From: Stephen Gran <steve@lobefin.net>
Date: Mon, 26 Aug 2013 08:59:17 +0000 (+0100)
Subject: ssl listeners for rabbit
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=1b9d2fa8947f8d2e1f32190ff6129ff3e6f2d56c;p=mirror%2Fdsa-puppet.git

ssl listeners for rabbit

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/rabbitmq/manifests/init.pp b/modules/rabbitmq/manifests/init.pp
index 5e12bd4be..ba3c11f2e 100644
--- a/modules/rabbitmq/manifests/init.pp
+++ b/modules/rabbitmq/manifests/init.pp
@@ -32,6 +32,12 @@ class rabbitmq (
 		content => template('rabbitmq/rabbitmq.conf.erb'),
 	}
 
+	concat::fragment { 'rabbit_foot':
+		target  => '/etc/rabbitmq/rabbitmq.config',
+		order   => 50,
+		content => "]}\n"
+	}
+
 	concat::fragment { 'rabbitmq_conf_foot':
 		target  => '/etc/rabbitmq/rabbitmq.config',
 		order   => 99,
diff --git a/modules/rabbitmq/templates/rabbitmq.conf.erb b/modules/rabbitmq/templates/rabbitmq.conf.erb
index 46d3ee9be..6e69979b0 100644
--- a/modules/rabbitmq/templates/rabbitmq.conf.erb
+++ b/modules/rabbitmq/templates/rabbitmq.conf.erb
@@ -1,4 +1,5 @@
 [
-<% if scope.lookupvar('cluster') -%>
-{rabbit, [{cluster_nodes, ['<%= scope.lookupvar('clustermembers').to_a.flatten.join("', '") %>']}]}
+{rabbit, [
+<% if @cluster -%>
+	{cluster_nodes, ['<%= @clustermembers.to_a.flatten.join("', '") %>']}
 <% end -%>
diff --git a/modules/roles/files/pubsub/rabbitmq.config b/modules/roles/files/pubsub/rabbitmq.config
new file mode 100644
index 000000000..cd34d8895
--- /dev/null
+++ b/modules/roles/files/pubsub/rabbitmq.config
@@ -0,0 +1,7 @@
+     {ssl_listeners, [5671]},
+     {ssl_options, [{cacertfile,"/etc/ssl/debian/certs/ca.crt"},
+                    {certfile,"/etc/ssl/debian/certs/thishost-server.crt"},
+                    {keyfile,"/etc/ssl/debian/keys/thishost-server.key"},
+                    {verify,verify_none},
+                    {fail_if_no_peer_cert,false}]}
+
diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index e8eb2296d..e57e11624 100644
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -18,6 +18,16 @@ class roles::pubsub {
 		master            => $cc_master,
 	}
 
+	user { 'rabbitmq':
+		groups => 'ssl-cert'
+	}
+
+	concat::fragment { 'rabbit_ssl':
+		target => '/etc/rabbitmq/rabbitmq.config',
+		order  => 35,
+		source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
+	}
+
 	rabbitmq_user { 'admin':
 		admin    => true,
 		password => $admin_password,