Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / rabbitmq / b0cd0aee237093b1c68932fc02db6d0259a46590^! / . / README.rst
commitb0cd0aee237093b1c68932fc02db6d0259a46590[log] [tgz]
authorKirill Bespalov <kbespalov@mirantis.com>Tue May 30 17:45:13 2017 +0300
committerKirill Bespalov <kbespalov@mirantis.com>Tue Jul 11 12:35:06 2017 +0000
treede1367a339ed2e19ed1ca27832066d003d2617c0
parentdd918d3478e4bbbcc29d99bc4fc7ff92150570a2 [diff] [blame]
[ssl] allow to manage content of certs/keys files

Allow to use two ways of certs/keys files management:

1) via specifing a path of a file:

   ssl:
      key_file: /etc/rabbitmq/ssl/key.pem

2) via specifing a path and content of a file:

   ssl:
       key: text
       key_file: /etc/rabbitmq/ssl/key.pem

The files management via authority must be removed as an unused.

Change-Id: Icdc8783449cf8ac1283f107861564b6ad36230ec

diff --git a/README.rst b/README.rst
index 6a33d56..6a8a131 100644
--- a/README.rst
+++ b/README.rst

@@ -102,7 +102,21 @@
 Enable TLS support
 ------------------
 
-The certs and private key passing:
+To enable support of TLS for rabbitmq-server you need to provide a path to cacert, server cert and private key :
+
+.. code-block:: yaml
+
+   rabbitmq:
+      server:
+        enabled: true
+        ...
+        ssl:
+          enabled: True
+          key_file: /etc/rabbitmq/ssl/key.pem
+          cert_file: /etc/rabbitmq/ssl/cert.pem
+          ca_file: /etc/rabbitmq/ssl/ca.pem
+
+To manage content of these files you can either use the following options:
 
 .. code-block:: yaml
 
@@ -113,23 +127,27 @@
         ssl:
           enabled: True
 
-          cacert_chain: |
-          -----BEGIN CERTIFICATE-----
-                    ...
-          -----END CERTIFICATE-------
-
+          key_file: /etc/rabbitmq/ssl/key.pem
           key: |
           -----BEGIN RSA PRIVATE KEY-----
                     ...
           -----END RSA PRIVATE KEY-------
 
+          ca_file: /etc/rabbitmq/ssl/ca.pem
+          cacert_chain: |
+          -----BEGIN CERTIFICATE-----
+                    ...
+          -----END CERTIFICATE-------
+
+          cert_file: /etc/rabbitmq/ssl/cert.pem
           cert: |
           -----BEGIN CERTIFICATE-----
                     ...
           -----END CERTIFICATE-------
 
 
-Also you can pass them via specifing a name of ca authority at salt master:
+Or you can use the `salt.minion.cert` salt state which
+creates all required files according to defined reclass model [1]. In this case you need just to enable ssl and nothing more:
 
 .. code-block:: yaml
 
@@ -139,11 +157,6 @@
         ...
         ssl:
           enabled: True
-          authority: CA_Authority_Name
-
-In this case keys and certs will be pulled from:
-
-`salt://pki/{{ authority }}/certs/{ rabbitmq.{cert|key} | ca.cert }`
 
 --
 
@@ -157,6 +170,11 @@
         ssl:
          port: 5671
 
+
+1. https://github.com/Mirantis/reclass-system-salt-model/tree/master/salt/minion/cert/rabbitmq
+
+
+
 Usage
 =====