From 1e3986c4ba463550617427abc05b788216d28aae Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 14:32:34 -0700 Subject: [PATCH 01/11] Add ssl options for client renegotiation to rabbitmq-server --- REFERENCE.md | 8 ++++++ data/common.yaml | 1 + manifests/config.pp | 1 + manifests/init.pp | 3 +++ spec/classes/rabbitmq_spec.rb | 49 +++++++++++++++++++++++++++++++++++ templates/rabbitmq.config.erb | 3 +++ 6 files changed, 65 insertions(+) diff --git a/REFERENCE.md b/REFERENCE.md index 5415c0acc..c601f63ac 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -810,6 +810,14 @@ Reuse ssl sessions Default value: `true` +##### `ssl_client_renegotiation` + +Data type: `Boolean` + +Allow ssl client renegotiation + +Default value: `false` + ##### `ssl_secure_renegotiate` Data type: `Boolean` diff --git a/data/common.yaml b/data/common.yaml index f130e56a4..2ae52962a 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -61,6 +61,7 @@ rabbitmq::ssl_fail_if_no_peer_cert: false rabbitmq::ssl_management_verify: 'verify_none' rabbitmq::ssl_management_fail_if_no_peer_cert: false rabbitmq::ssl_versions: ~ +rabbitmq::ssl_client_renegotiation: false rabbitmq::ssl_secure_renegotiate: true rabbitmq::ssl_reuse_sessions: true rabbitmq::ssl_honor_cipher_order: true diff --git a/manifests/config.pp b/manifests/config.pp index a2f83a8aa..9300907b7 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -54,6 +54,7 @@ $ssl_stomp_port = $rabbitmq::ssl_stomp_port $ssl_verify = $rabbitmq::ssl_verify $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert + $ssl_client_renegotiation = $rabbitmq::ssl_client_renegotiation $ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate $ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions $ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order diff --git a/manifests/init.pp b/manifests/init.pp index 2fc033afb..95141fefe 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -267,6 +267,8 @@ # SSL port for RabbitMQ # @param ssl_reuse_sessions # Reuse ssl sessions +# @param ssl_client_renegotiation +# Allow ssl client renegotiation # @param ssl_secure_renegotiate # Use ssl secure renegotiate # @param ssl_stomp_port @@ -392,6 +394,7 @@ Enum['verify_none','verify_peer'] $ssl_management_verify = 'verify_none', Boolean $ssl_management_fail_if_no_peer_cert = false, Optional[Array] $ssl_versions = undef, + Boolean $ssl_client_renegotiation = false, Boolean $ssl_secure_renegotiate = true, Boolean $ssl_reuse_sessions = true, Boolean $ssl_honor_cipher_order = true, diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index 8d1711825..0339bb740 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -912,6 +912,7 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', + ssl_client_renegotiation: false, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -936,6 +937,9 @@ is_expected.to contain_file('rabbitmq.config').with_content( %r{keyfile,"/path/to/key"} ) + is_expected.to contain_file('rabbitmq.config').with_content( + %r{client_renegotiation,false} + ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} ) @@ -967,6 +971,7 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', + ssl_client_renegotiation: false, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -995,6 +1000,9 @@ is_expected.to contain_file('rabbitmq.config').with_content( %r{keyfile,"/path/to/key"} ) + is_expected.to contain_file('rabbitmq.config').with_content( + %r{client_renegotiation,false} + ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} ) @@ -1041,6 +1049,7 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', + ssl_client_renegotiation: false, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -1063,6 +1072,9 @@ is_expected.to contain_file('rabbitmq.config').with_content( %r{keyfile,"/path/to/key"} ) + is_expected.to contain_file('rabbitmq.config').with_content( + %r{client_renegotiation,false} + ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} ) @@ -1163,6 +1175,33 @@ end end + describe 'ssl options with ssl version tlsv1.3' do + let(:params) do + { ssl: true, + ssl_port: 3141, + ssl_cacert: '/path/to/cacert', + ssl_cert: '/path/to/cert', + ssl_key: '/path/to/key', + ssl_versions: ['tlsv1.3'] } + end + + it 'sets ssl options to specified values' do + is_expected.to contain_file('rabbitmq.config').with_content(%r{ssl_listeners, \[3141\]}) + is_expected.to contain_file('rabbitmq.config').with_content(%r{ssl_options, \[}) + is_expected.to contain_file('rabbitmq.config').with_content(%r{cacertfile,"/path/to/cacert"}) + is_expected.to contain_file('rabbitmq.config').with_content(%r{certfile,"/path/to/cert"}) + is_expected.to contain_file('rabbitmq.config').with_content(%r{keyfile,"/path/to/key}) + is_expected.to contain_file('rabbitmq.config').with_content(%r{ssl, \[\{versions, \['tlsv1.3'\]\}\]}) + is_expected.to contain_file('rabbitmq.config').with_content(%r{versions, \['tlsv1.3'\]}) + end + + it 'does not set ssl negoatiation options with tlsv1.3' do + is_expected.to contain_file('rabbitmq.config'). \ + without_content(%r{client_renegotiation}). \ + without_content(%r{secure_renegotiate}) + end + end + describe 'ssl options with ssl_versions and not ssl' do let(:params) do { ssl: false, @@ -1348,6 +1387,16 @@ it { is_expected.to contain_file('rabbitmq.config').without_content(%r{dhfile,}) } end + describe 'ssl with ssl_client_renegotiation true' do + let(:params) do + { ssl: true, + ssl_interface: '0.0.0.0', + ssl_client_renegotiation: true } + end + + it { is_expected.to contain_file('rabbitmq.config').with_content(%r{client_renegotiation,true}) } + end + describe 'ssl with ssl_secure_renegotiate false' do let(:params) do { ssl: true, diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 5ba4db2e3..505d2cb88 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -82,7 +82,10 @@ end <%- if @ssl_dhfile -%> {dhfile, "<%= @ssl_dhfile %>"}, <%- end -%> + <%- if @ssl_versions and !@ssl_versions.include?('tlsv1.3') -%> + {client_renegotiation,<%= @ssl_client_renegotiation %>}, {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, + <%- end -%> {reuse_sessions,<%= @ssl_reuse_sessions %>}, {honor_cipher_order,<%= @ssl_honor_cipher_order %>}, {verify,<%= @ssl_verify %>}, From 0059c418c5f75aaaa0b4b7468c61d0033cea5a3d Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 14:41:10 -0700 Subject: [PATCH 02/11] Use more existing ssl options on management plugin also --- spec/classes/rabbitmq_spec.rb | 2 +- templates/rabbitmq.config.erb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index 0339bb740..a4ad652e4 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -1195,7 +1195,7 @@ is_expected.to contain_file('rabbitmq.config').with_content(%r{versions, \['tlsv1.3'\]}) end - it 'does not set ssl negoatiation options with tlsv1.3' do + it 'does not set ssl negotiation options with tlsv1.3' do is_expected.to contain_file('rabbitmq.config'). \ without_content(%r{client_renegotiation}). \ without_content(%r{secure_renegotiate}) diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 505d2cb88..ef070885c 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -140,6 +140,12 @@ end <%- end -%> {certfile, "<%= @ssl_management_cert %>"}, {keyfile, "<%= @ssl_management_key %>"}, + <%- if @ssl_versions and !@ssl_versions.include?('tlsv1.3') -%> + {client_renegotiation,<%= @ssl_client_renegotiation %>}, + {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, + <%- end -%> + {reuse_sessions,<%= @ssl_reuse_sessions %>}, + {honor_cipher_order,<%= @ssl_honor_cipher_order %>}, {verify,<%= @ssl_management_verify %>}, {fail_if_no_peer_cert,<%= @ssl_management_fail_if_no_peer_cert %>} <%- if @ssl_versions -%> From c5c5c739fbe600785cabb8851775d8661c7b65af Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 15:43:03 -0700 Subject: [PATCH 03/11] Regenerate REFERENCE.md --- REFERENCE.md | 1035 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 624 insertions(+), 411 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index c601f63ac..5e706afb4 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,15 +1,16 @@ # Reference + ## Table of Contents -**Classes** +### Classes -_Public Classes_ +#### Public Classes * [`rabbitmq`](#rabbitmq): A module to manage RabbitMQ -_Private Classes_ +#### Private Classes * `rabbitmq::config`: Sets all the configuration values for RabbitMQ and creates the directories for config and ssl. * `rabbitmq::install`: Ensures that rabbitmq-server exists @@ -19,7 +20,7 @@ _Private Classes_ * `rabbitmq::repo::rhel`: Makes sure that the Packagecloud repo is installed * `rabbitmq::service`: This class manages the rabbitmq server service itself. -**Resource types** +### Resource types * [`rabbitmq_binding`](#rabbitmq_binding): Native type for managing rabbitmq bindings rabbitmq_binding { 'binding 1': ensure => present, source => 'myexchange' * [`rabbitmq_cluster`](#rabbitmq_cluster): Native type for managing rabbitmq cluster @@ -35,7 +36,7 @@ _Private Classes_ ## Classes -### rabbitmq +### `rabbitmq` A module to manage RabbitMQ @@ -174,36 +175,142 @@ class { 'rabbitmq': #### Parameters -The following parameters are available in the `rabbitmq` class. - -##### `admin_enable` +The following parameters are available in the `rabbitmq` class: + +* [`admin_enable`](#admin_enable) +* [`management_enable`](#management_enable) +* [`use_config_file_for_plugins`](#use_config_file_for_plugins) +* [`auth_backends`](#auth_backends) +* [`cluster`](#cluster) +* [`cluster_node_type`](#cluster_node_type) +* [`cluster_nodes`](#cluster_nodes) +* [`cluster_partition_handling`](#cluster_partition_handling) +* [`collect_statistics_interval`](#collect_statistics_interval) +* [`config`](#config) +* [`config_additional_variables`](#config_additional_variables) +* [`config_cluster`](#config_cluster) +* [`config_kernel_variables`](#config_kernel_variables) +* [`config_path`](#config_path) +* [`config_ranch`](#config_ranch) +* [`config_management_variables`](#config_management_variables) +* [`config_stomp`](#config_stomp) +* [`config_shovel`](#config_shovel) +* [`config_shovel_statics`](#config_shovel_statics) +* [`config_variables`](#config_variables) +* [`default_user`](#default_user) +* [`default_pass`](#default_pass) +* [`delete_guest_user`](#delete_guest_user) +* [`env_config`](#env_config) +* [`env_config_path`](#env_config_path) +* [`environment_variables`](#environment_variables) +* [`erlang_cookie`](#erlang_cookie) +* [`file_limit`](#file_limit) +* [`oom_score_adj`](#oom_score_adj) +* [`heartbeat`](#heartbeat) +* [`inetrc_config`](#inetrc_config) +* [`inetrc_config_path`](#inetrc_config_path) +* [`ipv6`](#ipv6) +* [`interface`](#interface) +* [`key_content`](#key_content) +* [`ldap_auth`](#ldap_auth) +* [`ldap_server`](#ldap_server) +* [`ldap_user_dn_pattern`](#ldap_user_dn_pattern) +* [`ldap_other_bind`](#ldap_other_bind) +* [`ldap_config_variables`](#ldap_config_variables) +* [`ldap_use_ssl`](#ldap_use_ssl) +* [`ldap_port`](#ldap_port) +* [`ldap_log`](#ldap_log) +* [`manage_python`](#manage_python) +* [`management_hostname`](#management_hostname) +* [`management_port`](#management_port) +* [`management_ip_address`](#management_ip_address) +* [`management_ssl`](#management_ssl) +* [`node_ip_address`](#node_ip_address) +* [`package_apt_pin`](#package_apt_pin) +* [`package_ensure`](#package_ensure) +* [`package_gpg_key`](#package_gpg_key) +* [`package_name`](#package_name) +* [`port`](#port) +* [`python_package`](#python_package) +* [`repos_ensure`](#repos_ensure) +* [`service_ensure`](#service_ensure) +* [`service_manage`](#service_manage) +* [`service_name`](#service_name) +* [`service_restart`](#service_restart) +* [`ssl`](#ssl) +* [`ssl_cacert`](#ssl_cacert) +* [`ssl_cert`](#ssl_cert) +* [`ssl_cert_password`](#ssl_cert_password) +* [`ssl_depth`](#ssl_depth) +* [`ssl_dhfile`](#ssl_dhfile) +* [`ssl_erl_dist`](#ssl_erl_dist) +* [`ssl_honor_cipher_order`](#ssl_honor_cipher_order) +* [`ssl_interface`](#ssl_interface) +* [`ssl_key`](#ssl_key) +* [`ssl_only`](#ssl_only) +* [`ssl_management_port`](#ssl_management_port) +* [`ssl_management_cacert`](#ssl_management_cacert) +* [`ssl_management_cert`](#ssl_management_cert) +* [`ssl_management_key`](#ssl_management_key) +* [`ssl_port`](#ssl_port) +* [`ssl_reuse_sessions`](#ssl_reuse_sessions) +* [`ssl_client_renegotiation`](#ssl_client_renegotiation) +* [`ssl_secure_renegotiate`](#ssl_secure_renegotiate) +* [`ssl_stomp_port`](#ssl_stomp_port) +* [`ssl_verify`](#ssl_verify) +* [`ssl_fail_if_no_peer_cert`](#ssl_fail_if_no_peer_cert) +* [`ssl_management_verify`](#ssl_management_verify) +* [`ssl_versions`](#ssl_versions) +* [`ssl_ciphers`](#ssl_ciphers) +* [`ssl_crl_check`](#ssl_crl_check) +* [`ssl_crl_cache_hash_dir`](#ssl_crl_cache_hash_dir) +* [`ssl_crl_cache_http_timeout`](#ssl_crl_cache_http_timeout) +* [`stomp_port`](#stomp_port) +* [`stomp_ssl_only`](#stomp_ssl_only) +* [`stomp_ensure`](#stomp_ensure) +* [`tcp_backlog`](#tcp_backlog) +* [`tcp_keepalive`](#tcp_keepalive) +* [`tcp_recbuf`](#tcp_recbuf) +* [`tcp_sndbuf`](#tcp_sndbuf) +* [`wipe_db_on_cookie_change`](#wipe_db_on_cookie_change) +* [`rabbitmq_user`](#rabbitmq_user) +* [`rabbitmq_group`](#rabbitmq_group) +* [`rabbitmq_home`](#rabbitmq_home) +* [`rabbitmqadmin_package`](#rabbitmqadmin_package) +* [`archive_options`](#archive_options) +* [`loopback_users`](#loopback_users) +* [`package_source`](#package_source) +* [`package_provider`](#package_provider) +* [`ssl_management_fail_if_no_peer_cert`](#ssl_management_fail_if_no_peer_cert) + +##### `admin_enable` Data type: `Boolean` If enabled sets up the management interface/plugin for RabbitMQ. This also install the rabbitmqadmin command line tool. -Default value: `true` +Default value: ``true`` -##### `management_enable` +##### `management_enable` Data type: `Boolean` If enabled sets up the management interface/plugin for RabbitMQ. NOTE: This does not install the rabbitmqadmin command line tool. -Default value: `false` +Default value: ``false`` -##### `use_config_file_for_plugins` +##### `use_config_file_for_plugins` Data type: `Boolean` If enabled the /etc/rabbitmq/enabled_plugins config file is created, replacing the use of the rabbitmqplugins provider to enable plugins. -Default value: `false` +Default value: ``false`` -##### `auth_backends` +##### `auth_backends` Data type: `Optional[Array]` @@ -211,185 +318,185 @@ An array specifying authorization/authentication backend to use. Single quotes s ex. `['{foo, baz}', 'baz']` Defaults to [rabbit_auth_backend_internal], and if using LDAP defaults to [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]. -Default value: `undef` +Default value: ``undef`` -##### `cluster` +##### `cluster` Data type: `Hash` Join cluster and change name of cluster. -Default value: $rabbitmq::cluster +Default value: `$rabbitmq::cluster` -##### `cluster_node_type` +##### `cluster_node_type` Data type: `Enum['ram', 'disc']` Choose between disc and ram nodes. -Default value: 'disc' +Default value: `'disc'` -##### `cluster_nodes` +##### `cluster_nodes` Data type: `Array` An array of nodes for clustering. -Default value: [] +Default value: `[]` -##### `cluster_partition_handling` +##### `cluster_partition_handling` Data type: `String` Value to set for `cluster_partition_handling` RabbitMQ configuration variable. -Default value: 'ignore' +Default value: `'ignore'` -##### `collect_statistics_interval` +##### `collect_statistics_interval` Data type: `Optional[Integer]` Set the collect_statistics_interval in rabbitmq.config -Default value: `undef` +Default value: ``undef`` -##### `config` +##### `config` Data type: `String` The file to use as the rabbitmq.config template. -Default value: 'rabbitmq/rabbitmq.config.erb' +Default value: `'rabbitmq/rabbitmq.config.erb'` -##### `config_additional_variables` +##### `config_additional_variables` Data type: `Hash` Additional config variables in rabbitmq.config -Default value: {} +Default value: `{}` -##### `config_cluster` +##### `config_cluster` Data type: `Boolean` Enable or disable clustering support. -Default value: `false` +Default value: ``false`` -##### `config_kernel_variables` +##### `config_kernel_variables` Data type: `Hash` Hash of Erlang kernel configuration variables to set (see [Variables Configurable in rabbitmq.config](#variables-configurable-in-rabbitmq.config)). -Default value: {} +Default value: `{}` -##### `config_path` +##### `config_path` Data type: `Stdlib::Absolutepath` The path to write the RabbitMQ configuration file to. -Default value: '/etc/rabbitmq/rabbitmq.config' +Default value: `'/etc/rabbitmq/rabbitmq.config'` -##### `config_ranch` +##### `config_ranch` Data type: `Boolean` When true, suppress config directives needed for older (<3.6) RabbitMQ versions. -Default value: `true` +Default value: ``true`` -##### `config_management_variables` +##### `config_management_variables` Data type: `Hash` Hash of configuration variables for the [Management Plugin](https://www.rabbitmq.com/management.html). -Default value: {} +Default value: `{}` -##### `config_stomp` +##### `config_stomp` Data type: `Boolean` Enable or disable stomp. -Default value: `false` +Default value: ``false`` -##### `config_shovel` +##### `config_shovel` Data type: `Boolean` Enable or disable shovel. -Default value: `false` +Default value: ``false`` -##### `config_shovel_statics` +##### `config_shovel_statics` Data type: `Hash` Hash of static shovel configurations -Default value: {} +Default value: `{}` -##### `config_variables` +##### `config_variables` Data type: `Hash` To set config variables in rabbitmq.config -Default value: {} +Default value: `{}` -##### `default_user` +##### `default_user` Data type: `String` Username to set for the `default_user` in rabbitmq.config. -Default value: 'guest' +Default value: `'guest'` -##### `default_pass` +##### `default_pass` Data type: `String` Password to set for the `default_user` in rabbitmq.config. -Default value: 'guest' +Default value: `'guest'` -##### `delete_guest_user` +##### `delete_guest_user` Data type: `Boolean` Controls whether default guest user is deleted. -Default value: `false` +Default value: ``false`` -##### `env_config` +##### `env_config` Data type: `String` The template file to use for rabbitmq_env.config. -Default value: 'rabbitmq/rabbitmq-env.conf.erb' +Default value: `'rabbitmq/rabbitmq-env.conf.erb'` -##### `env_config_path` +##### `env_config_path` Data type: `Stdlib::Absolutepath` The path to write the rabbitmq_env.config file to. -Default value: '/etc/rabbitmq/rabbitmq-env.conf' +Default value: `'/etc/rabbitmq/rabbitmq-env.conf'` -##### `environment_variables` +##### `environment_variables` Data type: `Hash` RabbitMQ Environment Variables in rabbitmq_env.config -Default value: { 'LC_ALL' => 'en_US.UTF-8' } +Default value: `{ 'LC_ALL' => 'en_US.UTF-8' }` -##### `erlang_cookie` +##### `erlang_cookie` Data type: `Optional[String]` @@ -397,206 +504,206 @@ The erlang cookie to use for clustering - must be the same between all nodes. Th set explicitly if using clustering. If you run Pacemaker and you don't want to use RabbitMQ buildin cluster, you can set config_cluster to 'False' and set 'erlang_cookie'. -Default value: `undef` +Default value: ``undef`` -##### `file_limit` +##### `file_limit` Data type: `Variant[Integer[-1],Enum['unlimited'],Pattern[/^(infinity|\d+(:(infinity|\d+))?)