Fix RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS usage with a proper override mechanism

In THT we allow RabbitAdditionalErlArgs to set some additional parameters which should be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS when starting rabbit. The problem is that when we use internal tls that parameter gets ignored and so we lose our default '+sbwt none'. Let's do this via a proper parameter while also considering the fact that historically the default value of RabbitAdditionalErlArgs had apices around it. Change-Id: I3bf244a70538209773804eb85fae6be035c587f4 Related-Bug: #1884922
2020-06-24 11:53:44 +02:00 · 2020-06-24 11:53:44 +02:00 · 4d3864249d
commit 4d3864249d
parent 5e3e9cb425
1 changed files with 21 additions and 2 deletions
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@ -56,6 +56,10 @@
 #   (Optional) RabbitMQ environment.
 #   Defaults to hiera('rabbitmq_environment').
 #
+# [*additional_erl_args*]
+#   (Optional) Additional string to be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
+#   Defaults to undef
+#
 # [*inet_dist_interface*]
 #   (Optional) Address to bind the inter-cluster interface
 #   to. It is the inet_dist_use_interface option in the kernel variables
@ -115,6 +119,7 @@ class tripleo::profile::base::rabbitmq (
  $config_variables              = hiera('rabbitmq_config_variables'),
  $enable_internal_tls           = undef,
  $environment                   = hiera('rabbitmq_environment'),
+  $additional_erl_args           = undef,
  $ssl_versions                  = undef,
  # lint:ignore:140chars
  $inter_node_ciphers            = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256',
@ -151,7 +156,10 @@ class tripleo::profile::base::rabbitmq (
    $ciphers_option = "-ssl_dist_opt server_ciphers ${inter_node_ciphers}"
    $secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true'

-    $rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate}\""
+    # Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
+    # want to strip leading and trailing ' chars.
+    $additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
+    $rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate} ${additional_erl_args_real}\""
    $environment_real = merge($environment, {
      'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
      'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
@ -168,7 +176,18 @@ class tripleo::profile::base::rabbitmq (
  } else {
    $tls_certfile = undef
    $tls_keyfile = undef
-    $environment_real = $environment
+    if $additional_erl_args != undef {
+      # Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
+      # want to strip leading and trailing ' chars.
+      $additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
+      $rabbitmq_additional_erl_args = "\"${additional_erl_args_real}\""
+      $environment_real = merge($environment, {
+        'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
+        'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
+      })
+    } else {
+      $environment_real = $environment
+    }
    $configured_ssl_versions = undef
  }