Merge pull request #15 from gaetanfl/add_ssl_support

add ssl listener support
author: Larry Smith Jr <mrlesmithjr@gmail.com> 2018-07-17 01:10:17 -0400
committer: GitHub <noreply@github.com> 2018-07-17 01:10:17 -0400
commit: b8231cc868d4e2cfa1a1ae0612509585136cc8ca (patch)
tree: 919b7614c1ceef0e748c31a8c9bb0f95c56996f4
parent: f0d4a36933db49494d544dc7c801fc5beb8b584d (diff)
parent: 567573e86ad7a28961dd9e4086b3f1226c9ed0b0 (diff)
download: ansible-rabbitmq-b8231cc868d4e2cfa1a1ae0612509585136cc8ca.tar.gz
ansible-rabbitmq-b8231cc868d4e2cfa1a1ae0612509585136cc8ca.tar.zst
ansible-rabbitmq-b8231cc868d4e2cfa1a1ae0612509585136cc8ca.zip
2 files changed, 29 insertions, 1 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index 90d7fb5..2c51370 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -26,6 +26,18 @@ rabbitmq_listeners: []
  # - '127.0.0.1'
  # - '::1'
+rabbitmq_ssl_enable: false
+rabbitmq_ssl_port: 5671
+rabbitmq_ssl_listeners: []
+  # - '127.0.0.1'
+  # - '::1'
+rabitmq_ssl_options: {}
+  # cacertfile: '"/path/to/testca/cacert.pem"'
+  # certfile: '"/path/to/server/cert.pem"'
+  # keyfile: '"/path/to/server/key.pem"'
+  # verify: verify_peer
+  # fail_if_no_peer_cert: "false"
 # Defines the inventory host that should be considered master
 rabbitmq_master: []
diff --git a/templates/etc/rabbitmq/rabbitmq.config.j2 b/templates/etc/rabbitmq/rabbitmq.config.j2
index 97ae132..c2d836a 100644
--- a/templates/etc/rabbitmq/rabbitmq.config.j2
+++ b/templates/etc/rabbitmq/rabbitmq.config.j2
@@ -1,9 +1,25 @@
 [
 {rabbit, [
-{% if rabbitmq_listeners is not defined %}
+{% if rabbitmq_listeners is not defined or (rabbitmq_listeners | length) == 0 %}
   {tcp_listeners, [{{ rabbitmq_listen_port }}]}
 {% elif rabbitmq_listeners is defined %}
   {tcp_listeners, [{% for item in rabbitmq_listeners %}{"{{ item }}", {{ rabbitmq_listen_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]}
 {% endif %}
+{% if rabbitmq_ssl_enable %}
+   ,
+   {num_ssl_acceptors, 10},
+{% if rabbitmq_ssl_listeners is not defined or (rabbitmq_ssl_listeners | length) == 0 %}
+   {ssl_listeners, [{{ rabbitmq_ssl_port }}]},
+{% elif rabbitmq_listeners is defined %}
+   {tcp_listeners, [{% for item in rabbitmq_ssl_listeners %}{"{{ item }}", {{ rabbitmq_ssl_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]},
+{% endif %}
+{% if rabbitmq_ssl_options is defined and (rabbitmq_ssl_options | length ) > 0 %}
+   {ssl_options, [
+{% for key in rabbitmq_ssl_options %}
+        { {{ key }}, {{ rabbitmq_ssl_options[key] }}}{% if not loop.last %}, {% endif %}
+{% endfor %}
+   ]}
+{% endif %}
+{% endif %}
  ]}
 ].
author	Larry Smith Jr <mrlesmithjr@gmail.com>	2018-07-17 01:10:17 -0400
committer	GitHub <noreply@github.com>	2018-07-17 01:10:17 -0400
commit	b8231cc868d4e2cfa1a1ae0612509585136cc8ca (patch)
tree	919b7614c1ceef0e748c31a8c9bb0f95c56996f4
parent	f0d4a36933db49494d544dc7c801fc5beb8b584d (diff)
parent	567573e86ad7a28961dd9e4086b3f1226c9ed0b0 (diff)
download	ansible-rabbitmq-b8231cc868d4e2cfa1a1ae0612509585136cc8ca.tar.gz ansible-rabbitmq-b8231cc868d4e2cfa1a1ae0612509585136cc8ca.tar.zst ansible-rabbitmq-b8231cc868d4e2cfa1a1ae0612509585136cc8ca.zip

