def config_changed():
unison.ensure_user(user=rabbit.SSH_USER, group='rabbit')
ensure_unison_rabbit_permissions()
if utils.config_get('management_plugin') is True:
rabbit.enable_plugin(MAN_PLUGIN)
utils.open_port(55672)
else:
# rabbit.disable_plugin(MAN_PLUGIN)
utils.close_port(55672)
if utils.config_get('ssl_enabled') is True:
ssl_key = utils.config_get('ssl_key')
ssl_cert = utils.config_get('ssl_cert')
ssl_port = utils.config_get('ssl_port')
if None in [ssl_key, ssl_cert, ssl_port]:
utils.juju_log('ERROR',
'Please provide ssl_key, ssl_cert and ssl_port'
' config when enabling SSL support')
sys.exit(1)
else:
rabbit.enable_ssl(ssl_key, ssl_cert, ssl_port)
utils.open_port(ssl_port)
else:
if os.path.exists(rabbit.RABBITMQ_CONF):
os.remove(rabbit.RABBITMQ_CONF)
utils.close_port(utils.config_get('ssl_port'))
if cluster.eligible_leader('res_rabbitmq_vip'):
utils.restart('rabbitmq-server')
update_nrpe_checks()
def config_changed():
unison.ensure_user(user=rabbit.SSH_USER, group='rabbit')
ensure_unison_rabbit_permissions()
if utils.config_get('management_plugin') is True:
rabbit.enable_plugin(MAN_PLUGIN)
utils.open_port(55672)
else:
# rabbit.disable_plugin(MAN_PLUGIN)
utils.close_port(55672)
if utils.config_get('ssl_enabled') is True:
ssl_key = utils.config_get('ssl_key')
ssl_cert = utils.config_get('ssl_cert')
ssl_port = utils.config_get('ssl_port')
if None in [ssl_key, ssl_cert, ssl_port]:
utils.juju_log(
'ERROR', 'Please provide ssl_key, ssl_cert and ssl_port'
' config when enabling SSL support')
sys.exit(1)
else:
rabbit.enable_ssl(ssl_key, ssl_cert, ssl_port)
utils.open_port(ssl_port)
else:
if os.path.exists(rabbit.RABBITMQ_CONF):
os.remove(rabbit.RABBITMQ_CONF)
utils.close_port(utils.config_get('ssl_port'))
if cluster.eligible_leader('res_rabbitmq_vip'):
utils.restart('rabbitmq-server')
update_nrpe_checks()
def configure_rabbit_ssl():
"""
The legacy config support adds some additional complications.
ssl_enabled = True, ssl = off -> ssl enabled
ssl_enabled = False, ssl = on -> ssl enabled
"""
ssl_mode, external_ca = _get_ssl_mode()
if ssl_mode == 'off':
if os.path.exists(rabbit.RABBITMQ_CONF):
os.remove(rabbit.RABBITMQ_CONF)
close_port(config('ssl_port'))
reconfigure_client_ssl()
return
ssl_key = _convert_from_base64(config('ssl_key'))
ssl_cert = _convert_from_base64(config('ssl_cert'))
ssl_ca = _convert_from_base64(config('ssl_ca'))
ssl_port = config('ssl_port')
# If external managed certs then we need all the fields.
if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and
not all((ssl_key, ssl_cert))):
log('If ssl_key or ssl_cert are specified both are required.',
level=ERROR)
sys.exit(1)
if not external_ca:
ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert()
rabbit.enable_ssl(
ssl_key, ssl_cert, ssl_port, ssl_ca,
ssl_only=(ssl_mode == "only"), ssl_client=False)
reconfigure_client_ssl(True)
open_port(ssl_port)
