diff --git a/deployment/rabbitmq/rabbitmq-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-container-puppet.yaml index 69b48902d0..60cf3b6d76 100644 --- a/deployment/rabbitmq/rabbitmq-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-container-puppet.yaml @@ -101,6 +101,11 @@ parameters: default: '' description: Override the private key size used when creating the certificate for this service + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. RabbitmqEnableManagementAccess: type: boolean default: false @@ -166,7 +171,13 @@ outputs: LC_ALL: 'en_US.UTF-8' NODE_PORT: '' NODE_IP_ADDRESS: '' - RABBITMQ_NODENAME: "rabbit@%{::hostname}" + RABBITMQ_NODENAME: + str_replace: + template: + "rabbit@%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + RABBITMQ_USE_LONGNAME: 'true' RABBITMQ_CTL_DIST_PORT_MIN: '25673' RABBITMQ_CTL_DIST_PORT_MAX: '25683' 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" @@ -199,6 +210,8 @@ outputs: rabbitmq::ssl_port: 5672 rabbitmq::ssl_depth: 1 rabbitmq::ssl_only: {get_param: EnableInternalTLS} + rabbitmq::ssl_cacert: {get_param: InternalTLSCAFile} + rabbitmq::ssl_management_cacert: {get_param: InternalTLSCAFile} rabbitmq::ssl_interface: str_replace: template: