openstack
/
charm-rabbitmq-server
Code Issues Proposed changes

Add ability to configure SSL [author=Thomas Leonard]

This commit is contained in:
Clint Byrum 2012-09-06 07:30:44 -07:00
parent 5c527c2a1a 980c9e61e3
commit e9449a8306
4 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README Normal file
View File

@ -0,0 +1,17 @@
Configuring SSL
---------------
Generate an unencrypted RSA private key for the servers and a certificate:
openssl genrsa -out rabbit-server-privkey.pem 2048
Get an X.509 certificate. This can be self-signed, for example:
openssl req -batch -new -x509 -key rabbit-server-privkey.pem -out rabbit-server-cert.pem -days 10000
Deploy the service:
juju deploy rabbitmq-server rabbit
Enable SSL, passing in the key and certificate as configuration settings:
juju set rabbit ssl_enabled=True ssl_key="`cat rabbit-server-privkey.pem`" ssl_cert="`cat rabbit-server-cert.pem`"

15
config.yaml Normal file
View File

@ -0,0 +1,15 @@
options:
ssl_enabled:
type: boolean
default: False
description: enable SSL
ssl_port:
type: int
default: 5673
description: SSL port
ssl_key:
type: string
description: private unencrypted key in PEM format (starts "-----BEGIN RSA PRIVATE KEY-----")
ssl_cert:
type: string
description: X.509 certificate in PEM format (starts "-----BEGIN CERTIFICATE-----")

59
hooks/config-changed Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
set -eu
juju-log "rabbitmq-server: Firing config hook"
ssl_enabled=`config-get ssl_enabled`
cd /etc/rabbitmq
new_config=`mktemp /etc/rabbitmq/.rabbitmq.config.XXXXXX`
chgrp rabbitmq "$new_config"
chmod g+r "$new_config"
exec 3> "$new_config"
cat >&3 <<EOF
[
{rabbit, [
EOF
ssl_key_file=/etc/rabbitmq/rabbit-server-privkey.pem
ssl_cert_file=/etc/rabbitmq/rabbit-server-cert.pem
if [ "$ssl_enabled" == "True" ]; then
umask 027
config-get ssl_key > "$ssl_key_file"
config-get ssl_cert > "$ssl_cert_file"
chgrp rabbitmq "$ssl_key_file" "$ssl_cert_file"
if [ ! -s "$ssl_key_file" ]; then
juju-log "ssl_key not set - can't configure SSL"
exit 0
fi
if [ ! -s "$ssl_cert_file" ]; then
juju-log "ssl_cert not set - can't configure SSL"
exit 0
fi
cat >&3 <<EOF
{ssl_listeners, [`config-get ssl_port`]},
{ssl_options, [
{certfile,"$ssl_cert_file"},
{keyfile,"$ssl_key_file"}
]},
EOF
fi
cat >&3 <<EOF
{tcp_listeners, [5672]}
]}
].
EOF
exec 3>&-
if [ -f rabbitmq.config ]; then
mv rabbitmq.config{,.bak}
fi
mv "$new_config" rabbitmq.config
/etc/init.d/rabbitmq-server restart

2
revision
View File

@ -1 +1 @@
31
34