Browse Source

Fix RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS usage with a proper override mechanism + Make the additional_erl_args change more independent

In THT we allow RabbitAdditionalErlArgs to set some additional
parameters which should be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
when starting rabbit. The problem is that when we use internal tls
that parameter gets ignored and so we lose our default '+sbwt none'.

Let's do this via a proper parameter while also considering the fact
that historically the default value of RabbitAdditionalErlArgs had
apices around it.

Since the original master change had an issue when the THT parameter
was unset (aka when I567839785a72813a382a00253562894e19eb6715 was not
applied to THT), we also add the subsequent fixup "Make the additional_erl_args
change more independent" I9fa9ba95410ed3994f608beb2c5e1578dc3a7c7a to
this change)

Change-Id: I3bf244a70538209773804eb85fae6be035c587f4
Related-Bug: #1884922
(cherry picked from commit 4d3864249d)
changes/22/738622/2
Michele Baldessari 1 month ago
parent
commit
856f946f78
1 changed files with 25 additions and 2 deletions
  1. +25
    -2
      manifests/profile/base/rabbitmq.pp

+ 25
- 2
manifests/profile/base/rabbitmq.pp View File

@@ -56,6 +56,10 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
# [*additional_erl_args*]
# (Optional) Additional string to be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
# Defaults to undef
#
# [*inet_dist_interface*]
# (Optional) Address to bind the inter-cluster interface
# to. It is the inet_dist_use_interface option in the kernel variables
@@ -115,6 +119,7 @@ class tripleo::profile::base::rabbitmq (
$config_variables = hiera('rabbitmq_config_variables'),
$enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t
$environment = hiera('rabbitmq_environment'),
$additional_erl_args = undef,
$ssl_versions = undef,
# lint:ignore:140chars
$inter_node_ciphers = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256',
@@ -151,7 +156,14 @@ class tripleo::profile::base::rabbitmq (
$ciphers_option = "-ssl_dist_opt server_ciphers ${inter_node_ciphers}"
$secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true'

$rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate}\""
# Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
# want to strip leading and trailing ' chars.
if $additional_erl_args != undef {
$additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
} else {
$additional_erl_args_real = ''
}
$rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate} ${additional_erl_args_real}\""
$environment_real = merge($environment, {
'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
@@ -168,7 +180,18 @@ class tripleo::profile::base::rabbitmq (
} else {
$tls_certfile = undef
$tls_keyfile = undef
$environment_real = $environment
if $additional_erl_args != undef {
# Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
# want to strip leading and trailing ' chars.
$additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
$rabbitmq_additional_erl_args = "\"${additional_erl_args_real}\""
$environment_real = merge($environment, {
'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
})
} else {
$environment_real = $environment
}
$configured_ssl_versions = undef
}



Loading…
Cancel
Save