From 7f5a21f16b254ab3906b22b58db9e0db3f0bcb6a Mon Sep 17 00:00:00 2001 From: Mike Dorman Date: Fri, 8 Aug 2014 10:45:32 -0600 Subject: [PATCH] Support for configuring the rabbitmq_management web UI When rabbitmq::admin_enable => true, then also configure RabbitMQ to enable the rabbitmq_management web UI, running on rabbitmq::management_port. Or, if ssl => true, then configure it as an SSL listener on rabbitmq::ssl_management_port. Also added a ssl_port parameter which defines the SSL port for RabbitMQ service itself. Previously, the rabbitmq::ssl_management_port parameter was used for the RabbitMQ service SSL bind port. So this potentially breaks people who are currently using this module to configure RabbitMQ for SSL on a non-standard port. (They need to use the ssl_port parmeter now, instead of ssl_management_port.) Not exactly sure the best way to approach a solution to that. --- manifests/config.pp | 3 ++ manifests/init.pp | 3 +- manifests/params.pp | 3 +- spec/classes/rabbitmq_spec.rb | 84 ++++++++++++++++++++++++++++++++++- templates/rabbitmq.config.erb | 17 ++++++- 5 files changed, 106 insertions(+), 4 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 8894280f6..c59f00d04 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,5 +1,6 @@ class rabbitmq::config { + $admin_enable = $rabbitmq::admin_enable $cluster_disk_nodes = $rabbitmq::cluster_disk_nodes $cluster_node_type = $rabbitmq::cluster_node_type $cluster_nodes = $rabbitmq::cluster_nodes @@ -12,6 +13,7 @@ $env_config = $rabbitmq::env_config $env_config_path = $rabbitmq::env_config_path $erlang_cookie = $rabbitmq::erlang_cookie + $management_port = $rabbitmq::management_port $node_ip_address = $rabbitmq::node_ip_address $plugin_dir = $rabbitmq::plugin_dir $port = $rabbitmq::port @@ -21,6 +23,7 @@ $ssl_cacert = $rabbitmq::ssl_cacert $ssl_cert = $rabbitmq::ssl_cert $ssl_key = $rabbitmq::ssl_key + $ssl_port = $rabbitmq::ssl_port $ssl_management_port = $rabbitmq::ssl_management_port $ssl_stomp_port = $rabbitmq::ssl_stomp_port $ssl_verify = $rabbitmq::ssl_verify diff --git a/manifests/init.pp b/manifests/init.pp index ab9fd0278..bad060622 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -33,6 +33,7 @@ $ssl_cacert = $rabbitmq::params::ssl_cacert, $ssl_cert = $rabbitmq::params::ssl_cert, $ssl_key = $rabbitmq::params::ssl_key, + $ssl_port = $rabbitmq::params::ssl_port, $ssl_management_port = $rabbitmq::params::ssl_management_port, $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port, $ssl_verify = $rabbitmq::params::ssl_verify, @@ -91,7 +92,7 @@ validate_string($ssl_cacert) validate_string($ssl_cert) validate_string($ssl_key) - validate_string($ssl_management_port) + validate_re($ssl_port, '\d+') validate_re($ssl_management_port, '\d+') validate_string($ssl_stomp_port) validate_re($ssl_stomp_port, '\d+') diff --git a/manifests/params.pp b/manifests/params.pp index 2592aca32..81aac5483 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -77,7 +77,8 @@ $ssl_cacert = 'UNSET' $ssl_cert = 'UNSET' $ssl_key = 'UNSET' - $ssl_management_port = '5671' + $ssl_port = '5671' + $ssl_management_port = '15671' $ssl_stomp_port = '6164' $ssl_verify = 'verify_none' $ssl_fail_if_no_peer_cert = 'false' diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index 