Merge "Add flag for rabbitmq fips_mode, defaulting to false" into stable/wallaby

2022-03-15 03:36:31 +00:00 · 2022-03-15 03:36:31 +00:00 · d116d1c690
parent 30377d88ea aca1ea18ab
commit d116d1c690
1 changed files with 8 additions and 1 deletions
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@ -38,6 +38,10 @@
 #   (Optional) Whether TLS in the internal network is enabled or not.
 #   Defaults to undef
 #
+# [*fips_mode*]
+#   (Optional) Whether the erlang crypto app is configured for FIPS mode or not.
+#   Defaults to false
+#
 # [*ssl_versions*]
 #   (Optional) When enable_internal_tls is in use, list the enabled
 #   TLS protocol version.
@ -126,6 +130,7 @@ class tripleo::profile::base::rabbitmq (
  $certificate_specs             = {},
  $config_variables              = hiera('rabbitmq_config_variables'),
  $enable_internal_tls           = undef,
+  $fips_mode                     = false,
  $environment                   = hiera('rabbitmq_environment'),
  $additional_erl_args           = undef,
  $ssl_versions                  = ['tlsv1.2', 'tlsv1.3'],
@ -168,7 +173,9 @@ class tripleo::profile::base::rabbitmq (
    } else {
      $additional_erl_args_real = ''
    }
-    $rabbitmq_additional_erl_args = "\"${additional_erl_args_real} -ssl_dist_optfile /etc/rabbitmq/ssl-dist.conf\""
+    # lint:ignore:140chars
+    $rabbitmq_additional_erl_args = "\"${additional_erl_args_real} -ssl_dist_optfile /etc/rabbitmq/ssl-dist.conf -crypto fips_mode ${fips_mode}\""
+    # lint:endignore
    $rabbitmq_client_additional_erl_args = "\"${additional_erl_args_real}\""
    $environment_real = merge($environment, {
      'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args,