$/]]` Set rabbitmq file ulimit. Defaults to 16384. Only available on systems with `$::osfamily == 'Debian'` or `$::osfamily == 'RedHat'`. -Default value: 16384 +Default value: `16384` -##### `oom_score_adj` +##### `oom_score_adj` Data type: `Integer[-1000, 1000]` Set rabbitmq-server process OOM score. Defaults to 0. -Default value: 0 +Default value: `0` -##### `heartbeat` +##### `heartbeat` Data type: `Optional[Integer]` Set the heartbeat timeout interval, default is unset which uses the builtin server defaults of 60 seconds. Setting this -Default value: `undef` +Default value: ``undef`` -##### `inetrc_config` +##### `inetrc_config` Data type: `String` Template to use for the inetrc config -Default value: 'rabbitmq/inetrc.erb' +Default value: `'rabbitmq/inetrc.erb'` -##### `inetrc_config_path` +##### `inetrc_config_path` Data type: `Stdlib::Absolutepath` Path of the file to push the inetrc config to. -Default value: '/etc/rabbitmq/inetrc' +Default value: `'/etc/rabbitmq/inetrc'` -##### `ipv6` +##### `ipv6` Data type: `Boolean` Whether to listen on ipv6 -Default value: `false` +Default value: ``false`` -##### `interface` +##### `interface` Data type: `Optional[String]` Interface to bind to (sets tcp_listeners parameter). By default, bind to all interfaces to `0` will disable heartbeats. -Default value: `undef` +Default value: ``undef`` -##### `key_content` +##### `key_content` Data type: `Optional[String]` Uses content method for Debian OS family. Should be a template for apt::source class. Overrides `package_gpg_key` behavior, if enabled. Undefined by default. -Default value: `undef` +Default value: ``undef`` -##### `ldap_auth` +##### `ldap_auth` Data type: `Boolean` Set to true to enable LDAP auth. -Default value: `false` +Default value: ``false`` -##### `ldap_server` +##### `ldap_server` Data type: `Variant[String[1],Array[String[1]]]` LDAP server or servers to use for auth. -Default value: 'ldap' +Default value: `'ldap'` -##### `ldap_user_dn_pattern` +##### `ldap_user_dn_pattern` Data type: `Optional[String]` User DN pattern for LDAP auth. -Default value: `undef` +Default value: ``undef`` -##### `ldap_other_bind` +##### `ldap_other_bind` Data type: `String` How to bind to the LDAP server. Defaults to 'anon'. -Default value: 'anon' +Default value: `'anon'` -##### `ldap_config_variables` +##### `ldap_config_variables` Data type: `Hash` Hash of other LDAP config variables. -Default value: {} +Default value: `{}` -##### `ldap_use_ssl` +##### `ldap_use_ssl` Data type: `Boolean` Set to true to use SSL for the LDAP server. -Default value: `false` +Default value: ``false`` -##### `ldap_port` +##### `ldap_port` Data type: `Integer[1, 65535]` Numeric port for LDAP server. -Default value: 389 +Default value: `389` -##### `ldap_log` +##### `ldap_log` Data type: `Boolean` Set to true to log LDAP auth. -Default value: `false` +Default value: ``false`` -##### `manage_python` +##### `manage_python` Data type: `Boolean` If enabled, on platforms that don't provide a Python 2 package by default, ensure that the python package is installed (for rabbitmqadmin). This will only apply if `admin_enable` and `service_manage` are set. -Default value: `true` +Default value: ``true`` -##### `management_hostname` +##### `management_hostname` Data type: `Optional[String]` The hostname for the RabbitMQ management interface. -Default value: `undef` +Default value: ``undef`` -##### `management_port` +##### `management_port` Data type: `Integer[1, 65535]` The port for the RabbitMQ management interface. -Default value: 15672 +Default value: `15672` -##### `management_ip_address` +##### `management_ip_address` Data type: `Optional[String]` Allows you to set the IP for management interface to bind to separately. Set to 127.0.0.1 to bind to localhost only, or 0.0.0.0 to bind to all interfaces. -Default value: `undef` +Default value: ``undef`` -##### `management_ssl` +##### `management_ssl` Data type: `Boolean` Enable/Disable SSL for the management port. Has an effect only if ssl => true. -Default value: `true` +Default value: ``true`` -##### `node_ip_address` +##### `node_ip_address` Data type: `Optional[String]` Allows you to set the IP for RabbitMQ service to bind to. Set to 127.0.0.1 to bind to localhost only, or 0.0.0.0 to bind to all interfaces. -Default value: `undef` +Default value: ``undef`` -##### `package_apt_pin` +##### `package_apt_pin` Data type: `Optional[Variant[Numeric, String]]` Whether to pin the package to a particular source -Default value: `undef` +Default value: ``undef`` -##### `package_ensure` +##### `package_ensure` Data type: `String` Determines the ensure state of the package. Set to installed by default, but could be changed to latest. -Default value: 'installed' +Default value: `'installed'` -##### `package_gpg_key` +##### `package_gpg_key` Data type: `Optional[String]` @@ -604,33 +711,33 @@ RPM package GPG key to import. Uses source method. Should be a URL for Debian/Re RedHat OS family. Set to https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey for Debian/RedHat OS Family by default. Note, that `key_content`, if specified, would override this parameter for Debian OS family. -Default value: `undef` +Default value: ``undef`` -##### `package_name` +##### `package_name` Data type: `Variant[String, Array]` Name(s) of the package(s) to install -Default value: 'rabbitmq' +Default value: `'rabbitmq'` -##### `port` +##### `port` Data type: `Integer` The RabbitMQ port. -Default value: 5672 +Default value: `5672` -##### `python_package` +##### `python_package` Data type: `String` Name of the package required by rabbitmqadmin. -Default value: 'python' +Default value: `'python'` -##### `repos_ensure` +##### `repos_ensure` Data type: `Boolean` @@ -639,226 +746,226 @@ Defaults to false (use system packages). This does not ensure that soft dependen It also does not solve the erlang dependency. See https://www.rabbitmq.com/which-erlang.html for a good breakdown of the different ways of handling the erlang deps. See also https://github.com/voxpupuli/puppet-rabbitmq/issues/788 -Default value: `false` +Default value: ``false`` -##### `service_ensure` +##### `service_ensure` Data type: `Enum['running', 'stopped']` The state of the service. -Default value: 'running' +Default value: `'running'` -##### `service_manage` +##### `service_manage` Data type: `Boolean` Determines if the service is managed. -Default value: `true` +Default value: ``true`` -##### `service_name` +##### `service_name` Data type: `String` The name of the service to manage. -Default value: 'rabbitmq' +Default value: `'rabbitmq'` -##### `service_restart` +##### `service_restart` Data type: `Boolean` Default defined in param.pp. Whether to restart the service on config change. -Default value: `true` +Default value: ``true`` -##### `ssl` +##### `ssl` Data type: `Boolean` Configures the service for using SSL. -Default value: `false` +Default value: ``false`` -##### `ssl_cacert` +##### `ssl_cacert` Data type: `Optional[Stdlib::Absolutepath]` CA cert path to use for SSL. -Default value: `undef` +Default value: ``undef`` -##### `ssl_cert` +##### `ssl_cert` Data type: `Optional[Stdlib::Absolutepath]` Cert to use for SSL. -Default value: `undef` +Default value: ``undef`` -##### `ssl_cert_password` +##### `ssl_cert_password` Data type: `Optional[String]` Password used when generating CSR. -Default value: `undef` +Default value: ``undef`` -##### `ssl_depth` +##### `ssl_depth` Data type: `Optional[Integer]` SSL verification depth. -Default value: `undef` +Default value: ``undef`` -##### `ssl_dhfile` +##### `ssl_dhfile` Data type: `Optional[Stdlib::Absolutepath]` Use this dhparam file [example: generate with `openssl dhparam -out /etc/rabbitmq/ssl/dhparam.pem 2048` -Default value: `undef` +Default value: ``undef`` -##### `ssl_erl_dist` +##### `ssl_erl_dist` Data type: `Boolean` Whether to use the erlang package's SSL (relies on the ssl_erl_path fact) -Default value: `false` +Default value: ``false`` -##### `ssl_honor_cipher_order` +##### `ssl_honor_cipher_order` Data type: `Boolean` Force use of server cipher order -Default value: `true` +Default value: ``true`` -##### `ssl_interface` +##### `ssl_interface` Data type: `Optional[String]` Interface for SSL listener to bind to -Default value: `undef` +Default value: ``undef`` -##### `ssl_key` +##### `ssl_key` Data type: `Optional[Stdlib::Absolutepath]` Key to use for SSL. -Default value: `undef` +Default value: ``undef`` -##### `ssl_only` +##### `ssl_only` Data type: `Boolean` Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and port => undef -Default value: `false` +Default value: ``false`` -##### `ssl_management_port` +##### `ssl_management_port` Data type: `Integer[1, 65535]` SSL management port. -Default value: 15671 +Default value: `15671` -##### `ssl_management_cacert` +##### `ssl_management_cacert` Data type: `Optional[Stdlib::Absolutepath]` SSL management cacert. If unset set to ssl_cacert for backwards compatibility. -Default value: $ssl_cacert +Default value: `$ssl_cacert` -##### `ssl_management_cert` +##### `ssl_management_cert` Data type: `Optional[Stdlib::Absolutepath]` SSL management cert. If unset set to ssl_cert for backwards compatibility. -Default value: $ssl_cert +Default value: `$ssl_cert` -##### `ssl_management_key` +##### `ssl_management_key` Data type: `Optional[Stdlib::Absolutepath]` SSL management key. If unset set to ssl_key for backwards compatibility. -Default value: $ssl_key +Default value: `$ssl_key` -##### `ssl_port` +##### `ssl_port` Data type: `Integer[1, 65535]` SSL port for RabbitMQ -Default value: 5671 +Default value: `5671` -##### `ssl_reuse_sessions` +##### `ssl_reuse_sessions` Data type: `Boolean` Reuse ssl sessions -Default value: `true` +Default value: ``true`` -##### `ssl_client_renegotiation` +##### `ssl_client_renegotiation` Data type: `Boolean` Allow ssl client renegotiation -Default value: `false` +Default value: ``false`` -##### `ssl_secure_renegotiate` +##### `ssl_secure_renegotiate` Data type: `Boolean` Use ssl secure renegotiate -Default value: `true` +Default value: ``true`` -##### `ssl_stomp_port` +##### `ssl_stomp_port` Data type: `Integer[1, 65535]` SSL stomp port. -Default value: 6164 +Default value: `6164` -##### `ssl_verify` +##### `ssl_verify` Data type: `Enum['verify_none','verify_peer']` rabbitmq.config SSL verify setting. -Default value: 'verify_none' +Default value: `'verify_none'` -##### `ssl_fail_if_no_peer_cert` +##### `ssl_fail_if_no_peer_cert` Data type: `Boolean` rabbitmq.config `fail_if_no_peer_cert` setting. -Default value: `false` +Default value: ``false`` -##### `ssl_management_verify` +##### `ssl_management_verify` Data