Skip to content

Commit

Permalink
move variable declaration, option for mgnt cacert
Browse files Browse the repository at this point in the history 
- based on discussions in voxpupuli#648
  • Loading branch information
@slm0n87
slm0n87 committed Oct 18, 2017
1 parent 5fc705e commit b44d9f8
Show file tree
Hide file tree
Showing 5 changed files with 148 additions and 161 deletions.
167 changes: 76 additions & 91 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,81 +3,82 @@
# config and ssl.
class rabbitmq::config {

$admin_enable = $rabbitmq::admin_enable
$cluster_node_type = $rabbitmq::cluster_node_type
$cluster_nodes = $rabbitmq::cluster_nodes
$config = $rabbitmq::config
$config_cluster = $rabbitmq::config_cluster
$config_path = $rabbitmq::config_path
$config_ranch = $rabbitmq::config_ranch
$config_stomp = $rabbitmq::config_stomp
$config_shovel = $rabbitmq::config_shovel
$config_shovel_statics = $rabbitmq::config_shovel_statics
$default_user = $rabbitmq::default_user
$default_pass = $rabbitmq::default_pass
$env_config = $rabbitmq::env_config
$env_config_path = $rabbitmq::env_config_path
$erlang_cookie = $rabbitmq::erlang_cookie
$interface = $rabbitmq::interface
$management_port = $rabbitmq::management_port
$management_ssl = $rabbitmq::management_ssl
$management_hostname = $rabbitmq::management_hostname
$node_ip_address = $rabbitmq::node_ip_address
$rabbitmq_user = $rabbitmq::rabbitmq_user
$rabbitmq_group = $rabbitmq::rabbitmq_group
$rabbitmq_home = $rabbitmq::rabbitmq_home
$port = $rabbitmq::port
$tcp_keepalive = $rabbitmq::tcp_keepalive
$tcp_backlog = $rabbitmq::tcp_backlog
$tcp_sndbuf = $rabbitmq::tcp_sndbuf
$tcp_recbuf = $rabbitmq::tcp_recbuf
$heartbeat = $rabbitmq::heartbeat
$service_name = $rabbitmq::service_name
$ssl = $rabbitmq::ssl
$ssl_only = $rabbitmq::ssl_only
$ssl_cacert = $rabbitmq::ssl_cacert
$ssl_cert = $rabbitmq::ssl_cert
$ssl_key = $rabbitmq::ssl_key
$ssl_depth = $rabbitmq::ssl_depth
$ssl_cert_password = $rabbitmq::ssl_cert_password
$ssl_port = $rabbitmq::ssl_port
$ssl_interface = $rabbitmq::ssl_interface
$ssl_management_port = $rabbitmq::ssl_management_port
$ssl_management_cacert = $rabbitmq::ssl_management_cacert
$ssl_management_cert = $rabbitmq::ssl_management_cert
$ssl_management_key = $rabbitmq::ssl_management_key
$ssl_stomp_port = $rabbitmq::ssl_stomp_port
$ssl_verify = $rabbitmq::ssl_verify
$ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert
$ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate
$ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions
$ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order
$ssl_dhfile = $rabbitmq::ssl_dhfile
$ssl_versions = $rabbitmq::ssl_versions
$ssl_ciphers = $rabbitmq::ssl_ciphers
$stomp_port = $rabbitmq::stomp_port
$stomp_ssl_only = $rabbitmq::stomp_ssl_only
$ldap_auth = $rabbitmq::ldap_auth
$ldap_server = $rabbitmq::ldap_server
$ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern
$ldap_other_bind = $rabbitmq::ldap_other_bind
$ldap_use_ssl = $rabbitmq::ldap_use_ssl
$ldap_port = $rabbitmq::ldap_port
$ldap_log = $rabbitmq::ldap_log
$ldap_config_variables = $rabbitmq::ldap_config_variables
$wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change
$config_variables = $rabbitmq::config_variables
$config_kernel_variables = $rabbitmq::config_kernel_variables
$config_management_variables = $rabbitmq::config_management_variables
$config_additional_variables = $rabbitmq::config_additional_variables
$auth_backends = $rabbitmq::auth_backends
$cluster_partition_handling = $rabbitmq::cluster_partition_handling
$file_limit = $rabbitmq::file_limit
