From 567573e86ad7a28961dd9e4086b3f1226c9ed0b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABtan=20Duchaussois?= Date: Wed, 11 Jul 2018 15:11:49 +0200 Subject: add ssl listener support --- defaults/main.yml | 12 ++++++++++++ templates/etc/rabbitmq/rabbitmq.config.j2 | 18 +++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 90d7fb5..2c51370 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -26,6 +26,18 @@ rabbitmq_listeners: [] # - '127.0.0.1' # - '::1' +rabbitmq_ssl_enable: false +rabbitmq_ssl_port: 5671 +rabbitmq_ssl_listeners: [] + # - '127.0.0.1' + # - '::1' +rabitmq_ssl_options: {} + # cacertfile: '"/path/to/testca/cacert.pem"' + # certfile: '"/path/to/server/cert.pem"' + # keyfile: '"/path/to/server/key.pem"' + # verify: verify_peer + # fail_if_no_peer_cert: "false" + # Defines the inventory host that should be considered master rabbitmq_master: [] diff --git a/templates/etc/rabbitmq/rabbitmq.config.j2 b/templates/etc/rabbitmq/rabbitmq.config.j2 index 97ae132..c2d836a 100644 --- a/templates/etc/rabbitmq/rabbitmq.config.j2 +++ b/templates/etc/rabbitmq/rabbitmq.config.j2 @@ -1,9 +1,25 @@ [ {rabbit, [ -{% if rabbitmq_listeners is not defined %} +{% if rabbitmq_listeners is not defined or (rabbitmq_listeners | length) == 0 %} {tcp_listeners, [{{ rabbitmq_listen_port }}]} {% elif rabbitmq_listeners is defined %} {tcp_listeners, [{% for item in rabbitmq_listeners %}{"{{ item }}", {{ rabbitmq_listen_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]} +{% endif %} +{% if rabbitmq_ssl_enable %} + , + {num_ssl_acceptors, 10}, +{% if rabbitmq_ssl_listeners is not defined or (rabbitmq_ssl_listeners | length) == 0 %} + {ssl_listeners, [{{ rabbitmq_ssl_port }}]}, +{% elif rabbitmq_listeners is defined %} + {tcp_listeners, [{% for item in rabbitmq_ssl_listeners %}{"{{ item }}", {{ rabbitmq_ssl_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]}, +{% endif %} +{% if rabbitmq_ssl_options is defined and (rabbitmq_ssl_options | length ) > 0 %} + {ssl_options, [ +{% for key in rabbitmq_ssl_options %} + { {{ key }}, {{ rabbitmq_ssl_options[key] }}}{% if not loop.last %}, {% endif %} +{% endfor %} + ]} +{% endif %} {% endif %} ]} ]. -- cgit v1.2.3