type: `Enum['verify_none','verify_peer']` rabbitmq.config SSL verify setting for rabbitmq_management. -Default value: 'verify_none' +Default value: `'verify_none'` -##### `ssl_versions` +##### `ssl_versions` Data type: `Optional[Array]` @@ -867,9 +974,9 @@ that it is recommended to disable `sslv3 and `tlsv1` to prevent against POODLE and BEAST attacks. Please see the [RabbitMQ SSL](https://www.rabbitmq.com/ssl.html) documentation for more information. -Default value: `undef` +Default value: ``undef`` -##### `ssl_ciphers` +##### `ssl_ciphers` Data type: `Array` @@ -879,174 +986,174 @@ Functionality can be tested with cipherscan or similar tool: https://github.com/ * Erlang style: `['ecdhe_rsa,aes_256_cbc,sha', 'dhe_rsa,aes_256_cbc,sha']` * OpenSSL style: `['ECDHE-RSA-AES256-SHA', 'DHE-RSA-AES256-SHA']` -Default value: [] +Default value: `[]` -##### `ssl_crl_check` +##### `ssl_crl_check` Data type: `Enum['true','false','peer','best_effort']` Perform CRL (Certificate Revocation List) verification Please see the [Erlang SSL](https://erlang.org/doc/man/ssl.html#type-crl_check) module documentation for more information. -Default value: 'false' +Default value: `'false'` -##### `ssl_crl_cache_hash_dir` +##### `ssl_crl_cache_hash_dir` Data type: `Optional[Stdlib::Absolutepath]` This setting makes use of a directory where CRLs are stored in files named by the hash of the issuer name. Please see the [Erlang SSL](https://erlang.org/doc/man/ssl.html#type-crl_cache_opts) module documentation for more information. -Default value: `undef` +Default value: ``undef`` -##### `ssl_crl_cache_http_timeout` +##### `ssl_crl_cache_http_timeout` Data type: `Optional[Integer]` This setting enables use of internal CRLs cache and sets HTTP timeout interval on fetching CRLs from distributino URLs defined inside certificate. Please see the [Erlang SSL](https://erlang.org/doc/man/ssl.html#type-crl_cache_opts) module documentation for more information. -Default value: `undef` +Default value: ``undef`` -##### `stomp_port` +##### `stomp_port` Data type: `Integer[1, 65535]` The port to use for Stomp. -Default value: 6163 +Default value: `6163` -##### `stomp_ssl_only` +##### `stomp_ssl_only` Data type: `Boolean` Configures STOMP to only use SSL. No cleartext STOMP TCP listeners will be created. Requires setting ssl_stomp_port also. -Default value: `false` +Default value: ``false`` -##### `stomp_ensure` +##### `stomp_ensure` Data type: `Boolean` Enable to install the stomp plugin. -Default value: `false` +Default value: ``false`` -##### `tcp_backlog` +##### `tcp_backlog` Data type: `Integer` The size of the backlog on TCP connections. -Default value: 128 +Default value: `128` -##### `tcp_keepalive` +##### `tcp_keepalive` Data type: `Boolean` Enable TCP connection keepalive for RabbitMQ service. -Default value: `false` +Default value: ``false`` -##### `tcp_recbuf` +##### `tcp_recbuf` Data type: `Optional[Integer]` Corresponds to recbuf in RabbitMQ `tcp_listen_options` -Default value: `undef` +Default value: ``undef`` -##### `tcp_sndbuf` +##### `tcp_sndbuf` Data type: `Optional[Integer]` Integer, corresponds to sndbuf in RabbitMQ `tcp_listen_options` -Default value: `undef` +Default value: ``undef`` -##### `wipe_db_on_cookie_change` +##### `wipe_db_on_cookie_change` Data type: `Boolean` Boolean to determine if we should DESTROY AND DELETE the RabbitMQ database. -Default value: `false` +Default value: ``false`` -##### `rabbitmq_user` +##### `rabbitmq_user` Data type: `String` OS dependent The system user the rabbitmq daemon runs as. -Default value: 'rabbitmq' +Default value: `'rabbitmq'` -##### `rabbitmq_group` +##### `rabbitmq_group` Data type: `String` OS dependent The system group the rabbitmq daemon runs as. -Default value: 'rabbitmq' +Default value: `'rabbitmq'` -##### `rabbitmq_home` +##### `rabbitmq_home` Data type: `Stdlib::Absolutepath` OS dependent The home directory of the rabbitmq deamon. -Default value: '/var/lib/rabbitmq' +Default value: `'/var/lib/rabbitmq'` -##### `rabbitmqadmin_package` +##### `rabbitmqadmin_package` Data type: `Optional[String]` OS dependent If undef: install rabbitmqadmin via archive, otherwise via package -Default value: `undef` +Default value: ``undef`` -##### `archive_options` +##### `archive_options` Data type: `Array` Extra options to Archive resource to download rabbitmqadmin file -Default value: [] +Default value: `[]` -##### `loopback_users` +##### `loopback_users` Data type: `Array` This option configures a list of users to allow access via the loopback interfaces -Default value: ['guest'] +Default value: `['guest']` -##### `package_source` +##### `package_source` Data type: `Optional[String]` -Default value: `undef` +Default value: ``undef`` -##### `package_provider` +##### `package_provider` Data type: `Optional[String]` -Default value: `undef` +Default value: ``undef`` -##### `ssl_management_fail_if_no_peer_cert` +##### `ssl_management_fail_if_no_peer_cert` Data type: `Boolean` -Default value: `false` +Default value: ``false`` ## Resource types -### rabbitmq_binding +### `rabbitmq_binding` Native type for managing rabbitmq bindings @@ -1099,89 +1206,99 @@ rabbitmq_binding { 'myexchange@myqueue@myvhost': The following properties are available in the `rabbitmq_binding` type. -##### `ensure` - -Valid values: present, absent +##### `arguments` -The basic property that the resource should be in. +binding arguments -Default value: present +Default value: `{}` -##### `source` +##### `destination` -Valid values: %r{^\S+$} +Valid values: `%r{^\S+$}` namevar -source of binding - -##### `destination` +destination of binding -Valid values: %r{^\S+$} +##### `destination_type` -namevar +Valid values: `%r{queue|exchange}` -destination of binding +binding destination_type -##### `vhost` +Default value: `queue` -Valid values: %r{^\S+$} +##### `ensure` -namevar +Valid values: `present`, `absent` -vhost +The basic property that the resource should be in. -Default value: / +Default value: `present` ##### `routing_key` -Valid values: %r{^\S*$} +Valid values: `%r{^\S*$}` namevar binding routing_key -##### `destination_type` +##### `source` -Valid values: %r{queue|exchange} +Valid values: `%r{^\S+$}` -binding destination_type +namevar -Default value: queue +source of binding -##### `arguments` +##### `vhost` -binding arguments +Valid values: `%r{^\S+$}` + +namevar + +vhost -Default value: {} +Default value: `/` #### Parameters The following parameters are available in the `rabbitmq_binding` type. -##### `name` +* [`name`](#name) +* [`password`](#password) +* [`provider`](#provider) +* [`user`](#user) + +##### `name` namevar resource name, either source@destination@vhost or arbitrary name with params -##### `user` +##### `password` -Valid values: %r{^\S+$} +Valid values: `%r{\S+}` -The user to use to connect to rabbitmq +The password to use to connect to rabbitmq -Default value: guest +Default value: `guest` -##### `password` +##### `provider` -Valid values: %r{\S+} +The specific backend to use for this `rabbitmq_binding` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -The password to use to connect to rabbitmq +##### `user` + +Valid values: `%r{^\S+$}` -Default value: guest +The user to use to connect to rabbitmq + +Default value: `guest` -### rabbitmq_cluster +### `rabbitmq_cluster` Native type for managing rabbitmq cluster @@ -1211,35 +1328,45 @@ The following properties are available in the `rabbitmq_cluster` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `rabbitmq_cluster` type. -##### `name` +* [`init_node`](#init_node) +* [`name`](#name) +* [`node_disc_type`](#node_disc_type) +* [`provider`](#provider) + +##### `init_node` + +Name of which cluster node to join. + +##### `name` namevar The cluster name -##### `init_node` +##### `node_disc_type` -Name of which cluster node to join. +Valid values: `%r{disc|ram}` -##### `node_disc_type` +Storage type of node, default disc. -Valid values: %r{disc|ram} +Default value: `disc` -Storage type of node, default disc. +##### `provider` -Default value: disc +The specific backend to use for this `rabbitmq_cluster` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -### rabbitmq_erlang_cookie +### `rabbitmq_erlang_cookie` Type to manage the rabbitmq erlang cookie securely @@ -1257,7 +1384,7 @@ The following properties are available in the `rabbitmq_erlang_cookie` type. ##### `content` -Valid values: %r{^\S+$} +Valid values: `%r{^\S+$}` Content of cookie @@ -1265,43 +1392,50 @@ Content of cookie The following parameters are available in the `rabbitmq_erlang_cookie` type. -##### `path` - - - -##### `force` +* [`force`](#force) +* [`path`](#path) +* [`provider`](#provider) +* [`rabbitmq_group`](#rabbitmq_group) +* [`rabbitmq_home`](#rabbitmq_home) +* [`rabbitmq_user`](#rabbitmq_user) +* [`service_name`](#service_name) -Valid values: `true`, `false` +##### `force` +Valid values: ``true``, ``false`` -Default value: `false` +Default value: ``false`` -##### `rabbitmq_user` +##### `path` +##### `provider` -Default value: rabbitmq +The specific backend to use for this `rabbitmq_erlang_cookie` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. -##### `rabbitmq_group` +##### `rabbitmq_group` +Default value: `rabbitmq` -Default value: rabbitmq +##### `rabbitmq_home` -##### `rabbitmq_home` +Default value: `/var/lib/rabbitmq` +##### `rabbitmq_user` -Default value: /var/lib/rabbitmq -##### `service_name` +Default value: `rabbitmq` -Valid values: %r{^\S+$} +##### `service_name` +Valid values: `%r{^\S+$}` -### rabbitmq_exchange +### `rabbitmq_exchange` Native type for managing rabbitmq exchanges @@ -1330,77 +1464,92 @@ The following properties are available in the `rabbitmq_exchange` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `rabbitmq_exchange` type. -##### `name` +* [`arguments`](#arguments) +* [`auto_delete`](#auto_delete) +* [`durable`](#durable) +* [`internal`](#internal) +* [`name`](#name) +* [`password`](#password) +* [`provider`](#provider) +* [`type`](#type) +* [`user`](#user) -Valid