Allow configuration of listening on non-ssl port

Deployers can override the `rabbitmq_disable_non_tls_listeners` variable, setting a value of `True` if they wish to enable this feature. Change-Id: I4fe39099dbe8973d2655845c19882c404d4f20b1
2017-01-12 14:47:59 -06:00
parent c9016f22a5
commit 84d75078cf
3 changed files with 9 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -86,6 +86,9 @@ rabbitmq_management_rates_mode: basic
 # Precompile RabbitMQ with HiPE
 rabbitmq_hipe_compile: False

+# Disable non-TLS listeners
+rabbitmq_disable_non_tls_listeners: False
+
 # RabbitMQ policies
 # Used to tune performance characteristics of OpenStack messaging
 #
--- a/releasenotes/notes/disable_non_tls_listeners-ef9c20d70f820a69.yaml
+++ b/releasenotes/notes/disable_non_tls_listeners-ef9c20d70f820a69.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - The ``rabbitmq_server`` role now supports disabling listeners that do not
+    use TLS. Deployers can override the ``rabbitmq_disable_non_tls_listeners``
+    variable, setting a value of ``True`` if they wish to enable this feature.
--- a/templates/rabbitmq.config.j2
+++ b/templates/rabbitmq.config.j2
@@ -1,6 +1,7 @@
 [
  {rabbit, [
    {loopback_users, []},
+    {% if rabbitmq_disable_non_tls_listeners %}{tcp_listeners,[]},{% endif %}
    {ssl_listeners, [5671]},
    {collect_statistics_interval, {{ rabbitmq_collect_statistics_interval }} },
    {ssl_options, [{certfile,"{{ rabbitmq_ssl_cert }}"},