try ssl for management

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/roles/files/pubsub/rabbitmq-mgmt.config b/modules/roles/files/pubsub/rabbitmq-mgmt.config
new file mode 100644 (file)
index 0000000..4710fb5
--- /dev/null
+++ b/modules/roles/files/pubsub/rabbitmq-mgmt.config
@@ -0,0 +1,12 @@
+,{rabbitmq_management,
+       [{listener, [
+               {port,     15672},
+               {ssl,      true},
+               {ssl_options, [
+                       {cacertfile,"/etc/ssl/debian/certs/ca.crt"},
+                       {certfile,"/etc/ssl/debian/certs/thishost-server.crt"},
+                       {keyfile,"/etc/ssl/debian/keys/thishost-server.key"},
+                       {verify,verify_none},
+                       {fail_if_no_peer_cert,false}]}
+       ]}
+]}

diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index 43f2c6f..9cc7bb7 100644 (file)
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -31,6 +31,12 @@ class roles::pubsub {
                source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
        }
 
+       concat::fragment { 'rabbit_mgmt_ssl':
+               target => '/etc/rabbitmq/rabbitmq.config',
+               order  => 55,
+               source => 'puppet:///modules/roles/pubsub/rabbitmq-mgmt.config'
+       }
+
        rabbitmq_user { 'admin':
                admin    => true,
                password => $admin_password,