values: %r{^\S*@\S+$} +##### `arguments` -namevar +Exchange arguments example: {"hash-header": "message-distribution-hash"} -Name of exchange +Default value: `{}` -##### `type` +##### `auto_delete` -Valid values: %r{^\S+$} +Valid values: `%r{^\S+$}` -Exchange type to be set *on creation* +Exchange auto delete option to be set *on creation* -##### `durable` +Default value: ``false`` -Valid values: %r{^\S+$} +##### `durable` + +Valid values: `%r{^\S+$}` Exchange durability to be set *on creation* -Default value: `false` +Default value: ``false`` -##### `auto_delete` +##### `internal` -Valid values: %r{^\S+$} +Valid values: `%r{^\S+$}` -Exchange auto delete option to be set *on creation* +Exchange internal option to be set *on creation* -Default value: `false` +Default value: ``false`` -##### `internal` +##### `name` -Valid values: %r{^\S+$} +Valid values: `%r{^\S*@\S+$}` -Exchange internal option to be set *on creation* +namevar -Default value: `false` +Name of exchange -##### `arguments` +##### `password` -Exchange arguments example: {"hash-header": "message-distribution-hash"} +Valid values: `%r{\S+}` + +The password to use to connect to rabbitmq -Default value: {} +Default value: `guest` -##### `user` +##### `provider` -Valid values: %r{^\S+$} +The specific backend to use for this `rabbitmq_exchange` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -The user to use to connect to rabbitmq +##### `type` -Default value: guest +Valid values: `%r{^\S+$}` -##### `password` +Exchange type to be set *on creation* -Valid values: %r{\S+} +##### `user` -The password to use to connect to rabbitmq +Valid values: `%r{^\S+$}` -Default value: guest +The user to use to connect to rabbitmq -### rabbitmq_parameter +Default value: `guest` + +### `rabbitmq_parameter` Type for managing rabbitmq parameters @@ -1443,17 +1592,17 @@ rabbitmq_parameter { 'documentumShovelNoMunging@/': The following properties are available in the `rabbitmq_parameter` type. -##### `ensure` +##### `component_name` -Valid values: present, absent +The component_name to use when setting parameter, eg: shovel or federation -The basic property that the resource should be in. +##### `ensure` -Default value: present +Valid values: `present`, `absent` -##### `component_name` +The basic property that the resource should be in. -The component_name to use when setting parameter, eg: shovel or federation +Default value: `present` ##### `value` @@ -1463,23 +1612,32 @@ A hash of values to use with the component name you are setting The following parameters are available in the `rabbitmq_parameter` type. -##### `name` +* [`autoconvert`](#autoconvert) +* [`name`](#name) +* [`provider`](#provider) -Valid values: %r{^\S+@\S+$} +##### `autoconvert` -namevar +Valid values: ``true``, ``false`` -combination of name@vhost to set parameter for +whether numeric strings from `value` should be converted to int automatically -##### `autoconvert` +Default value: ``true`` -Valid values: `true`, `false` +##### `name` -whether numeric strings from `value` should be converted to int automatically +Valid values: `%r{^\S+@\S+$}` + +namevar + +combination of name@vhost to set parameter for + +##### `provider` -Default value: `true` +The specific backend to use for this `rabbitmq_parameter` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -### rabbitmq_plugin +### `rabbitmq_plugin` manages rabbitmq plugins @@ -1514,39 +1672,49 @@ The following properties are available in the `rabbitmq_plugin` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `rabbitmq_plugin` type. -##### `name` +* [`mode`](#mode) +* [`name`](#name) +* [`provider`](#provider) +* [`umask`](#umask) -Valid values: %r{^\S+$} +##### `mode` -namevar +Valid values: `online`, `offline`, `best` -The name of the plugin to enable +Define how the plugin should be enabled regarding node status. -##### `mode` +Default value: `best` -Valid values: online, offline, best +##### `name` -Define how the plugin should be enabled regarding node status. +Valid values: `%r{^\S+$}` + +namevar -Default value: best +The name of the plugin to enable + +##### `provider` + +The specific backend to use for this `rabbitmq_plugin` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -##### `umask` +##### `umask` Sets the octal umask to be used while creating this resource -Default value: 0022 +Default value: `0022` -### rabbitmq_policy +### `rabbitmq_policy` Type for managing rabbitmq policies @@ -1570,51 +1738,59 @@ rabbitmq_policy { 'ha-all@myvhost': The following properties are available in the `rabbitmq_policy` type. -##### `ensure` +##### `applyto` -Valid values: present, absent +Valid values: `all`, `exchanges`, `queues` -The basic property that the resource should be in. +policy apply to -Default value: present +Default value: `all` -##### `pattern` +##### `definition` -policy pattern +policy definition -##### `applyto` +##### `ensure` -Valid values: all, exchanges, queues +Valid values: `present`, `absent` -policy apply to +The basic property that the resource should be in. -Default value: all +Default value: `present` -##### `definition` +##### `pattern` -policy definition +policy pattern ##### `priority` -Valid values: %r{^\d+$} +Valid values: `%r{^\d+$}` policy priority -Default value: 0 +Default value: `0` #### Parameters The following parameters are available in the `rabbitmq_policy` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) + +##### `name` -Valid values: %r{^\S+@\S+$} +Valid values: `%r{^\S+@\S+$}` namevar combination of policy@vhost to create policy for -### rabbitmq_queue +##### `provider` + +The specific backend to use for this `rabbitmq_policy` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. + +### `rabbitmq_queue` Native type for managing rabbitmq queue @@ -1642,63 +1818,76 @@ The following properties are available in the `rabbitmq_queue` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `rabbitmq_queue` type. -##### `name` +* [`arguments`](#arguments) +* [`auto_delete`](#auto_delete) +* [`durable`](#durable) +* [`name`](#name) +* [`password`](#password) +* [`provider`](#provider) +* [`user`](#user) -Valid values: %r{^\S*@\S+$} +##### `arguments` -namevar +Queue arguments example: {x-message-ttl => 60, x-expires => 10} -Name of queue +Default value: `{}` -##### `durable` +##### `auto_delete` -Valid values: %r{true|false} +Valid values: `%r{true|false}` -Queue is durable +Queue will be auto deleted -Default value: `true` +Default value: ``false`` -##### `auto_delete` +##### `durable` -Valid values: %r{true|false} +Valid values: `%r{true|false}` -Queue will be auto deleted +Queue is durable -Default value: `false` +Default value: ``true`` -##### `arguments` +##### `name` -Queue arguments example: {x-message-ttl => 60, x-expires => 10} +Valid values: `%r{^\S*@\S+$}` + +namevar -Default value: {} +Name of queue -##### `user` +##### `password` -Valid values: %r{^\S+$} +Valid values: `%r{\S+}` -The user to use to connect to rabbitmq +The password to use to connect to rabbitmq -Default value: guest +Default value: `guest` -##### `password` +##### `provider` -Valid values: %r{\S+} +The specific backend to use for this `rabbitmq_queue` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -The password to use to connect to rabbitmq +##### `user` + +Valid values: `%r{^\S+$}` + +The user to use to connect to rabbitmq -Default value: guest +Default value: `guest` -### rabbitmq_user +### `rabbitmq_user` Native type for managing rabbitmq users @@ -1734,45 +1923,53 @@ rabbitmq_user { 'dan': The following properties are available in the `rabbitmq_user` type. -##### `ensure` +##### `admin` -Valid values: present, absent +Valid values: `%r{true|false}` -The basic property that the resource should be in. +whether or not user should be an admin -Default value: present +Default value: `false` -##### `password` +##### `ensure` -User password to be set *on creation* and validated each run +Valid values: `present`, `absent` -##### `admin` +The basic property that the resource should be in. -Valid values: %r{true|false} +Default value: `present` -whether or not user should be an admin +##### `password` -Default value: false +User password to be set *on creation* and validated each run ##### `tags` additional tags for the user -Default value: [] +Default value: `[]` #### Parameters The following parameters are available in the `rabbitmq_user` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) + +##### `name` -Valid values: %r{^\S+$} +Valid values: `%r{^\S+$}` namevar Name of user -### rabbitmq_user_permissions +##### `provider` + +The specific backend to use for this `rabbitmq_user` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. + +### `rabbitmq_user_permissions` Type for managing rabbitmq user permissions @@ -1792,17 +1989,17 @@ rabbitmq_user_permissions { 'dan@myvhost': The following properties are available in the `rabbitmq_user_permissions` type. -##### `ensure` +##### `configure_permission` -Valid values: present, absent +regexp representing configuration permissions -The basic property that the resource should be in. +##### `ensure` -Default value: present +Valid values: `present`, `absent` -##### `configure_permission` +The basic property that the resource should be in. -regexp representing configuration permissions +Default value: `present` ##### `read_permission` @@ -1816,15 +2013,23 @@ regexp representing write permissions The following parameters are available in the `rabbitmq_user_permissions` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) -Valid values: %r{^\S+@\S+$} +##### `name` + +Valid values: `%r{^\S+@\S+$}` namevar combination of user@vhost to grant privileges to -### rabbitmq_vhost +##### `provider` + +The specific backend to use for this `rabbitmq_user_permissions` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. + +### `rabbitmq_vhost` Native type for managing rabbitmq vhosts @@ -1850,21 +2055,29 @@ The following properties are available in the `rabbitmq_vhost` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `rabbitmq_vhost` type. -##### `name` +* [`name`](#name) +* [`provider`](#provider) -Valid values: %r{^\S+$} +##### `name` + +Valid values: `%r{^\S+$}` namevar The name of the vhost to add +##### `provider` + +The specific backend to use for this `rabbitmq_vhost` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. + From 961e809ea98b3cee276235d287e041fdbfe73862 Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 15:45:58 -0700 Subject: [PATCH 04/11] Fix tlsv1.3 conditional --- templates/rabbitmq.config.