Add the ability to set the rabbitmq bind address

The rabbitmq bind address can now be set using the `rabbitmq_port_bindings` option which creates a hash of rabbitmq connection options allowing multiple bind addresses and port configurations to be present. This change also organizes the config so that its now far more human readable. The option `rabbitmq_disable_non_tls_listeners` has been removed. This was done because it is now irrelevant given its possible to set the specific bind addresses and port configurations. Change-Id: I103e406f5393a4ce3f7d6cd7f7e25e2058b0e796 Signed-off-by: Kevin Carter <kevin@cloudnull.com>
2018-05-25 09:58:45 +00:00 · 2018-05-25 09:58:45 +00:00 · f90bfd5cc1
parent 4afb4a7b1e
commit f90bfd5cc1
3 changed files with 54 additions and 18 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -158,3 +158,9 @@ rabbitmq_policies:
  - name: "HA"
    pattern: '^(?!(amq\.)|(.*_fanout_)|(reply_)).*'
    tags: "ha-mode=all"
+
+rabbitmq_port_bindings:
+  ssl_listeners:
+    "0.0.0.0": 5671
+  tcp_listeners:
+    "0.0.0.0": 5672
--- a/releasenotes/notes/rabbitmq_disable_non_tls_listeners-remove-54e04c51021ff301.yaml
+++ b/releasenotes/notes/rabbitmq_disable_non_tls_listeners-remove-54e04c51021ff301.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - The option `rabbitmq_disable_non_tls_listeners` has been removed in favor of setting
+    the bind address and port configuration directly using a new option
+    `rabbitmq_port_bindings`. This new option is a hash allowing for multiple bind
+    addresses and port configurations.
--- a/templates/rabbitmq.config.j2
+++ b/templates/rabbitmq.config.j2
@ -1,20 +1,44 @@
 [
-  {rabbit, [
-    {loopback_users, []},
-    {% if rabbitmq_disable_non_tls_listeners %}{tcp_listeners,[]},{% endif %}
-    {ssl_listeners, [5671]},
-    {collect_statistics_interval, {{ rabbitmq_collect_statistics_interval }} },
-    {ssl_options, [{certfile,"{{ rabbitmq_ssl_cert }}"},
-                   {keyfile,"{{ rabbitmq_ssl_key }}"},
-                   {% if rabbitmq_user_ssl_ca_cert is defined -%}
-                   {cacertfile,"{{ rabbitmq_ssl_ca_cert }}"},
-                   {% endif -%}
-                   {versions, ['tlsv1.2', 'tlsv1.1']},
-                   {verify,verify_none},
-                   {fail_if_no_peer_cert,false}]}
-    {% if rabbitmq_cluster_partition_handling != 'ignore' %},{cluster_partition_handling, {{ rabbitmq_cluster_partition_handling }}}{% endif %}
-    {% if rabbitmq_hipe_compile | bool %},{hipe_compile, true}{% endif %}
-    ,{vm_memory_high_watermark, {{ rabbitmq_memory_high_watermark }}}
-  ]},
-  {rabbitmq_management, [{rates_mode, {{ rabbitmq_management_rates_mode }} }] }
+  { rabbit, [
+      { loopback_users, [] },
+{% for key, value in rabbitmq_port_bindings.items() %}
+      { {{ key }}, [
+{%    for _key, _value in value.items() %}
+          { "{{ _key }}", {{ _value | int }} }{% if not loop.last -%},{%- endif %}
+
+{%    endfor %}
+        ]
+      },
+{% endfor %}
+      { collect_statistics_interval, {{ rabbitmq_collect_statistics_interval }} },
+      { ssl_options, [
+          { certfile, "{{ rabbitmq_ssl_cert }}" },
+          { keyfile, "{{ rabbitmq_ssl_key }}" },
+{% if rabbitmq_user_ssl_ca_cert is defined -%}
+          { cacertfile, "{{ rabbitmq_ssl_ca_cert }}" },
+{% endif %}
+          { versions, [
+              'tlsv1.2',
+              'tlsv1.1'
+            ]
+          },
+          { verify, verify_none },
+          { fail_if_no_peer_cert, false }
+        ]
+      },
+      { vm_memory_high_watermark, {{ rabbitmq_memory_high_watermark }} }
+{%- if rabbitmq_cluster_partition_handling != 'ignore' -%}
+,
+      { cluster_partition_handling, {{ rabbitmq_cluster_partition_handling }} }
+{%- endif -%}
+{%- if rabbitmq_hipe_compile | bool -%}
+,
+      { hipe_compile, true }
+{% endif %}
+    ]
+  },
+  { rabbitmq_management, [
+      { rates_mode, {{ rabbitmq_management_rates_mode }} }
+    ]
+  }
 ].