Merge "Allow access to RabbitMQ management plugin over network"

2021-04-23 22:21:31 +00:00 · 2021-04-23 22:21:31 +00:00 · 45d508bf99
parent 186ae11c97 31674339d8
commit 45d508bf99
2 changed files with 23 additions and 5 deletions
--- a/deployment/rabbitmq/rabbitmq-container-puppet.yaml
+++ b/deployment/rabbitmq/rabbitmq-container-puppet.yaml
@ -101,6 +101,10 @@ parameters:
    default: ''
    description: Override the private key size used when creating the
                 certificate for this service
+  RabbitmqEnableManagementAccess:
+    type: boolean
+    default: false
+    description: Allow access to RabbitMQ management plugin over network

 parameter_groups:
 - label: deprecated
@ -134,10 +138,14 @@ outputs:
      firewall_rules:
        '109 rabbitmq':
          dport:
-            - 4369
+            list_concat:
+              - - 4369
                - 5672
                - 25672
                - 25673-25683
+              - if:
+                - {get_param: RabbitmqEnableManagementAccess}
+                - - 15672
      monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
      # RabbitMQ plugins initialization occurs on every node
      config_settings:
@ -213,7 +221,16 @@ outputs:
          - rabbitmq::admin_enable: false
            rabbitmq::management_enable: true
            rabbitmq::use_config_file_for_plugins: true
-            rabbitmq::management_ip_address: 127.0.0.1
+            rabbitmq::management_ip_address:
+              if:
+                - {get_param: RabbitmqEnableManagementAccess}
+                - str_replace:
+                    template:
+                      "%{hiera('$NETWORK')}"
+                    params:
+                      $NETWORK: {get_param: [ServiceNetMap, RabbitmqManagementNetwork]}
+                - 127.0.0.1
+            rabbitmq::management_port: 15672
            rabbitmq::config_management_variables:
              rates_mode: none
          - if:
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@ -65,6 +65,7 @@ parameters:
      OsloMessagingRpcNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
      OsloMessagingNotifyNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
      RabbitmqNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
+      RabbitmqManagementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
      QdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
      RedisNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
      GaneshaNetwork: {{ _service_nets.get('storage_nfs', 'ctlplane') }}