @management_ssl -%>
 ssl = True
-ssl_ca_cert_file = <%= @_ssl_management_cacert %>
-ssl_cert_file = <%= @_ssl_management_cert %>
-ssl_key_file = <%= @_ssl_management_key %>
+ssl_ca_cert_file = <%= @ssl_management_cacert %>
+ssl_cert_file = <%= @ssl_management_cert %>
+ssl_key_file = <%= @ssl_management_key %>
 port = <%= @ssl_management_port %>
 <% unless @management_hostname -%>
 hostname = <%= @fqdn %>