Allow configuration of listening on non-ssl port

Deployers can override the `rabbitmq_disable_non_tls_listeners`
variable, setting a value of `True` if they wish to enable this feature.

Change-Id: I4fe39099dbe8973d2655845c19882c404d4f20b1

defaults/main.yml

@@ -86,6 +86,9 @@ rabbitmq_management_rates_mode: basic
 # Precompile RabbitMQ with HiPE
 rabbitmq_hipe_compile: False
 
+# Disable non-TLS listeners
+rabbitmq_disable_non_tls_listeners: False
+
 # RabbitMQ policies
 # Used to tune performance characteristics of OpenStack messaging
 #

releasenotes/notes/disable_non_tls_listeners-ef9c20d70f820a69.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - The ``rabbitmq_server`` role now supports disabling listeners that do not
+    use TLS. Deployers can override the ``rabbitmq_disable_non_tls_listeners``
+    variable, setting a value of ``True`` if they wish to enable this feature.

templates/rabbitmq.config.j2

@@ -1,6 +1,7 @@
 [
   {rabbit, [
     {loopback_users, []},
+    {% if rabbitmq_disable_non_tls_listeners %}{tcp_listeners,[]},{% endif %}
     {ssl_listeners, [5671]},
     {collect_statistics_interval, {{ rabbitmq_collect_statistics_interval }} },
     {ssl_options, [{certfile,"{{ rabbitmq_ssl_cert }}"},