Add more flexibility for SSL certificate support.

Author: Guillaume Dedrie

README.md

@@ -69,9 +69,9 @@ RABBITMQ_ROCKS="correct"
 
 |Name|Type|Description|Default|
 |----|----|-----------|-------|
-`rabbitmq_cacert`|String|Name of the CA certificate file. Will be prefixed by `rabbitmq_` and postfixed by `.pem`|`cacert`
-`rabbitmq_server_key`|String|Name of the SSL key file. Will be prefixed by `rabbitmq_` and postfixed by `.pem`|`server_key`
-`rabbitmq_server_cert`|String|Name of the SSL certificate file. Will be prefixed by `rabbitmq_` and postfixed by `.pem`|`server_cert`
+`rabbitmq_cacert`|String|Path of the CA certificate file.|`files/rabbitmq_cacert.pem`
+`rabbitmq_server_key`|String|Path of the SSL key file.|`files/rabbitmq_server_key.pem`
+`rabbitmq_server_cert`|String|Path of the SSL certificate file.|`files/rabbitmq_server_cert.pem`
 `rabbitmq_ssl`|Boolean|Define if we need to use SSL|`true`
 
 ### Default configuration file
@@ -159,12 +159,20 @@ rabbitmq_policy_configuration:
 
 ## Files required
 
-You have to put the needed certificates in your `files/` folder:
+You have to put the needed certificates in your `files/` folder, for example:
 
     files/
-     |- rabbitmq_{{ rabbitmq_cacert }}.pem
-     |- rabbitmq_{{ rabbitmq_server_key }}.pem
-     |- rabbitmq_{{ rabbitmq_server_cert }}.pem
+     |- cacert.crt
+     |- myserver_key.key
+     |- myserver_cert.crt
+
+And then configure the role:
+
+```yaml
+    rabbitmq_cacert: files/cacert.crt
+    rabbitmq_server_key: files/myserver_key.key
+    rabbitmq_server_cert: files/myserver_cert.crt
+```
 
 ## Testing
 

defaults/main.yml

@@ -18,9 +18,9 @@ rabbitmq_users_definitions: []
 rabbitmq_federation: false
 
 # defaults file for rabbitmq
-rabbitmq_cacert     : "cacert"
-rabbitmq_server_key : "server_key"
-rabbitmq_server_cert: "server_cert"
+rabbitmq_cacert     : "files/rabbitmq_cacert.pem"
+rabbitmq_server_key : "files/rabbitmq_server_key.pem"
+rabbitmq_server_cert: "files/rabbitmq_server_cert.pem"
 rabbitmq_ssl        : true
 
 # ######################
@@ -34,9 +34,9 @@ rabbitmq_conf_tcp_listeners_port: 5672
 # rabbitmq SSL configuration
 rabbitmq_conf_ssl_listeners_address           : '0.0.0.0'
 rabbitmq_conf_ssl_listeners_port              : 5671
-rabbitmq_conf_ssl_options_cacertfile          : "/etc/rabbitmq/ssl/cacert.pem"
-rabbitmq_conf_ssl_options_certfile            : "/etc/rabbitmq/ssl/server_cert.pem"
-rabbitmq_conf_ssl_options_keyfile             : "/etc/rabbitmq/ssl/server_key.pem"
+rabbitmq_conf_ssl_options_cacertfile          : "/etc/rabbitmq/ssl/{{ rabbitmq_cacert | basename }}"
+rabbitmq_conf_ssl_options_certfile            : "/etc/rabbitmq/ssl/{{ rabbitmq_server_cert | basename }}"
+rabbitmq_conf_ssl_options_keyfile             : "/etc/rabbitmq/ssl/{{ rabbitmq_server_key | basename }}"
 rabbitmq_conf_ssl_options_fail_if_no_peer_cert: "true"
 
 rabbitmq_env: false

tasks/configuration.yml

@@ -10,16 +10,19 @@
 
 - name: copy the ssl certificates
   copy:
-    src="files/rabbitmq_{{ item }}.pem"
-    dest="/etc/rabbitmq/ssl/{{ item }}.pem"
+    src={{ item.src }}
+    dest={{ item.dest }}
     owner=rabbitmq
     group=rabbitmq
     mode=0640
     backup=yes
   with_items:
-    - "{{ rabbitmq_cacert }}"
-    - "{{ rabbitmq_server_key }}"
-    - "{{ rabbitmq_server_cert }}"
+    - src: "{{ rabbitmq_cacert }}"
+      dest: "{{ rabbitmq_conf_ssl_options_cacertfile }}"
+    - src: "{{ rabbitmq_server_key }}"
+      dest: "{{ rabbitmq_conf_ssl_options_keyfile }}"
+    - src: "{{ rabbitmq_server_cert }}"
+      dest: "{{ rabbitmq_conf_ssl_options_certfile }}"
   when: rabbitmq_ssl
 
 - name: generate the configuration of rabbitmq