$collect_statistics_interval = $rabbitmq::collect_statistics_interval
$ipv6 = $rabbitmq::ipv6
$inetrc_config = $rabbitmq::inetrc_config
$inetrc_config_path = $rabbitmq::inetrc_config_path
$ssl_erl_dist = $rabbitmq::ssl_erl_dist
$admin_enable = $rabbitmq::admin_enable
$cluster_node_type = $rabbitmq::cluster_node_type
$cluster_nodes = $rabbitmq::cluster_nodes
$config = $rabbitmq::config
$config_cluster = $rabbitmq::config_cluster
$config_path = $rabbitmq::config_path
$config_ranch = $rabbitmq::config_ranch
$config_stomp = $rabbitmq::config_stomp
$config_shovel = $rabbitmq::config_shovel
$config_shovel_statics = $rabbitmq::config_shovel_statics
$default_user = $rabbitmq::default_user
$default_pass = $rabbitmq::default_pass
$env_config = $rabbitmq::env_config
$env_config_path = $rabbitmq::env_config_path
$erlang_cookie = $rabbitmq::erlang_cookie
$interface = $rabbitmq::interface
$management_port = $rabbitmq::management_port
$management_ssl = $rabbitmq::management_ssl
$management_hostname = $rabbitmq::management_hostname
$node_ip_address = $rabbitmq::node_ip_address
$rabbitmq_user = $rabbitmq::rabbitmq_user
$rabbitmq_group = $rabbitmq::rabbitmq_group
$rabbitmq_home = $rabbitmq::rabbitmq_home
$port = $rabbitmq::port
$tcp_keepalive = $rabbitmq::tcp_keepalive
$tcp_backlog = $rabbitmq::tcp_backlog
$tcp_sndbuf = $rabbitmq::tcp_sndbuf
$tcp_recbuf = $rabbitmq::tcp_recbuf
$heartbeat = $rabbitmq::heartbeat
$service_name = $rabbitmq::service_name
$ssl = $rabbitmq::ssl
$ssl_only = $rabbitmq::ssl_only
$ssl_cacert = $rabbitmq::ssl_cacert
$ssl_cert = $rabbitmq::ssl_cert
$ssl_key = $rabbitmq::ssl_key
$ssl_depth = $rabbitmq::ssl_depth
$ssl_cert_password = $rabbitmq::ssl_cert_password
$ssl_port = $rabbitmq::ssl_port
$ssl_interface = $rabbitmq::ssl_interface
$ssl_management_port = $rabbitmq::ssl_management_port
$ssl_management_cacert_enable = $rabbitmq::ssl_management_cacert_enable
$ssl_management_cacert = $rabbitmq::ssl_management_cacert
$ssl_management_cert = $rabbitmq::ssl_management_cert
$ssl_management_key = $rabbitmq::ssl_management_key
$ssl_stomp_port = $rabbitmq::ssl_stomp_port
$ssl_verify = $rabbitmq::ssl_verify
$ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert
$ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate
$ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions
$ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order
$ssl_dhfile = $rabbitmq::ssl_dhfile
$ssl_versions = $rabbitmq::ssl_versions
$ssl_ciphers = $rabbitmq::ssl_ciphers
$stomp_port = $rabbitmq::stomp_port
$stomp_ssl_only = $rabbitmq::stomp_ssl_only
$ldap_auth = $rabbitmq::ldap_auth
$ldap_server = $rabbitmq::ldap_server
$ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern
$ldap_other_bind = $rabbitmq::ldap_other_bind
$ldap_use_ssl = $rabbitmq::ldap_use_ssl
$ldap_port = $rabbitmq::ldap_port
$ldap_log = $rabbitmq::ldap_log
$ldap_config_variables = $rabbitmq::ldap_config_variables
$wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change
$config_variables = $rabbitmq::config_variables
$config_kernel_variables = $rabbitmq::config_kernel_variables
$config_management_variables = $rabbitmq::config_management_variables
$config_additional_variables = $rabbitmq::config_additional_variables
$auth_backends = $rabbitmq::auth_backends
$cluster_partition_handling = $rabbitmq::cluster_partition_handling
$file_limit = $rabbitmq::file_limit
$collect_statistics_interval = $rabbitmq::collect_statistics_interval
$ipv6 = $rabbitmq::ipv6
$inetrc_config = $rabbitmq::inetrc_config
$inetrc_config_path = $rabbitmq::inetrc_config_path
$ssl_erl_dist = $rabbitmq::ssl_erl_dist

