Handle environment variables
Manage rabbitmq-env config file that overrides the
defaults built in to the RabbitMQ startup scripts.
Change-Id: I1524ef715600c7b350ad981b15de31d9583f8268
Closes-Bug: PROD-26132
diff --git a/README.rst b/README.rst
index 5cae8aa..ec00f5b 100644
--- a/README.rst
+++ b/README.rst
@@ -175,6 +175,26 @@
ssl:
port: 5671
+Manage environment variables
+----------------------------
+
+Create a config file with variable settings that override the defaults
+built in to the RabbitMQ startup scripts:
+
+.. code-block:: yaml
+
+ rabbitmq:
+ server:
+ enabled: true
+ ...
+ env_variables:
+ hostname: localhost
+ node_port: 5671
+ export:
+ home: /var/lib/rabbitmq
+ erl_inetrc: /etc/rabbitmq/inetrc
+
+
Usage
=====
diff --git a/rabbitmq/files/rabbitmq-env.conf b/rabbitmq/files/rabbitmq-env.conf
new file mode 100644
index 0000000..c4edc69
--- /dev/null
+++ b/rabbitmq/files/rabbitmq-env.conf
@@ -0,0 +1,13 @@
+{%- from "rabbitmq/map.jinja" import server with context %}
+{%- if server.ssl.enabled %}
+{%- include "rabbitmq/files/ssl/ssl_env.conf.j2" %}
+{%- endif %}
+{%- for opt, value in server.get('env_variables', {}).iteritems() %}
+{%- if value is mapping %}
+{%- for _opt, _value in value.iteritems() %}
+{{ opt ~ " %s=%s"|format(_opt|upper, _value) }}
+{%- endfor %}
+{%- else %}
+{{ "%s=%s"|format(opt|upper, value) }}
+{%- endif %}
+{%- endfor %}
diff --git a/rabbitmq/files/ssl/ssl_env.conf.j2 b/rabbitmq/files/ssl/ssl_env.conf.j2
index 2475655..c37d38b 100644
--- a/rabbitmq/files/ssl/ssl_env.conf.j2
+++ b/rabbitmq/files/ssl/ssl_env.conf.j2
@@ -3,5 +3,5 @@
ERL_SSL_PATH=`erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell`
# Add SSL-related environment vars for rabbitmq-server and rabbitmqctl
-SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile {{ all_file }} -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile {{ ca_file }}"
+SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile {{ server.ssl.all_file }} -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true server_cacertfile {{ server.ssl.ca_file }}"
CTL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS"
diff --git a/rabbitmq/server/service.sls b/rabbitmq/server/service.sls
index a871633..f96d5de 100644
--- a/rabbitmq/server/service.sls
+++ b/rabbitmq/server/service.sls
@@ -20,6 +20,15 @@
- require:
- pkg: rabbitmq_server
+rabbitmq_env:
+ file.managed:
+ - name: {{ server.env_file }}
+ - source: salt://rabbitmq/files/rabbitmq-env.conf
+ - template: jinja
+ - user: rabbitmq
+ - group: rabbitmq
+ - mode: 640
+
{%- if grains.os_family == 'Debian' %}
rabbitmq_default_config:
@@ -115,6 +124,7 @@
- name: {{ server.service }}
- watch:
- file: rabbitmq_config
+ - file: rabbitmq_env
{%- if grains.init == 'systemd' %}
- file: rabbitmq_limits_systemd
{%- endif %}
diff --git a/rabbitmq/server/ssl.sls b/rabbitmq/server/ssl.sls
index dcb8e85..fc2e1f9 100644
--- a/rabbitmq/server/ssl.sls
+++ b/rabbitmq/server/ssl.sls
@@ -105,17 +105,4 @@
- file: rabbitmq_server_key_exists
{%- endif %}
-rabbitmq_ssl_env:
- file.managed:
- - name: {{ server.env_file }}
- - source: salt://rabbitmq/files/ssl/ssl_env.conf.j2
- - template: jinja
- - user: root
- - group: rabbitmq
- - mode: 640
- - makedirs: true
- - context:
- all_file: {{ server.ssl.all_file }}
- ca_file: {{ server.ssl.ca_file }}
-
{%- endif %}
diff --git a/tests/pillar/rabbitmq_server.sls b/tests/pillar/rabbitmq_server.sls
index 98bf4b3..640a89c 100644
--- a/tests/pillar/rabbitmq_server.sls
+++ b/tests/pillar/rabbitmq_server.sls
@@ -24,3 +24,7 @@
plugins:
- amqp_client
- rabbitmq_management
+ env_variables:
+ hostname: localhost
+ export:
+ home: /var/lib/rabbitmq
diff --git a/tests/pillar/rabbitmq_ssl_server.sls b/tests/pillar/rabbitmq_ssl_server.sls
index d856272..62fd04d 100644
--- a/tests/pillar/rabbitmq_ssl_server.sls
+++ b/tests/pillar/rabbitmq_ssl_server.sls
@@ -150,3 +150,6 @@
plugins:
- amqp_client
- rabbitmq_management
+ env_variables:
+ hostname: localhost
+ node_port: 5672