Browse Source

Fix RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS usage with a proper override mechanism

In THT we allow RabbitAdditionalErlArgs to set some additional
parameters which should be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
when starting rabbit. The problem is that when we use internal tls
that parameter gets ignored and so we lose our default '+sbwt none'.

Let's do this via a proper parameter while also considering the fact
that historically the default value of RabbitAdditionalErlArgs had
apices around it.

Change-Id: I3bf244a70538209773804eb85fae6be035c587f4
Related-Bug: #1884922
changes/33/737733/2
Michele Baldessari 2 weeks ago
parent
commit
4d3864249d
1 changed files with 21 additions and 2 deletions
  1. +21
    -2
      manifests/profile/base/rabbitmq.pp

+ 21
- 2
manifests/profile/base/rabbitmq.pp View File

@@ -56,6 +56,10 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
# [*additional_erl_args*]
# (Optional) Additional string to be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
# Defaults to undef
#
# [*inet_dist_interface*]
# (Optional) Address to bind the inter-cluster interface
# to. It is the inet_dist_use_interface option in the kernel variables
@@ -115,6 +119,7 @@ class tripleo::profile::base::rabbitmq (
$config_variables = hiera('rabbitmq_config_variables'),
$enable_internal_tls = undef,
$environment = hiera('rabbitmq_environment'),
$additional_erl_args = undef,
$ssl_versions = undef,
# lint:ignore:140chars
$inter_node_ciphers = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256',
@@ -151,7 +156,10 @@ class tripleo::profile::base::rabbitmq (
$ciphers_option = "-ssl_dist_opt server_ciphers ${inter_node_ciphers}"
$secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true'

$rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate}\""
# Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
# want to strip leading and trailing ' chars.
$additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
$rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate} ${additional_erl_args_real}\""
$environment_real = merge($environment, {
'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
@@ -168,7 +176,18 @@ class tripleo::profile::base::rabbitmq (
} else {
$tls_certfile = undef
$tls_keyfile = undef
$environment_real = $environment
if $additional_erl_args != undef {
# Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
# want to strip leading and trailing ' chars.
$additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
$rabbitmq_additional_erl_args = "\"${additional_erl_args_real}\""
$environment_real = merge($environment, {
'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
})
} else {
$environment_real = $environment
}
$configured_ssl_versions = undef
}



Loading…
Cancel
Save