if $ssl_only {
$default_ssl_env_variables = {}
Expand Down Expand Up @@ -137,22 +138,6 @@
$environment_variables = $_environment_variables
}
if ($ssl_management_cacert) {
$_ssl_management_cacert = $ssl_management_cacert
} else {
$_ssl_management_cacert = $ssl_cacert
}
if ($ssl_management_cert) {
$_ssl_management_cert = $ssl_management_cert
} else {
$_ssl_management_cert = $ssl_cert
}
if ($ssl_management_key) {
$_ssl_management_key = $ssl_management_key
} else {
$_ssl_management_key = $ssl_key
}
file { '/etc/rabbitmq':
ensure => directory,
owner => '0',
Expand Down
11 changes: 6 additions & 5 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,8 +158,8 @@
# @param ssl_key Key to use for SSL.
# @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and
# @param ssl_management_port SSL management port.
# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility. If you want to set no
# management CA cert path, set this to false.
# @param ssl_management_cacert_enable If you want to set no management CA cert path, set this to false.
# @param ssl_management_cacert SSL management cacert. if unset set to ssl_cacert for backwards compatibility.
# @param ssl_management_cert SSL management cert. if unset set to ssl_cert for backwards compatibility.
# @param ssl_management_key SSL management key. if unset set to ssl_key for backwards compatibility.
# @param ssl_port SSL port for RabbitMQ
Expand Down Expand Up @@ -239,9 +239,10 @@
Integer[1, 65535] $ssl_port = $rabbitmq::params::ssl_port,
Optional[String] $ssl_interface = undef,
Integer[1, 65535] $ssl_management_port = $rabbitmq::params::ssl_management_port,
Optional[Stdlib::Absolutepath] $ssl_management_cacert = undef,
Optional[Stdlib::Absolutepath] $ssl_management_cert = undef,
Optional[Stdlib::Absolutepath] $ssl_management_key = undef,
Boolean $ssl_management_cacert_enable = $rabbitmq::params::ssl_management_cacert_enable,
Optional[Stdlib::Absolutepath] $ssl_management_cacert = $ssl_cacert,
Optional[Stdlib::Absolutepath] $ssl_management_cert = $ssl_cert,
Optional[Stdlib::Absolutepath] $ssl_management_key = $ssl_key,
Integer[1, 65535] $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port,
Enum['verify_none','verify_peer'] $ssl_verify = $rabbitmq::params::ssl_verify,
Boolean $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert,
Expand Down
117 changes: 59 additions & 58 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,63 +77,64 @@
}

