Fix RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS usage with a proper override mechanism + Make the additional_erl_args change more independent

In THT we allow RabbitAdditionalErlArgs to set some additional
parameters which should be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
when starting rabbit. The problem is that when we use internal tls
that parameter gets ignored and so we lose our default '+sbwt none'.

Let's do this via a proper parameter while also considering the fact
that historically the default value of RabbitAdditionalErlArgs had
apices around it.

Since the original master change had an issue when the THT parameter
was unset (aka when I567839785a72813a382a00253562894e19eb6715 was not
applied to THT), we also add the subsequent fixup "Make the additional_erl_args
change more independent" I9fa9ba95410ed3994f608beb2c5e1578dc3a7c7a to
this change)

Change-Id: I3bf244a70538209773804eb85fae6be035c587f4
Related-Bug: #1884922
(cherry picked from commit 4d3864249d)
This commit is contained in:
Michele Baldessari 2020-06-24 11:53:44 +02:00
parent c76b60b4ab
commit 3a564e7e55
1 changed files with 25 additions and 2 deletions

View File

@ -56,6 +56,10 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
# [*additional_erl_args*]
# (Optional) Additional string to be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
# Defaults to undef
#
# [*inet_dist_interface*]
# (Optional) Address to bind the inter-cluster interface
# to. It is the inet_dist_use_interface option in the kernel variables
@ -115,6 +119,7 @@ class tripleo::profile::base::rabbitmq (
$config_variables = hiera('rabbitmq_config_variables'),
$enable_internal_tls = undef,
$environment = hiera('rabbitmq_environment'),
$additional_erl_args = undef,
$ssl_versions = undef,
# lint:ignore:140chars
$inter_node_ciphers = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256',
@ -151,7 +156,14 @@ class tripleo::profile::base::rabbitmq (
$ciphers_option = "-ssl_dist_opt server_ciphers ${inter_node_ciphers}"
$secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true'
$rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate}\""
# Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
# want to strip leading and trailing ' chars.
if $additional_erl_args != undef {
$additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
} else {
$additional_erl_args_real = ''
}
$rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate} ${additional_erl_args_real}\""
$environment_real = merge($environment, {
'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
@ -168,7 +180,18 @@ class tripleo::profile::base::rabbitmq (
} else {
$tls_certfile = undef
$tls_keyfile = undef
$environment_real = $environment
if $additional_erl_args != undef {
# Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
# want to strip leading and trailing ' chars.
$additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
$rabbitmq_additional_erl_args = "\"${additional_erl_args_real}\""
$environment_real = merge($environment, {
'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
})
} else {
$environment_real = $environment
}
$configured_ssl_versions = undef
}