Parametrized management address and port, optional ssl
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index ef3ba8a..162b619 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
@@ -12,6 +12,10 @@
bind:
address: ${_param:cluster_local_address}
port: 5672
+ management:
+ bind:
+ address: ${_param:cluster_local_address}
+ port: 15672
plugins:
- amqp_client
- rabbitmq_management
diff --git a/metadata/service/server/local.yml b/metadata/service/server/local.yml
index 6e38732..eac1368 100644
--- a/metadata/service/server/local.yml
+++ b/metadata/service/server/local.yml
@@ -14,6 +14,10 @@
bind:
address: 127.0.0.1
port: 5672
+ management:
+ bind:
+ address: 127.0.0.1
+ port: 15672
plugins:
- amqp_client
- rabbitmq_management
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index 44cca88..8312696 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -14,6 +14,10 @@
bind:
address: 0.0.0.0
port: 5672
+ management:
+ bind:
+ address: 0.0.0.0
+ port: 15672
plugins:
- amqp_client
- rabbitmq_management
diff --git a/rabbitmq/files/rabbitmq.config b/rabbitmq/files/rabbitmq.config
index 9ede2f3..6531d30 100644
--- a/rabbitmq/files/rabbitmq.config
+++ b/rabbitmq/files/rabbitmq.config
@@ -20,7 +20,7 @@
{%- endif %}
{loopback_users, []},
{tcp_listeners, [{"{{ server.bind.address }}",{{ server.bind.port }}}]}
- {%- if server.ssl is defined %},
+ {%- if server.get('ssl', {}).get('enabled', False) %},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"{{ server.ssl.get('ca_file', '/etc/rabbitmq/ssl/cacert.pem') }}"},
{certfile,"{{ server.ssl.get('cert_file', '/etc/rabbitmq/ssl/cert.pem') }}"},
@@ -35,6 +35,24 @@
{% endif %}
]
}
+ {%- if 'rabbitmq_management' in server.plugins %},
+ {rabbitmq_management,
+ [{listener, [{port, {{ server.management.bind.port }} },
+ {ip, "{{ server.management.bind.address }}" }
+ {%- if server.management.get('ssl', {}).get('enabled', False) %},
+ {ssl,true},
+ {ssl_opts, [{cacertfile,"{{ server.management.ssl.get('ca_file', '/etc/rabbitmq/ssl/cacert.pem') }}"},
+ {certfile,"{{ server.management.ssl.get('cert_file', '/etc/rabbitmq/ssl/cert.pem') }}"},
+ {keyfile,"{{ server.management.ssl.get('key_file', '/etc/rabbitmq/ssl/key.pem') }}"},
+ {%- if server.ssl.ciphers is defined %}
+ {ciphers,[{% for ciph in server.ssl.ciphers %}{ {{ ciph }} }{% if not loop.last %},{% endif %}{% endfor %}]},
+ {%- endif %}
+ {versions, [{% if server.ssl.versions is defined %}{% for version in server.ssl.versions %}'{{ version }}'{% if not loop.last %},{% endif %}{% endfor %}{% else %}'tlsv1.2', 'tlsv1.1'{% endif %}]}]}
+ {%- endif %}
+ ]
+ }]
+ }
+ {%- endif %}
].
{#-
vim: syntax=jinja
diff --git a/rabbitmq/map.jinja b/rabbitmq/map.jinja
index 0d633c8..53a2125 100644
--- a/rabbitmq/map.jinja
+++ b/rabbitmq/map.jinja
@@ -11,6 +11,12 @@
'address': '0.0.0.0',
'port': '5672'
},
+ 'management': {
+ 'bind': {
+ 'address': '127.0.0.1',
+ 'port': '15672'
+ },
+ },
},
'Debian': {
'pkgs': ['rabbitmq-server'],
@@ -24,6 +30,12 @@
'address': '0.0.0.0',
'port': '5672'
},
+ 'management': {
+ 'bind': {
+ 'address': '127.0.0.1',
+ 'port': '15672'
+ },
+ },
},
'RedHat': {
'pkgs': ['rabbitmq-server'],
@@ -36,6 +48,12 @@
'address': '0.0.0.0',
'port': '5672'
},
+ 'management': {
+ 'bind': {
+ 'address': '127.0.0.1',
+ 'port': '15672'
+ },
+ },
},
}, merge=salt['pillar.get']('rabbitmq:server')) %}