#install
$admin_enable = true
$management_port = 15672
$management_ssl = true
$repos_ensure = false
$service_ensure = 'running'
$service_manage = true
$admin_enable = true
$management_port = 15672
$management_ssl = true
$repos_ensure = false
$service_ensure = 'running'
$service_manage = true
#config
$cluster_node_type = 'disc'
$cluster_nodes = []
$config = 'rabbitmq/rabbitmq.config.erb'
$config_cluster = false
$config_path = '/etc/rabbitmq/rabbitmq.config'
$config_ranch = true
$config_stomp = false
$config_shovel = false
$config_shovel_statics = {}
$default_user = 'guest'
$default_pass = 'guest'
$delete_guest_user = false
$env_config = 'rabbitmq/rabbitmq-env.conf.erb'
$env_config_path = '/etc/rabbitmq/rabbitmq-env.conf'
$port = 5672
$tcp_keepalive = false
$tcp_backlog = 128
$ssl = false
$ssl_ciphers = []
$ssl_erl_dist = false
$ssl_fail_if_no_peer_cert = false
$ssl_honor_cipher_order = true
$ssl_management_port = 15671
$ssl_only = false
$ssl_port = 5671
$ssl_reuse_sessions = true
$ssl_secure_renegotiate = true
$ssl_stomp_port = 6164
$ssl_verify = 'verify_none'
$ssl_versions = undef
$stomp_ensure = false
$stomp_port = 6163
$stomp_ssl_only = false
$ldap_auth = false
$ldap_server = 'ldap'
$ldap_user_dn_pattern = undef
$ldap_other_bind = 'anon'
$ldap_use_ssl = false
$ldap_port = 389
$ldap_log = false
$ldap_config_variables = {}
$wipe_db_on_cookie_change = false
$cluster_partition_handling = 'ignore'
$environment_variables = {}
$config_variables = {}
$config_kernel_variables = {}
$config_management_variables = {}
$config_additional_variables = {}
$file_limit = 16384
$ipv6 = false
$inetrc_config = 'rabbitmq/inetrc.erb'
$inetrc_config_path = '/etc/rabbitmq/inetrc'
$cluster_node_type = 'disc'
$cluster_nodes = []
$config = 'rabbitmq/rabbitmq.config.erb'
$config_cluster = false
$config_path = '/etc/rabbitmq/rabbitmq.config'
$config_ranch = true
$config_stomp = false
$config_shovel = false
$config_shovel_statics = {}
$default_user = 'guest'
$default_pass = 'guest'
$delete_guest_user = false
$env_config = 'rabbitmq/rabbitmq-env.conf.erb'
$env_config_path = '/etc/rabbitmq/rabbitmq-env.conf'
$port = 5672
$tcp_keepalive = false
$tcp_backlog = 128
$ssl = false
$ssl_ciphers = []
$ssl_erl_dist = false
$ssl_fail_if_no_peer_cert = false
$ssl_honor_cipher_order = true
$ssl_management_cacert_enable = true
$ssl_management_port = 15671
$ssl_only = false
$ssl_port = 5671
$ssl_reuse_sessions = true
$ssl_secure_renegotiate = true
$ssl_stomp_port = 6164
$ssl_verify = 'verify_none'
$ssl_versions = undef
$stomp_ensure = false
$stomp_port = 6163
$stomp_ssl_only = false
$ldap_auth = false
$ldap_server = 'ldap'
$ldap_user_dn_pattern = undef
$ldap_other_bind = 'anon'
$ldap_use_ssl = false
$ldap_port = 389
$ldap_log = false
$ldap_config_variables = {}
$wipe_db_on_cookie_change = false
$cluster_partition_handling = 'ignore'
$environment_variables = {}
$config_variables = {}
$config_kernel_variables = {}
$config_management_variables = {}
$config_additional_variables = {}
$file_limit = 16384
$ipv6 = false
$inetrc_config = 'rabbitmq/inetrc.erb'
$inetrc_config_path = '/etc/rabbitmq/inetrc'
}
8 changes: 4 additions & 4 deletions templates/rabbitmq.config.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,11 @@
<%- end -%>
{port, <%= @ssl_management_port %>},
{ssl, true},
{ssl_opts, [<%- if @_ssl_management_cacert %>
{cacertfile, "<%= @_ssl_management_cacert %>"},
{ssl_opts, [<%- if @ssl_management_cacert_enable and @ssl_management_cacert %>
{cacertfile, "<%= @ssl_management_cacert %>"},
<%- end -%>
{certfile, "<%= @_ssl_management_cert %>"},
{keyfile, "<%= @_ssl_management_key %>"}
{certfile, "<%= @ssl_management_cert %>"},
{keyfile, "<%= @ssl_management_key %>"}
<%- if @ssl_versions -%>
,{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}
<%- end -%>
Expand Down
6 changes: 3 additions & 3 deletions templates/rabbitmqadmin.conf.erb
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
[default]
<% if @ssl && @management_ssl -%>
ssl = True
ssl_ca_cert_file = <%= @_ssl_management_cacert %>
ssl_cert_file = <%= @_ssl_management_cert %>
ssl_key_file = <%= @_ssl_management_key %>
ssl_ca_cert_file = <%= @ssl_management_cacert %>
ssl_cert_file = <%= @ssl_management_cert %>
ssl_key_file = <%= @ssl_management_key %>
port = <%= @ssl_management_port %>
<% unless @management_hostname -%>
hostname = <%= @fqdn %>
Expand Down

0 comments on commit b44d9f8

Please sign in to comment.