-
-
Notifications
You must be signed in to change notification settings - Fork 500
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable configuring SSL for Erlang distribution #574
Conversation
42f21f3
to
1ec716a
Compare
In addition to rebase, we're switching to expect syntax, so can you update the specs to use the new syntax and squash commits? There is some ongoing structural maintenance, so unfortunately, there could end up being another round of rebasing at some point. After reading the link, the purpose of this PR is a little more clear, but it would be good if it could have some additional review. |
spec/classes/rabbitmq_spec.rb
Outdated
:ssl_erl_dist => true } | ||
} | ||
it 'should enable inet6 distribution' do | ||
should contain_file('rabbitmq-env.config') \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
switch these (and the others) to is.expected_to
type syntax
@wyardley thanks for the review. Amended the commit to address your comments. |
As mentioned in the RabbitMQ documentation [1], this sets up the necessary parameters through environment variables to use the relevant -proto_dist value, and enable the ssl path (through the -pa option) if necessary. [1] https://www.rabbitmq.com/clustering-ssl.html
This follows the RabbitMQ docs [1] for enabling TLS for the replication traffic. It reuses the certificate that rabbitmq already has. Unfortunately, pacemaker uses the shortname for the rabbitmq nodes, so we are not able to do proper verification of the certificates, since we can't allocate a certificate for shortnames. So, until pacemaker can track the rabbit nodes through their FQDNs, we don't set any verification options. [1] https://www.rabbitmq.com/clustering-ssl.html Depends on: voxpupuli/puppet-rabbitmq#574 bp tls-via-certmonger Co-Authored-By: Alex Schultz <[email protected]> Change-Id: I265c89cb8898a6da78a606664a22c50f5e57a847
This follows the RabbitMQ docs [1] for enabling TLS for the replication traffic. It reuses the certificate that rabbitmq already has. Unfortunately, pacemaker uses the shortname for the rabbitmq nodes, so we are not able to do proper verification of the certificates, since we can't allocate a certificate for shortnames. So, until pacemaker can track the rabbit nodes through their FQDNs, we don't set any verification options. [1] https://www.rabbitmq.com/clustering-ssl.html Depends on: voxpupuli/puppet-rabbitmq#574 bp tls-via-certmonger Co-Authored-By: Alex Schultz <[email protected]> Change-Id: I265c89cb8898a6da78a606664a22c50f5e57a847 (cherry picked from commit 52404b8)
Enable configuring SSL for Erlang distribution
Enable configuring SSL for Erlang distribution
As mentioned in the RabbitMQ documentation [1], this sets up the
necessary parameters through environment variables to use the relevant
-proto_dist value, and enable the ssl path (through the -pa option) if
necessary.
[1] https://www.rabbitmq.com/clustering-ssl.html