Browse Source

Get rid of the global SSL switch

Change-Id: I5a61a0cdee17470ed8e505ac5c6f0c202dadd980
Proskurin Kirill 2 years ago
parent
commit
e3a06d2dd1
3 changed files with 6 additions and 6 deletions
  1. 1
    1
      service/files/rabbitmq-env.conf.j2
  2. 3
    3
      service/files/rabbitmq.config.j2
  3. 2
    2
      service/rabbitmq.yaml

+ 1
- 1
service/files/rabbitmq-env.conf.j2 View File

@@ -1,7 +1,7 @@
1 1
 NODENAME=rabbit@{{ network_topology["private"]["address"] }}
2 2
 USE_LONGNAME=true
3 3
 LOG_BASE=/var/log/ccp/rabbitmq
4
-{% if security.tls.enabled %}
4
+{% if rabbitmq.tls.enabled or etcd.tls.enabled %}
5 5
 ERL_SSL_PATH=`erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell`
6 6
 SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile /opt/ccp/etc/tls/rabbitmq.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile /opt/ccp/etc/tls/ca.pem"
7 7
 CTL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS"

+ 3
- 3
service/files/rabbitmq.config.j2 View File

@@ -1,7 +1,7 @@
1 1
 [
2 2
    {rabbit, [
3 3
       {dummy_param_without_comma, true}
4
-     {% if security.tls.enabled and rabbitmq.tls.enabled %}
4
+     {% if rabbitmq.tls.enabled %}
5 5
      ,{tcp_listeners, [] }
6 6
      ,{ssl_listeners, [
7 7
         {"0.0.0.0", {{ rabbitmq.port.cont }} }
@@ -16,7 +16,7 @@
16 16
      ,{loopback_users, []}
17 17
      ,{cluster_partition_handling, pause_minority}
18 18
      ,{queue_master_locator, <<"random">>}
19
-     {% if security.tls.enabled and rabbitmq.tls.enabled %}
19
+     {% if rabbitmq.tls.enabled %}
20 20
      ,{ssl_options, [{cacertfile,"/opt/ccp/etc/tls/ca.pem"},
21 21
                     {certfile,"/opt/ccp/etc/tls/rabbitmq_certificate.pem"},
22 22
                     {keyfile,"/opt/ccp/etc/tls/rabbitmq_server_key.pem"},
@@ -32,7 +32,7 @@
32 32
      ,{cluster_cleanup, true}
33 33
      ,{cleanup_warn_only, false}
34 34
      ,{etcd_ttl, 15}
35
-    {% if security.tls.enabled and etcd.tls.enabled %}
35
+    {% if etcd.tls.enabled %}
36 36
      ,{etcd_scheme, https}
37 37
     {% else %}
38 38
      ,{etcd_scheme, http}

+ 2
- 2
service/rabbitmq.yaml View File

@@ -32,7 +32,7 @@ service:
32 32
           - rabbitmq-readiness
33 33
           - rabbitmq-liveness
34 34
           - rabbitmq-check-helpers
35
-        # {% if security.tls.enabled %}
35
+        # {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
36 36
           - server_certificate
37 37
           - server_key
38 38
           - ca_certificate
@@ -67,7 +67,7 @@ files:
67 67
     path: /opt/ccp/bin/rabbitmq-check-helpers.sh
68 68
     content: rabbitmq-check-helpers.sh.j2
69 69
     perm: "644"
70
-# {% if security.tls.enabled %}
70
+# {% if rabbitmq.tls.enabled or etcd.tls.enabled %}
71 71
   server_certificate:
72 72
     path: /opt/ccp/etc/tls/rabbitmq_certificate.pem
73 73
     content: server.pem.j2

Loading…
Cancel
Save