Feature Request for the RabbitMq pupept module
40 views
Skip to first unread message
Michele Catalano
Apr 17, 2015, 2:11:40 PM4/17/15
to puppet...@googlegroups.com
Hi,
we current use the rabbitmq module in a production environment and for our use case we need to disable explicit the ssl port for the management console but enable it for the RabbitMQ self.
This is needed because the web interfaces are using one SSL certificate that will only installed on the Nginx running on the load balancers. So the management interface don't know this SSL cert and it is also a different one than the cert that is used for the RabbitMQ self.
This is with the config file not really a problem but over the rabbitMQ puppet module not possible.
To solve this problem i add in a fork the new parameter no_ssl_management to disable the ssl only for management interface.
to give all the other user from the rabbitmq puppet module i wan't to setup a issue and a pull request with this new feature.
Some opposition against this feature?
Ciao
Michele
we current use the rabbitmq module in a production environment and for our use case we need to disable explicit the ssl port for the management console but enable it for the RabbitMQ self.
This is needed because the web interfaces are using one SSL certificate that will only installed on the Nginx running on the load balancers. So the management interface don't know this SSL cert and it is also a different one than the cert that is used for the RabbitMQ self.
This is with the config file not really a problem but over the rabbitMQ puppet module not possible.
To solve this problem i add in a fork the new parameter no_ssl_management to disable the ssl only for management interface.
to give all the other user from the rabbitmq puppet module i wan't to setup a issue and a pull request with this new feature.
Some opposition against this feature?
Ciao
Michele
Neil
Apr 18, 2015, 5:47:05 AM4/18/15
to PuppetList
Hello
My 5 cents....
I'd prefer the parameter to be management_ssl and the default to be true to maintain current behaviour
Why not use SSL (well tls) between load bal and rabbitmq
Thanks
Neil
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/22914846-9859-4fa2-a361-eee40660a8c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michele Catalano
Apr 19, 2015, 5:00:38 AM4/19/15
to puppet...@googlegroups.com
Hello,
i can change the parameter in this way is not a problem.
We use for every other web-application in our cluster in the internal network SSL/TLS so we don't see why i must do it for the rabbitmq managment in a different way only because the puppet module can not handle this configuration case. For this reason we create our own fork and branch to fix it.
And sometime i am really old in the mind... i don't like to spend energy to handshake, encrypt and decrypt if there is not necessary.
Ciao
Michele
i can change the parameter in this way is not a problem.
We use for every other web-application in our cluster in the internal network SSL/TLS so we don't see why i must do it for the rabbitmq managment in a different way only because the puppet module can not handle this configuration case. For this reason we create our own fork and branch to fix it.
And sometime i am really old in the mind... i don't like to spend energy to handshake, encrypt and decrypt if there is not necessary.
Ciao
Michele
Michele Catalano
Apr 19, 2015, 6:38:09 AM4/19/15
to puppet...@googlegroups.com
Short additinonal info. Here is our branch with the change:
https://github.com/mayflower/puppetlabs-rabbitmq/tree/disable_explicit_ssl_for_management
https://github.com/mayflower/puppetlabs-rabbitmq/tree/disable_explicit_ssl_for_management
Reply all
Reply to author
Forward
0 new messages