4761063b6..10d70fa99 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -325,7 +325,7 @@ describe 'ssl options' do let(:params) { { :ssl => true, - :ssl_management_port => 3141, + :ssl_port => 3141, :ssl_cacert => '/path/to/cacert', :ssl_cert => '/path/to/cert', :ssl_key => '/path/to/key' @@ -362,6 +362,88 @@ end end + describe 'ssl admin options' do + let(:params) { + { :ssl => true, + :ssl_management_port => 3141, + :ssl_cacert => '/path/to/cacert', + :ssl_cert => '/path/to/cert', + :ssl_key => '/path/to/key', + :admin_enable => true + } } + + it 'should set rabbitmq_management ssl options to specified values' do + contain_file('rabbitmq.config').with({ + 'content' => %r|\{rabbitmq_management, \[.* + \{listener, \[.* + \{port, 3141\},.* + \{ssl, true\},.* + \{ssl_opts, \[\{cacertfile, "/path/to/cacert"\},.* + \{certfile, "/path/to/cert"\},.* + \{keyfile, "/path/to/key"\}\]\}.* + \]\}|, + }) + end + end + + describe 'admin without ssl' do + let(:params) { + { :ssl => false, + :management_port => 3141, + :admin_enable => true + } } + + it 'should set rabbitmq_management options to specified values' do + contain_file('rabbitmq.config').with({ + 'content' => /\{rabbitmq_management, \[.* + \{listener, \[.* + \{port, 3141\},.* + \]\}/, + }) + end + end + + describe 'ssl admin options' do + let(:params) { + { :ssl => true, + :ssl_management_port => 3141, + :ssl_cacert => '/path/to/cacert', + :ssl_cert => '/path/to/cert', + :ssl_key => '/path/to/key', + :admin_enable => true + } } + + it 'should set rabbitmq_management ssl options to specified values' do + contain_file('rabbitmq.config').with({ + 'content' => %r|\{rabbitmq_management, \[.* + \{listener, \[.* + \{port, 3141\},.* + \{ssl, true\},.* + \{ssl_opts, \[\{cacertfile, "/path/to/cacert"\},.* + \{certfile, "/path/to/cert"\},.* + \{keyfile, "/path/to/key"\}\]\}.* + \]\}|, + }) + end + end + + describe 'admin without ssl' do + let(:params) { + { :ssl => false, + :management_port => 3141, + :admin_enable => true + } } + + it 'should set rabbitmq_management options to specified values' do + contain_file('rabbitmq.config').with({ + 'content' => /\{rabbitmq_management, \[.* + \{listener, \[.* + \{port, 3141\},.* + \]\}/, + }) + end + end + describe 'config_variables options' do let(:params) {{ :config_variables => { 'hipe_compile' => true, diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 2d7f81bf2..45e63c36b 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -13,7 +13,7 @@ {tcp_listeners, []}, <%- end -%> <%- if @ssl -%> - {ssl_listeners, [<%= @ssl_management_port %>]}, + {ssl_listeners, [<%= @ssl_port %>]}, {ssl_options, [{cacertfile,"<%= @ssl_cacert %>"}, {certfile,"<%= @ssl_cert %>"}, {keyfile,"<%= @ssl_key %>"}, @@ -32,6 +32,21 @@ <%= @config_kernel_variables.sort.map{|k,v| "{#{k}, #{v}}"}.join(",\n ") %> ]} <%- end -%> +<%- if @admin_enable -%>, + {rabbitmq_management, [ + {listener, [ +<%- if @ssl -%> + {port, <%= @ssl_management_port %>}, + {ssl, true}, + {ssl_opts, [{cacertfile, "<%= @ssl_cacert %>"}, + {certfile, "<%= @ssl_cert %>"}, + {keyfile, "<%= @ssl_key %>"}]} +<%- else -%> + {port, <%= @management_port %>} +<%- end -%> + ]} + ]} +<%- end -%> <% if @config_stomp -%>, % Configure the Stomp Plugin listening port {rabbitmq_stomp, [