fa4135ad6e
Set up TLS1.2 as recommended in https://www.rabbitmq.com/ssl.html Change-Id: I634ffe7ed47b8670bd2aad029dac1313cebd2961
67 lines
2.1 KiB
Django/Jinja
67 lines
2.1 KiB
Django/Jinja
[
|
|
{ rabbit, [
|
|
{ loopback_users, [] },
|
|
{% for key, value in rabbitmq_port_bindings.items() %}
|
|
{ {{ key }}, [
|
|
{% for _key, _value in value.items() %}
|
|
{ "{{ _key }}", {{ _value | int }} }{% if not loop.last -%},{%- endif %}
|
|
|
|
{% endfor %}
|
|
]
|
|
},
|
|
{% endfor %}
|
|
{ collect_statistics_interval, {{ rabbitmq_collect_statistics_interval }} },
|
|
{ ssl_options, [
|
|
{ certfile, "{{ rabbitmq_ssl_cert }}" },
|
|
{ keyfile, "{{ rabbitmq_ssl_key }}" },
|
|
{ honor_cipher_order, true},
|
|
{ honor_ecc_order, true},
|
|
{% if "tlsv1.3" not in rabbitmq_ssl_tls_versions %}
|
|
{ client_renegotiation, {{ rabbitmq_ssl_client_renegotiation | lower }} },
|
|
{ secure_renegotiate, {{ rabbitmq_ssl_secure_renegotiate | lower }} },
|
|
{% endif %}
|
|
{% if rabbitmq_user_ssl_ca_cert is defined -%}
|
|
{ cacertfile, "{{ rabbitmq_ssl_ca_cert }}" },
|
|
{% endif %}
|
|
{ versions, [
|
|
{% for version in rabbitmq_ssl_tls_versions %}
|
|
'{{ version }}'{% if not loop.last -%},{%- endif %}
|
|
|
|
{% endfor %}
|
|
]
|
|
},
|
|
{% if rabbitmq_ssl_ciphers | length > 0 %}
|
|
{ ciphers, [
|
|
{% for cipher in rabbitmq_ssl_ciphers %}
|
|
"{{ cipher }}"{% if not loop.last -%},{%- endif %}
|
|
|
|
{% endfor %}
|
|
]
|
|
},
|
|
{% endif %}
|
|
{ verify, {{ rabbitmq_ssl_verify | lower }} },
|
|
{ fail_if_no_peer_cert, {{ rabbitmq_ssl_fail_if_no_peer_cert | lower }} }
|
|
]
|
|
},
|
|
{ vm_memory_high_watermark, {{ rabbitmq_memory_high_watermark }} }
|
|
{%- if rabbitmq_cluster_partition_handling != 'ignore' -%}
|
|
,
|
|
{ cluster_partition_handling, {{ rabbitmq_cluster_partition_handling }} }
|
|
{%- endif -%}
|
|
{%- if rabbitmq_hipe_compile | bool -%}
|
|
,
|
|
{ hipe_compile, true }
|
|
{% endif %}
|
|
]
|
|
},
|
|
{ rabbitmq_management, [
|
|
{ rates_mode, {{ rabbitmq_management_rates_mode }} },
|
|
{ listener, [{ip, "{{ rabbitmq_management_bind_address }}" }]}
|
|
]
|
|
},
|
|
{kernel, [
|
|
{inet_dist_use_interface, { {{ rabbitmq_management_bind_address|replace('.',',') }} } }
|
|
]},
|
|
{mnesia, [{dump_log_write_threshold, {{ mnesia_dump_log_write_threshold }} }]}
|
|
].
|