diff --git a/defaults/main.yml b/defaults/main.yml index 90d7fb5..2c51370 100644 --- a/defaults/main.yml +++ b/defaults/main.yml
@@ -26,6 +26,18 @@ rabbitmq_listeners: []
26	# - '127.0.0.1'	26	# - '127.0.0.1'
27	# - '::1'	27	# - '::1'
28		28
		29	rabbitmq_ssl_enable: false
		30	rabbitmq_ssl_port: 5671
		31	rabbitmq_ssl_listeners: []
		32	# - '127.0.0.1'
		33	# - '::1'
		34	rabitmq_ssl_options: {}
		35	# cacertfile: '"/path/to/testca/cacert.pem"'
		36	# certfile: '"/path/to/server/cert.pem"'
		37	# keyfile: '"/path/to/server/key.pem"'
		38	# verify: verify_peer
		39	# fail_if_no_peer_cert: "false"
		40
29	# Defines the inventory host that should be considered master	41	# Defines the inventory host that should be considered master
30	rabbitmq_master: []	42	rabbitmq_master: []
31		43


diff --git a/templates/etc/rabbitmq/rabbitmq.config.j2 b/templates/etc/rabbitmq/rabbitmq.config.j2 index 97ae132..c2d836a 100644 --- a/templates/etc/rabbitmq/rabbitmq.config.j2 +++ b/templates/etc/rabbitmq/rabbitmq.config.j2
@@ -1,9 +1,25 @@
1	[	1	[
2	{rabbit, [	2	{rabbit, [
3	{% if rabbitmq_listeners is not defined %}	3	{% if rabbitmq_listeners is not defined or (rabbitmq_listeners \| length) == 0 %}
4	{tcp_listeners, [{{ rabbitmq_listen_port }}]}	4	{tcp_listeners, [{{ rabbitmq_listen_port }}]}
5	{% elif rabbitmq_listeners is defined %}	5	{% elif rabbitmq_listeners is defined %}
6	{tcp_listeners, [{% for item in rabbitmq_listeners %}{"{{ item }}", {{ rabbitmq_listen_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]}	6	{tcp_listeners, [{% for item in rabbitmq_listeners %}{"{{ item }}", {{ rabbitmq_listen_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]}
7	{% endif %}	7	{% endif %}
		8	{% if rabbitmq_ssl_enable %}
		9	,
		10	{num_ssl_acceptors, 10},
		11	{% if rabbitmq_ssl_listeners is not defined or (rabbitmq_ssl_listeners \| length) == 0 %}
		12	{ssl_listeners, [{{ rabbitmq_ssl_port }}]},
		13	{% elif rabbitmq_listeners is defined %}
		14	{tcp_listeners, [{% for item in rabbitmq_ssl_listeners %}{"{{ item }}", {{ rabbitmq_ssl_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]},
		15	{% endif %}
		16	{% if rabbitmq_ssl_options is defined and (rabbitmq_ssl_options \| length ) > 0 %}
		17	{ssl_options, [
		18	{% for key in rabbitmq_ssl_options %}
		19	{ {{ key }}, {{ rabbitmq_ssl_options[key] }}}{% if not loop.last %}, {% endif %}
		20	{% endfor %}
		21	]}
		22	{% endif %}
		23	{% endif %}
8	]}	24	]}
9	].	25	].