Switch to rabbitmq fqdn hostnames and pass proper CA info
With this change we make sure that the 'RABBITMQ_NODENAME' is the fqdn
and that we use it when connecting to the node itself via rabbitmqctl.
We also make sure we set the CA to the one defined in the InternalTLSCAFile
template parameter.
Testing protocol is described in the parent change
("I4f853de3b532b3b5e71d29aa621a2925c3885393")
Related-Bug: #1946374
Depends-On: Ib0236f9c086d520d0a27e3aa8b41927bc7b50c26
Change-Id: I621557a037fbedc5c110f905dbe19290cc92b772
(cherry picked from commit b5ae7f8467
)
This commit is contained in:
parent
b0cb5d3983
commit
ff35897869
|
@ -101,6 +101,11 @@ parameters:
|
|||
default: ''
|
||||
description: Override the private key size used when creating the
|
||||
certificate for this service
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
RabbitmqEnableManagementAccess:
|
||||
type: boolean
|
||||
default: false
|
||||
|
@ -168,7 +173,13 @@ outputs:
|
|||
LC_ALL: 'en_US.UTF-8'
|
||||
NODE_PORT: ''
|
||||
NODE_IP_ADDRESS: ''
|
||||
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
|
||||
RABBITMQ_NODENAME:
|
||||
str_replace:
|
||||
template:
|
||||
"rabbit@%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
RABBITMQ_USE_LONGNAME: 'true'
|
||||
RABBITMQ_CTL_DIST_PORT_MIN: '25673'
|
||||
RABBITMQ_CTL_DIST_PORT_MAX: '25683'
|
||||
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
|
||||
|
@ -201,6 +212,8 @@ outputs:
|
|||
rabbitmq::ssl_port: 5672
|
||||
rabbitmq::ssl_depth: 1
|
||||
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
|
||||
rabbitmq::ssl_cacert: {get_param: InternalTLSCAFile}
|
||||
rabbitmq::ssl_management_cacert: {get_param: InternalTLSCAFile}
|
||||
rabbitmq::ssl_interface:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
Loading…
Reference in New Issue