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index ef070885c..7a514d636 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -82,7 +82,7 @@ end <%- if @ssl_dhfile -%> {dhfile, "<%= @ssl_dhfile %>"}, <%- end -%> - <%- if @ssl_versions and !@ssl_versions.include?('tlsv1.3') -%> + <%- if !@ssl_versions.include?('tlsv1.3') -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, <%- end -%> @@ -140,7 +140,7 @@ end <%- end -%> {certfile, "<%= @ssl_management_cert %>"}, {keyfile, "<%= @ssl_management_key %>"}, - <%- if @ssl_versions and !@ssl_versions.include?('tlsv1.3') -%> + <%- if !@ssl_versions.include?('tlsv1.3') -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, <%- end -%> From 8c8521547b72bbab524d66d06143b6fa2eb07d5a Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 16:18:01 -0700 Subject: [PATCH 05/11] Revert "Regenerate REFERENCE.md" This reverts commit c5c5c739fbe600785cabb8851775d8661c7b65af. --- REFERENCE.md | 1035 ++++++++++++++++++++------------------------------ 1 file changed, 411 insertions(+), 624 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 5e706afb4..c601f63ac 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,16 +1,15 @@ # Reference - ## Table of Contents -### Classes +**Classes** -#### Public Classes +_Public Classes_ * [`rabbitmq`](#rabbitmq): A module to manage RabbitMQ -#### Private Classes +_Private Classes_ * `rabbitmq::config`: Sets all the configuration values for RabbitMQ and creates the directories for config and ssl. * `rabbitmq::install`: Ensures that rabbitmq-server exists @@ -20,7 +19,7 @@ * `rabbitmq::repo::rhel`: Makes sure that the Packagecloud repo is installed * `rabbitmq::service`: This class manages the rabbitmq server service itself. -### Resource types +**Resource types** * [`rabbitmq_binding`](#rabbitmq_binding): Native type for managing rabbitmq bindings rabbitmq_binding { 'binding 1': ensure => present, source => 'myexchange' * [`rabbitmq_cluster`](#rabbitmq_cluster): Native type for managing rabbitmq cluster @@ -36,7 +35,7 @@ ## Classes -### `rabbitmq` +### rabbitmq A module to manage RabbitMQ @@ -175,142 +174,36 @@ class { 'rabbitmq': #### Parameters -The following parameters are available in the `rabbitmq` class: - -* [`admin_enable`](#admin_enable) -* [`management_enable`](#management_enable) -* [`use_config_file_for_plugins`](#use_config_file_for_plugins) -* [`auth_backends`](#auth_backends) -* [`cluster`](#cluster) -* [`cluster_node_type`](#cluster_node_type) -* [`cluster_nodes`](#cluster_nodes) -* [`cluster_partition_handling`](#cluster_partition_handling) -* [`collect_statistics_interval`](#collect_statistics_interval) -* [`config`](#config) -* [`config_additional_variables`](#config_additional_variables) -* [`config_cluster`](#config_cluster) -* [`config_kernel_variables`](#config_kernel_variables) -* [`config_path`](#config_path) -* [`config_ranch`](#config_ranch) -* [`config_management_variables`](#config_management_variables) -* [`config_stomp`](#config_stomp) -* [`config_shovel`](#config_shovel) -* [`config_shovel_statics`](#config_shovel_statics) -* [`config_variables`](#config_variables) -* [`default_user`](#default_user) -* [`default_pass`](#default_pass) -* [`delete_guest_user`](#delete_guest_user) -* [`env_config`](#env_config) -* [`env_config_path`](#env_config_path) -* [`environment_variables`](#environment_variables) -* [`erlang_cookie`](#erlang_cookie) -* [`file_limit`](#file_limit) -* [`oom_score_adj`](#oom_score_adj) -* [`heartbeat`](#heartbeat) -* [`inetrc_config`](#inetrc_config) -* [`inetrc_config_path`](#inetrc_config_path) -* [`ipv6`](#ipv6) -* [`interface`](#interface) -* [`key_content`](#key_content) -* [`ldap_auth`](#ldap_auth) -* [`ldap_server`](#ldap_server) -* [`ldap_user_dn_pattern`](#ldap_user_dn_pattern) -* [`ldap_other_bind`](#ldap_other_bind) -* [`ldap_config_variables`](#ldap_config_variables) -* [`ldap_use_ssl`](#ldap_use_ssl) -* [`ldap_port`](#ldap_port) -* [`ldap_log`](#ldap_log) -* [`manage_python`](#manage_python) -* [`management_hostname`](#management_hostname) -* [`management_port`](#management_port) -* [`management_ip_address`](#management_ip_address) -* [`management_ssl`](#management_ssl) -* [`node_ip_address`](#node_ip_address) -* [`package_apt_pin`](#package_apt_pin) -* [`package_ensure`](#package_ensure) -* [`package_gpg_key`](#package_gpg_key) -* [`package_name`](#package_name) -* [`port`](#port) -* [`python_package`](#python_package) -* [`repos_ensure`](#repos_ensure) -* [`service_ensure`](#service_ensure) -* [`service_manage`](#service_manage) -* [`service_name`](#service_name) -* [`service_restart`](#service_restart) -* [`ssl`](#ssl) -* [`ssl_cacert`](#ssl_cacert) -* [`ssl_cert`](#ssl_cert) -* [`ssl_cert_password`](#ssl_cert_password) -* [`ssl_depth`](#ssl_depth) -* [`ssl_dhfile`](#ssl_dhfile) -* [`ssl_erl_dist`](#ssl_erl_dist) -* [`ssl_honor_cipher_order`](#ssl_honor_cipher_order) -* [`ssl_interface`](#ssl_interface) -* [`ssl_key`](#ssl_key) -* [`ssl_only`](#ssl_only) -* [`ssl_management_port`](#ssl_management_port) -* [`ssl_management_cacert`](#ssl_management_cacert) -* [`ssl_management_cert`](#ssl_management_cert) -* [`ssl_management_key`](#ssl_management_key) -* [`ssl_port`](#ssl_port) -* [`ssl_reuse_sessions`](#ssl_reuse_sessions) -* [`ssl_client_renegotiation`](#ssl_client_renegotiation) -* [`ssl_secure_renegotiate`](#ssl_secure_renegotiate) -* [`ssl_stomp_port`](#ssl_stomp_port) -* [`ssl_verify`](#ssl_verify) -* [`ssl_fail_if_no_peer_cert`](#ssl_fail_if_no_peer_cert) -* [`ssl_management_verify`](#ssl_management_verify) -* [`ssl_versions`](#ssl_versions) -* [`ssl_ciphers`](#ssl_ciphers) -* [`ssl_crl_check`](#ssl_crl_check) -* [`ssl_crl_cache_hash_dir`](#ssl_crl_cache_hash_dir) -* [`ssl_crl_cache_http_timeout`](#ssl_crl_cache_http_timeout) -* [`stomp_port`](#stomp_port) -* [`stomp_ssl_only`](#stomp_ssl_only) -* [`stomp_ensure`](#stomp_ensure) -* [`tcp_backlog`](#tcp_backlog) -* [`tcp_keepalive`](#tcp_keepalive) -* [`tcp_recbuf`](#tcp_recbuf) -* [`tcp_sndbuf`](#tcp_sndbuf) -* [`wipe_db_on_cookie_change`](#wipe_db_on_cookie_change) -* [`rabbitmq_user`](#rabbitmq_user) -* [`rabbitmq_group`](#rabbitmq_group) -* [`rabbitmq_home`](#rabbitmq_home) -* [`rabbitmqadmin_package`](#rabbitmqadmin_package) -* [`archive_options`](#archive_options) -* [`loopback_users`](#loopback_users) -* [`package_source`](#package_source) -* [`package_provider`](#package_provider) -* [`ssl_management_fail_if_no_peer_cert`](#ssl_management_fail_if_no_peer_cert) - -##### `admin_enable` +The following parameters are available in the `rabbitmq` class. + +##### `admin_enable` Data type: `Boolean` If enabled sets up the management interface/plugin for RabbitMQ. This also install the rabbitmqadmin command line tool. -Default value: ``true`` +Default value: `true` -##### `management_enable` +##### `management_enable` Data type: `Boolean` If enabled sets up the management interface/plugin for RabbitMQ. NOTE: This does not install the rabbitmqadmin command line tool. -Default value: ``false`` +Default value: `false` -##### `use_config_file_for_plugins` +##### `use_config_file_for_plugins` Data type: `Boolean` If enabled the /etc/rabbitmq/enabled_plugins config file is created, replacing the use of the rabbitmqplugins provider to enable plugins. -Default value: ``false`` +Default value: `false` -##### `auth_backends` +##### `auth_backends` Data type: `Optional[Array]` @@ -318,185 +211,185 @@ An array specifying authorization/authentication backend to use. Single quotes s ex. `['{foo, baz}', 'baz']` Defaults to [rabbit_auth_backend_internal], and if using LDAP defaults to [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]. -Default value: ``undef`` +Default value: `undef` -##### `cluster` +##### `cluster` Data type: `Hash` Join cluster and change name of cluster. -Default value: `$rabbitmq::cluster` +Default value: $rabbitmq::cluster -##### `cluster_node_type` +##### `cluster_node_type` Data type: `Enum['ram', 'disc']` Choose between disc and ram nodes. -Default value: `'disc'` +Default value: 'disc' -##### `cluster_nodes` +##### `cluster_nodes` Data type: `Array` An array of nodes for clustering. -Default value: `[]` +Default value: [] -##### `cluster_partition_handling` +##### `cluster_partition_handling` Data type: `String` Value to set for `cluster_partition_handling` RabbitMQ configuration variable. -Default value: `'ignore'` +Default value: 'ignore' -##### `collect_statistics_interval` +##### `collect_statistics_interval` Data type: `Optional[Integer]` Set the collect_statistics_interval in rabbitmq.config -Default value: ``undef`` +Default value: `undef` -##### `config` +##### `config` Data type: `String` The file to use as the rabbitmq.config template. -Default value: `'rabbitmq/rabbitmq.config.erb'` +Default value: 'rabbitmq/rabbitmq.config.erb' -##### `config_additional_variables` +##### `config_additional_variables` Data type: `Hash` Additional config variables in rabbitmq.config -Default value: `{}` +Default value: {} -##### `config_cluster` +##### `config_cluster` Data type: `Boolean` Enable or disable clustering support. -Default value: ``false`` +Default value: `false` -##### `config_kernel_variables` +##### `config_kernel_variables` Data type: `Hash` Hash of Erlang kernel configuration variables to set (see [Variables Configurable in rabbitmq.config](#variables-configurable-in-rabbitmq.config)). -Default value: `{}` +Default value: {} -##### `config_path` +##### `config_path` Data type: `Stdlib::Absolutepath` The path to write the RabbitMQ configuration file to. -Default value: `'/etc/rabbitmq/rabbitmq.config'` +Default value: '/etc/rabbitmq/rabbitmq.config' -##### `config_ranch` +##### `config_ranch` Data type: `Boolean` When true, suppress config directives needed for older (<3.6) RabbitMQ versions. -Default value: ``true`` +Default value: `true` -##### `config_management_variables` +##### `config_management_variables` Data type: `Hash` Hash of configuration variables for the [Management Plugin](https://www.rabbitmq.com/management.html). -Default value: `{}` +Default value: {} -##### `config_stomp` +##### `config_stomp` Data type: `Boolean` Enable or disable stomp. -Default value: ``false`` +Default value: `false` -##### `config_shovel` +##### `config_shovel` Data type: `Boolean` Enable or disable shovel. -Default value: ``false`` +Default value: `false` -##### `config_shovel_statics` +##### `config_shovel_statics` Data type: `Hash` Hash of static shovel configurations -Default value: `{}` +Default value: {} -##### `config_variables` +##### `config_variables` Data type: `Hash` To set config variables in rabbitmq.config -Default value: `{}` +Default value: {} -##### `default_user` +##### `default_user` Data type: `String` Username to set for the `default_user` in rabbitmq.config. -Default value: `'guest'` +Default value: 'guest' -##### `default_pass` +##### `default_pass` Data type: `String` Password to set for the `default_user` in rabbitmq.config. -Default value: `'guest'` +Default value: 'guest' -##### `delete_guest_user` +##### `delete_guest_user` Data type: `Boolean` Controls whether default guest user is deleted. -Default value: ``false`` +Default value: `false` -##### `env_config` +##### `env_config` Data type: `String` The template file to use for rabbitmq_env.config. -Default value: `'rabbitmq/rabbitmq-env.conf.erb'` +Default value: 'rabbitmq/rabbitmq-env.conf.erb' -##### `env_config_path` +##### `env_config_path` Data type: `Stdlib::Absolutepath` The path to write the rabbitmq_env.config file to. -Default value: `'/etc/rabbitmq/rabbitmq-env.conf'` +Default value: '/etc/rabbitmq/rabbitmq-env.conf' -##### `environment_variables` +##### `environment_variables` Data type: `Hash` RabbitMQ Environment Variables in rabbitmq_env.config -Default value: `{ 'LC_ALL' => 'en_US.UTF-8' }` +Default value: { 'LC_ALL' => 'en_US.UTF-8' } -##### `erlang_cookie` +##### `erlang_cookie` Data type: `Optional[String]` @@ -504,206 +397,206 @@ The erlang cookie to use for clustering - must be the same between all nodes. Th set explicitly if using clustering. If you run Pacemaker and you don't want to use RabbitMQ buildin cluster, you can set config_cluster to 'False' and set 'erlang_cookie'. -Default value: ``undef`` +Default value: `undef` -##### `file_limit` +##### `file_limit` Data type: `Variant[Integer[-1],Enum['unlimited'],Pattern[/^(infinity|\d+(:(infinity|\d+))?)$/]]` Set rabbitmq file ulimit. Defaults to 16384. Only available on systems with `$::osfamily == 'Debian'` or `$::osfamily == 'RedHat'`. -Default value: `16384` +Default value: 16384 -##### `oom_score_adj` +##### `oom_score_adj` Data type: `Integer[-1000, 1000]` Set rabbitmq-server process OOM score. Defaults to 0. -Default value: `0` +Default value: 0 -##### `heartbeat` +##### `heartbeat` Data type: `Optional[Integer]` Set the heartbeat timeout interval, default is unset which uses the builtin server defaults of 60 seconds. Setting this -Default value: ``undef`` +Default value: `undef` -##### `inetrc_config` +##### `inetrc_config` Data type: `String` Template to use for the inetrc config -Default value: `'rabbitmq/inetrc.erb'` +Default value: 'rabbitmq/inetrc.erb' -##### `inetrc_config_path` +##### `inetrc_config_path` Data type: `Stdlib::Absolutepath` Path of the file to push the inetrc config to. -Default value: `'/etc/rabbitmq/inetrc'` +Default value: '/etc/rabbitmq/inetrc' -##### `ipv6` +##### `ipv6` Data type: `Boolean` Whether to listen on ipv6 -Default value: ``false`` +Default value: `false` -##### `interface` +##### `interface` Data type: `Optional[String]` Interface to bind to (sets tcp_listeners parameter). By default, bind to all interfaces to `0` will disable heartbeats. -Default value: ``undef`` +Default value: `undef` -##### `key_content` +##### `key_content` Data type: `Optional[String]` Uses content method for Debian OS family. Should be a template for apt::source class. Overrides `package_gpg_key` behavior, if enabled. Undefined by default. -Default value: ``undef`` +Default value: `undef` -##### `ldap_auth` +##### `ldap_auth` Data type: `Boolean` Set to true to enable LDAP auth. -Default value: ``false`` +Default value: `false` -##### `ldap_server` +##### `ldap_server` Data type: `Variant[String[1],Array[String[1]]]` LDAP server or servers to use for auth. -Default value: `'ldap'` +Default value: 'ldap' -##### `ldap_user_dn_pattern` +##### `ldap_user_dn_pattern` Data type: `Optional[String]` User DN pattern for LDAP auth. -Default value: ``undef`` +Default value: `undef` -##### `ldap_other_bind` +##### `ldap_other_bind` Data type: `String` How to bind to the LDAP server. Defaults to 'anon'. -Default value: `'anon'` +Default value: 'anon' -##### `ldap_config_variables` +##### `ldap_config_variables` Data type: `Hash` Hash of other LDAP config variables. -Default value: `{}` +Default value: {} -##### `ldap_use_ssl` +##### `ldap_use_ssl` Data type: `Boolean` Set to true to use SSL for the LDAP server. -Default value: ``false`` +Default value: `false` -##### `ldap_port` +##### `ldap_port` Data type: `Integer[1, 65535]` Numeric port for LDAP server. -Default value: `389` +Default value: 389 -##### `ldap_log` +##### `ldap_log` Data type: `Boolean` Set to true to log LDAP auth. -Default value: ``false`` +Default value: `false` -##### `manage_python` +##### `manage_python` Data type: `Boolean` If enabled, on platforms that don't provide a Python 2 package by default, ensure that the python package is installed (for rabbitmqadmin). This will only apply if `admin_enable` and `service_manage` are set. -Default value: ``true`` +Default value: `true` -##### `management_hostname` +##### `management_hostname` Data type: `Optional[String]` The hostname for the RabbitMQ management interface. -Default value: ``undef`` +Default value: `undef` -##### `management_port` +##### `management_port` Data type: `Integer[1, 65535]` The port for the RabbitMQ management interface. -Default value: `15672` +Default value: 15672 -##### `management_ip_address` +##### `management_ip_address` Data type: `Optional[String]` Allows you to set the IP for management interface to bind to separately. Set to 127.0.0.1 to bind to localhost only, or 0.0.0.0 to bind to all interfaces. -Default value: ``undef`` +Default value: `undef` -##### `management_ssl` +##### `management_ssl` Data type: `Boolean` Enable/Disable SSL for the management port. Has an effect only if ssl => true. -Default value: ``true`` +Default value: `true` -##### `node_ip_address` +##### `node_ip_address` Data type: `Optional[String]` Allows you to set the IP for RabbitMQ service to bind to. Set to 127.0.0.1 to bind to localhost only, or 0.0.0.0 to bind to all interfaces. -Default value: ``undef`` +Default value: `undef` -##### `package_apt_pin` +##### `package_apt_pin` Data type: `Optional[Variant[Numeric, String]]` Whether to pin the package to a particular source -Default value: ``undef`` +Default value: `undef` -##### `package_ensure` +##### `package_ensure` Data type: `String` Determines the ensure state of the package. Set to installed by default, but could be changed to latest. -Default value: `'installed'` +Default value: 'installed' -##### `package_gpg_key` +##### `package_gpg_key` Data type: `Optional[String]` @@ -711,33 +604,33 @@ RPM package GPG key to import. Uses source method. Should be a URL for Debian/Re RedHat OS family. Set to https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey for Debian/RedHat OS Family by default. Note, that `key_content`, if specified, would override this parameter for Debian OS family. -Default value: ``undef`` +Default value: `undef` -##### `package_name` +##### `package_name` Data type: `Variant[String, Array]` Name(s) of the package(s) to install -Default value: `'rabbitmq'` +Default value: 'rabbitmq' -##### `port` +##### `port` Data type: `Integer` The RabbitMQ port. -Default value: `5672` +Default value: 5672 -##### `python_package` +##### `python_package` Data type: `String` Name of the package required by rabbitmqadmin. -Default value: `'python'` +Default value: 'python' -##### `repos_ensure` +##### `repos_ensure` Data type: `Boolean` @@ -746,226 +639,226 @@ Defaults to false (use system packages). This does not ensure that soft dependen It also does not solve the erlang dependency. See https://www.rabbitmq.com/which-erlang.html for a good breakdown of the different ways of handling the erlang deps. See also https://github.com/voxpupuli/puppet-rabbitmq/issues/788 -Default value: ``false`` +Default value: `false` -##### `service_ensure` +##### `service_ensure` Data type: `Enum['running', 'stopped']` The state of the service. -Default value: `'running'` +Default value: 'running' -##### `service_manage` +##### `service_manage` Data type: `Boolean` Determines if the service is managed. -Default value: ``true`` +Default value: `true` -##### `service_name` +##### `service_name` Data type: `String` The name of the service to manage. -Default value: `'rabbitmq'` +Default value: 'rabbitmq' -##### `service_restart` +##### `service_restart` Data type: `Boolean` Default defined in param.pp. Whether to restart the service on config change. -Default value: ``true`` +Default value: `true` -##### `ssl` +##### `ssl` Data type: `Boolean` Configures the service for using SSL. -Default value: ``false`` +Default value: `false` -##### `ssl_cacert` +##### `ssl_cacert` Data type: `Optional[Stdlib::Absolutepath]` CA