Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / rabbitmq / 09e521878c091018c68dd1313af03398da7e4c10^! / . / README.rst
commit09e521878c091018c68dd1313af03398da7e4c10[log] [tgz]
authorKirill Bespalov <kbespalov@mirantis.com>Wed May 10 14:20:30 2017 +0300
committerKirill Bespalov <kbespalov@mirantis.com>Mon May 15 11:57:28 2017 +0300
tree2e7183dab23dedfc8e388492736ebbe2a8b9a3e2
parentb8318091f25d0215007d2f2614cb71a58952ec6b [diff] [blame]
TLS support for RabbitMQ

Change-Id: I02fffa2480c887eab6dcdb22aad5b4f0deb07139

diff --git a/README.rst b/README.rst
index 5aeb715..6a33d56 100644
--- a/README.rst
+++ b/README.rst

@@ -94,9 +94,69 @@
           password: 'password'
           policies:
           - name: HA
-            pattern: '^(?!amq\.).*' 
+            pattern: '^(?!amq\.).*'
             definition: '{"ha-mode": "all"}'
 
+
+
+Enable TLS support
+------------------
+
+The certs and private key passing:
+
+.. code-block:: yaml
+
+   rabbitmq:
+      server:
+        enabled: true
+        ...
+        ssl:
+          enabled: True
+
+          cacert_chain: |
+          -----BEGIN CERTIFICATE-----
+                    ...
+          -----END CERTIFICATE-------
+
+          key: |
+          -----BEGIN RSA PRIVATE KEY-----
+                    ...
+          -----END RSA PRIVATE KEY-------
+
+          cert: |
+          -----BEGIN CERTIFICATE-----
+                    ...
+          -----END CERTIFICATE-------
+
+
+Also you can pass them via specifing a name of ca authority at salt master:
+
+.. code-block:: yaml
+
+   rabbitmq:
+      server:
+        enabled: true
+        ...
+        ssl:
+          enabled: True
+          authority: CA_Authority_Name
+
+In this case keys and certs will be pulled from:
+
+`salt://pki/{{ authority }}/certs/{ rabbitmq.{cert|key} | ca.cert }`
+
+--
+
+Defaut port for TLS is **5671**:
+
+.. code-block:: yaml
+
+  rabbitmq:
+    server:
+      bind:
+        ssl:
+         port: 5671
+
 Usage
 =====
 
@@ -105,9 +165,9 @@
 .. code-block:: yaml
 
     > rabbitmqctl cluster_status
-    
+
     Cluster status of node 'rabbit@ctl-1' ...
-    [{nodes,[{disc,['rabbit@ctl-1','rabbit@ctl-2','rabbit@ctl-3']}]}, 
+    [{nodes,[{disc,['rabbit@ctl-1','rabbit@ctl-2','rabbit@ctl-3']}]},
      {running_nodes,['rabbit@ctl-3','rabbit@ctl-2','rabbit@ctl-1']},
      {partitions,[]}]
     ...done.