def config_changed(): unison.ensure_user(user=rabbit.SSH_USER, group='rabbit') ensure_unison_rabbit_permissions() if utils.config_get('management_plugin') is True: rabbit.enable_plugin(MAN_PLUGIN) utils.open_port(55672) else: # rabbit.disable_plugin(MAN_PLUGIN) utils.close_port(55672) if utils.config_get('ssl_enabled') is True: ssl_key = utils.config_get('ssl_key') ssl_cert = utils.config_get('ssl_cert') ssl_port = utils.config_get('ssl_port') if None in [ssl_key, ssl_cert, ssl_port]: utils.juju_log('ERROR', 'Please provide ssl_key, ssl_cert and ssl_port' ' config when enabling SSL support') sys.exit(1) else: rabbit.enable_ssl(ssl_key, ssl_cert, ssl_port) utils.open_port(ssl_port) else: if os.path.exists(rabbit.RABBITMQ_CONF): os.remove(rabbit.RABBITMQ_CONF) utils.close_port(utils.config_get('ssl_port')) if cluster.eligible_leader('res_rabbitmq_vip'): utils.restart('rabbitmq-server') update_nrpe_checks()
def config_changed(): unison.ensure_user(user=rabbit.SSH_USER, group='rabbit') ensure_unison_rabbit_permissions() if utils.config_get('management_plugin') is True: rabbit.enable_plugin(MAN_PLUGIN) utils.open_port(55672) else: # rabbit.disable_plugin(MAN_PLUGIN) utils.close_port(55672) if utils.config_get('ssl_enabled') is True: ssl_key = utils.config_get('ssl_key') ssl_cert = utils.config_get('ssl_cert') ssl_port = utils.config_get('ssl_port') if None in [ssl_key, ssl_cert, ssl_port]: utils.juju_log( 'ERROR', 'Please provide ssl_key, ssl_cert and ssl_port' ' config when enabling SSL support') sys.exit(1) else: rabbit.enable_ssl(ssl_key, ssl_cert, ssl_port) utils.open_port(ssl_port) else: if os.path.exists(rabbit.RABBITMQ_CONF): os.remove(rabbit.RABBITMQ_CONF) utils.close_port(utils.config_get('ssl_port')) if cluster.eligible_leader('res_rabbitmq_vip'): utils.restart('rabbitmq-server') update_nrpe_checks()
def configure_rabbit_ssl(): """ The legacy config support adds some additional complications. ssl_enabled = True, ssl = off -> ssl enabled ssl_enabled = False, ssl = on -> ssl enabled """ ssl_mode, external_ca = _get_ssl_mode() if ssl_mode == 'off': if os.path.exists(rabbit.RABBITMQ_CONF): os.remove(rabbit.RABBITMQ_CONF) close_port(config('ssl_port')) reconfigure_client_ssl() return ssl_key = _convert_from_base64(config('ssl_key')) ssl_cert = _convert_from_base64(config('ssl_cert')) ssl_ca = _convert_from_base64(config('ssl_ca')) ssl_port = config('ssl_port') # If external managed certs then we need all the fields. if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and not all((ssl_key, ssl_cert))): log('If ssl_key or ssl_cert are specified both are required.', level=ERROR) sys.exit(1) if not external_ca: ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() rabbit.enable_ssl( ssl_key, ssl_cert, ssl_port, ssl_ca, ssl_only=(ssl_mode == "only"), ssl_client=False) reconfigure_client_ssl(True) open_port(ssl_port)