From 856f946f78593f8d175be857947db07dc95cbddf Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Wed, 24 Jun 2020 11:53:44 +0200
Subject: [PATCH] Fix RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS usage with a proper
 override mechanism + Make the additional_erl_args change more independent

In THT we allow RabbitAdditionalErlArgs to set some additional
parameters which should be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
when starting rabbit. The problem is that when we use internal tls
that parameter gets ignored and so we lose our default '+sbwt none'.

Let's do this via a proper parameter while also considering the fact
that historically the default value of RabbitAdditionalErlArgs had
apices around it.

Since the original master change had an issue when the THT parameter
was unset (aka when I567839785a72813a382a00253562894e19eb6715 was not
applied to THT), we also add the subsequent fixup "Make the additional_erl_args
change more independent" I9fa9ba95410ed3994f608beb2c5e1578dc3a7c7a to
this change)

Change-Id: I3bf244a70538209773804eb85fae6be035c587f4
Related-Bug: #1884922
(cherry picked from commit 4d3864249dc27e033499b8a0855ce095be848a44)
---
 manifests/profile/base/rabbitmq.pp | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index d18badf70..da97363c1 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -56,6 +56,10 @@
 #   (Optional) RabbitMQ environment.
 #   Defaults to hiera('rabbitmq_environment').
 #
+# [*additional_erl_args*]
+#   (Optional) Additional string to be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
+#   Defaults to undef
+#
 # [*inet_dist_interface*]
 #   (Optional) Address to bind the inter-cluster interface
 #   to. It is the inet_dist_use_interface option in the kernel variables
@@ -115,6 +119,7 @@ class tripleo::profile::base::rabbitmq (
   $config_variables              = hiera('rabbitmq_config_variables'),
   $enable_internal_tls           = undef,  # TODO(jaosorior): pass this via t-h-t
   $environment                   = hiera('rabbitmq_environment'),
+  $additional_erl_args           = undef,
   $ssl_versions                  = undef,
   # lint:ignore:140chars
   $inter_node_ciphers            = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256',
@@ -151,7 +156,14 @@ class tripleo::profile::base::rabbitmq (
     $ciphers_option = "-ssl_dist_opt server_ciphers ${inter_node_ciphers}"
     $secure_renegotiate = '-ssl_dist_opt server_secure_renegotiate true -ssl_dist_opt client_secure_renegotiate true'
 
-    $rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate}\""
+    # Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
+    # want to strip leading and trailing ' chars.
+    if $additional_erl_args != undef {
+      $additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
+    } else {
+      $additional_erl_args_real = ''
+    }
+    $rabbitmq_additional_erl_args = "\"${cert_option} ${key_option} ${ciphers_option} ${secure_renegotiate} ${additional_erl_args_real}\""
     $environment_real = merge($environment, {
       'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
       'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
@@ -168,7 +180,18 @@ class tripleo::profile::base::rabbitmq (
   } else {
     $tls_certfile = undef
     $tls_keyfile = undef
-    $environment_real = $environment
+    if $additional_erl_args != undef {
+      # Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we
+      # want to strip leading and trailing ' chars.
+      $additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G')
+      $rabbitmq_additional_erl_args = "\"${additional_erl_args_real}\""
+      $environment_real = merge($environment, {
+        'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,
+        'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args,
+      })
+    } else {
+      $environment_real = $environment
+    }
     $configured_ssl_versions = undef
   }