From c6a33bd8fb022efc67e6ad51de0bcf592869baf7 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Aug 02 2018 20:43:17 +0000
Subject: Build combined config


Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

---

diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index 3cc93e9..7e61299 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -23,9 +23,15 @@
   - rabbitmq_cluster
   - config
 
+- name: create node cert directory
+  file: path=/etc/rabbitmq/nodecert/ owner=root group=root mode=0644 state=directory
+  tags:
+  - rabbitmq_cluster
+  - config
+
 - name: deploy node certificate
   copy: src="{{private}}/files/rabbitmq/{{env}}/pki/issued/{{inventory_hostname}}.crt"
-        dest=/etc/rabbitmq/node.crt
+        dest=/etc/rabbitmq/nodecert/node.crt
         owner=root group=root mode=0644
   tags:
   - rabbitmq_cluster
@@ -33,12 +39,19 @@
 
 - name: deploy node private key
   copy: src="{{private}}/files/rabbitmq/{{env}}/pki/private/{{inventory_hostname}}.key"
-        dest=/etc/rabbitmq/node.key
+        dest=/etc/rabbitmq/nodecert/node.key
         owner=rabbitmq group=rabbitmq mode=0600
   tags:
   - rabbitmq_cluster
   - config
 
+- name: build combined node key
+  assemble: src=/etc/rabbitmq/nodecert/ dest=/etc/rabbitmq/nodecert.combined.pem
+            owner=rabbitmq group=rabbitmq mode=0600
+  tags:
+  - rabbitmq_cluster
+  - config
+
 - name: enable plugins
   copy: src=enabled_plugins dest=/etc/rabbitmq/enabled_plugins owner=root group=root mode=0644
   with_items:
diff --git a/roles/rabbitmq_cluster/templates/rabbitmq-env.conf b/roles/rabbitmq_cluster/templates/rabbitmq-env.conf
index e69de29..d72bbcf 100644
--- a/roles/rabbitmq_cluster/templates/rabbitmq-env.conf
+++ b/roles/rabbitmq_cluster/templates/rabbitmq-env.conf
@@ -0,0 +1,11 @@
+ERL_SSL_PATH="/usr/lib64/erlang/lib/ssl-7.3.3.2/ebin"
+
+SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH \
+-proto_dist inet_tls \
+-ssl_dist_opt server_certfile /etc/rabbitmq/node.combined.pem \
+-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
+
+CTL_ERL_ARGS="-pa $ERL_SSL_PATH \
+-proto_dist inet_tls \
+-ssl_dist_opt server_certfile /etc/rabbitmq/node.combined.pem \
+-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"