Set ssl_verify to verify_peer with rabbitmq

With ssl_fail_if_no_peer_cert to true and ssl_verify as 'verify_none' i.e default it no longer works with EL9, so let's set both. Also as per doc[1] ssl_fail_if_no_peer_cert is used in conjuction with verify=verify_peer. [1] https://erlang.org/doc/man/ssl.html Change-Id: I4501db5c9d3d1e5155527d2a2dac7abd700ca6c8
2021-05-24 13:41:53 +05:30 · 2021-05-24 13:41:53 +05:30 · 0f9f5b3adc
commit 0f9f5b3adc
parent 4dd2a7d0b2
1 changed files with 1 additions and 1 deletions
--- a/packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp
+++ b/packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp
@ -35,7 +35,7 @@ define packstack::amqp::enable_rabbitmq {
      repos_ensure             => false,
      admin_enable             => false,
      loopback_users           => [],
-      # FIXME: it's ugly to not to require client certs
+      ssl_verify               => 'verify_peer',
      ssl_fail_if_no_peer_cert => true,
      config_ranch             => false,
      tcp_keepalive            => true,