cert path to use for SSL. -Default value: ``undef`` +Default value: `undef` -##### `ssl_cert` +##### `ssl_cert` Data type: `Optional[Stdlib::Absolutepath]` Cert to use for SSL. -Default value: ``undef`` +Default value: `undef` -##### `ssl_cert_password` +##### `ssl_cert_password` Data type: `Optional[String]` Password used when generating CSR. -Default value: ``undef`` +Default value: `undef` -##### `ssl_depth` +##### `ssl_depth` Data type: `Optional[Integer]` SSL verification depth. -Default value: ``undef`` +Default value: `undef` -##### `ssl_dhfile` +##### `ssl_dhfile` Data type: `Optional[Stdlib::Absolutepath]` Use this dhparam file [example: generate with `openssl dhparam -out /etc/rabbitmq/ssl/dhparam.pem 2048` -Default value: ``undef`` +Default value: `undef` -##### `ssl_erl_dist` +##### `ssl_erl_dist` Data type: `Boolean` Whether to use the erlang package's SSL (relies on the ssl_erl_path fact) -Default value: ``false`` +Default value: `false` -##### `ssl_honor_cipher_order` +##### `ssl_honor_cipher_order` Data type: `Boolean` Force use of server cipher order -Default value: ``true`` +Default value: `true` -##### `ssl_interface` +##### `ssl_interface` Data type: `Optional[String]` Interface for SSL listener to bind to -Default value: ``undef`` +Default value: `undef` -##### `ssl_key` +##### `ssl_key` Data type: `Optional[Stdlib::Absolutepath]` Key to use for SSL. -Default value: ``undef`` +Default value: `undef` -##### `ssl_only` +##### `ssl_only` Data type: `Boolean` Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and port => undef -Default value: ``false`` +Default value: `false` -##### `ssl_management_port` +##### `ssl_management_port` Data type: `Integer[1, 65535]` SSL management port. -Default value: `15671` +Default value: 15671 -##### `ssl_management_cacert` +##### `ssl_management_cacert` Data type: `Optional[Stdlib::Absolutepath]` SSL management cacert. If unset set to ssl_cacert for backwards compatibility. -Default value: `$ssl_cacert` +Default value: $ssl_cacert -##### `ssl_management_cert` +##### `ssl_management_cert` Data type: `Optional[Stdlib::Absolutepath]` SSL management cert. If unset set to ssl_cert for backwards compatibility. -Default value: `$ssl_cert` +Default value: $ssl_cert -##### `ssl_management_key` +##### `ssl_management_key` Data type: `Optional[Stdlib::Absolutepath]` SSL management key. If unset set to ssl_key for backwards compatibility. -Default value: `$ssl_key` +Default value: $ssl_key -##### `ssl_port` +##### `ssl_port` Data type: `Integer[1, 65535]` SSL port for RabbitMQ -Default value: `5671` +Default value: 5671 -##### `ssl_reuse_sessions` +##### `ssl_reuse_sessions` Data type: `Boolean` Reuse ssl sessions -Default value: ``true`` +Default value: `true` -##### `ssl_client_renegotiation` +##### `ssl_client_renegotiation` Data type: `Boolean` Allow ssl client renegotiation -Default value: ``false`` +Default value: `false` -##### `ssl_secure_renegotiate` +##### `ssl_secure_renegotiate` Data type: `Boolean` Use ssl secure renegotiate -Default value: ``true`` +Default value: `true` -##### `ssl_stomp_port` +##### `ssl_stomp_port` Data type: `Integer[1, 65535]` SSL stomp port. -Default value: `6164` +Default value: 6164 -##### `ssl_verify` +##### `ssl_verify` Data type: `Enum['verify_none','verify_peer']` rabbitmq.config SSL verify setting. -Default value: `'verify_none'` +Default value: 'verify_none' -##### `ssl_fail_if_no_peer_cert` +##### `ssl_fail_if_no_peer_cert` Data type: `Boolean` rabbitmq.config `fail_if_no_peer_cert` setting. -Default value: ``false`` +Default value: `false` -##### `ssl_management_verify` +##### `ssl_management_verify` Data type: `Enum['verify_none','verify_peer']` rabbitmq.config SSL verify setting for rabbitmq_management. -Default value: `'verify_none'` +Default value: 'verify_none' -##### `ssl_versions` +##### `ssl_versions` Data type: `Optional[Array]` @@ -974,9 +867,9 @@ that it is recommended to disable `sslv3 and `tlsv1` to prevent against POODLE and BEAST attacks. Please see the [RabbitMQ SSL](https://www.rabbitmq.com/ssl.html) documentation for more information. -Default value: ``undef`` +Default value: `undef` -##### `ssl_ciphers` +##### `ssl_ciphers` Data type: `Array` @@ -986,174 +879,174 @@ Functionality can be tested with cipherscan or similar tool: https://github.com/ * Erlang style: `['ecdhe_rsa,aes_256_cbc,sha', 'dhe_rsa,aes_256_cbc,sha']` * OpenSSL style: `['ECDHE-RSA-AES256-SHA', 'DHE-RSA-AES256-SHA']` -Default value: `[]` +Default value: [] -##### `ssl_crl_check` +##### `ssl_crl_check` Data type: `Enum['true','false','peer','best_effort']` Perform CRL (Certificate Revocation List) verification Please see the [Erlang SSL](https://erlang.org/doc/man/ssl.html#type-crl_check) module documentation for more information. -Default value: `'false'` +Default value: 'false' -##### `ssl_crl_cache_hash_dir` +##### `ssl_crl_cache_hash_dir` Data type: `Optional[Stdlib::Absolutepath]` This setting makes use of a directory where CRLs are stored in files named by the hash of the issuer name. Please see the [Erlang SSL](https://erlang.org/doc/man/ssl.html#type-crl_cache_opts) module documentation for more information. -Default value: ``undef`` +Default value: `undef` -##### `ssl_crl_cache_http_timeout` +##### `ssl_crl_cache_http_timeout` Data type: `Optional[Integer]` This setting enables use of internal CRLs cache and sets HTTP timeout interval on fetching CRLs from distributino URLs defined inside certificate. Please see the [Erlang SSL](https://erlang.org/doc/man/ssl.html#type-crl_cache_opts) module documentation for more information. -Default value: ``undef`` +Default value: `undef` -##### `stomp_port` +##### `stomp_port` Data type: `Integer[1, 65535]` The port to use for Stomp. -Default value: `6163` +Default value: 6163 -##### `stomp_ssl_only` +##### `stomp_ssl_only` Data type: `Boolean` Configures STOMP to only use SSL. No cleartext STOMP TCP listeners will be created. Requires setting ssl_stomp_port also. -Default value: ``false`` +Default value: `false` -##### `stomp_ensure` +##### `stomp_ensure` Data type: `Boolean` Enable to install the stomp plugin. -Default value: ``false`` +Default value: `false` -##### `tcp_backlog` +##### `tcp_backlog` Data type: `Integer` The size of the backlog on TCP connections. -Default value: `128` +Default value: 128 -##### `tcp_keepalive` +##### `tcp_keepalive` Data type: `Boolean` Enable TCP connection keepalive for RabbitMQ service. -Default value: ``false`` +Default value: `false` -##### `tcp_recbuf` +##### `tcp_recbuf` Data type: `Optional[Integer]` Corresponds to recbuf in RabbitMQ `tcp_listen_options` -Default value: ``undef`` +Default value: `undef` -##### `tcp_sndbuf` +##### `tcp_sndbuf` Data type: `Optional[Integer]` Integer, corresponds to sndbuf in RabbitMQ `tcp_listen_options` -Default value: ``undef`` +Default value: `undef` -##### `wipe_db_on_cookie_change` +##### `wipe_db_on_cookie_change` Data type: `Boolean` Boolean to determine if we should DESTROY AND DELETE the RabbitMQ database. -Default value: ``false`` +Default value: `false` -##### `rabbitmq_user` +##### `rabbitmq_user` Data type: `String` OS dependent The system user the rabbitmq daemon runs as. -Default value: `'rabbitmq'` +Default value: 'rabbitmq' -##### `rabbitmq_group` +##### `rabbitmq_group` Data type: `String` OS dependent The system group the rabbitmq daemon runs as. -Default value: `'rabbitmq'` +Default value: 'rabbitmq' -##### `rabbitmq_home` +##### `rabbitmq_home` Data type: `Stdlib::Absolutepath` OS dependent The home directory of the rabbitmq deamon. -Default value: `'/var/lib/rabbitmq'` +Default value: '/var/lib/rabbitmq' -##### `rabbitmqadmin_package` +##### `rabbitmqadmin_package` Data type: `Optional[String]` OS dependent If undef: install rabbitmqadmin via archive, otherwise via package -Default value: ``undef`` +Default value: `undef` -##### `archive_options` +##### `archive_options` Data type: `Array` Extra options to Archive resource to download rabbitmqadmin file -Default value: `[]` +Default value: [] -##### `loopback_users` +##### `loopback_users` Data type: `Array` This option configures a list of users to allow access via the loopback interfaces -Default value: `['guest']` +Default value: ['guest'] -##### `package_source` +##### `package_source` Data type: `Optional[String]` -Default value: ``undef`` +Default value: `undef` -##### `package_provider` +##### `package_provider` Data type: `Optional[String]` -Default value: ``undef`` +Default value: `undef` -##### `ssl_management_fail_if_no_peer_cert` +##### `ssl_management_fail_if_no_peer_cert` Data type: `Boolean` -Default value: ``false`` +Default value: `false` ## Resource types -### `rabbitmq_binding` +### rabbitmq_binding Native type for managing rabbitmq bindings @@ -1206,99 +1099,89 @@ rabbitmq_binding { 'myexchange@myqueue@myvhost': The following properties are available in the `rabbitmq_binding` type. -##### `arguments` +##### `ensure` -binding arguments +Valid values: present, absent -Default value: `{}` +The basic property that the resource should be in. -##### `destination` +Default value: present -Valid values: `%r{^\S+$}` +##### `source` + +Valid values: %r{^\S+$} namevar -destination of binding +source of binding -##### `destination_type` +##### `destination` -Valid values: `%r{queue|exchange}` +Valid values: %r{^\S+$} -binding destination_type +namevar + +destination of binding -Default value: `queue` +##### `vhost` -##### `ensure` +Valid values: %r{^\S+$} -Valid values: `present`, `absent` +namevar -The basic property that the resource should be in. +vhost -Default value: `present` +Default value: / ##### `routing_key` -Valid values: `%r{^\S*$}` +Valid values: %r{^\S*$} namevar binding routing_key -##### `source` - -Valid values: `%r{^\S+$}` - -namevar +##### `destination_type` -source of binding +Valid values: %r{queue|exchange} -##### `vhost` +binding destination_type -Valid values: `%r{^\S+$}` +Default value: queue -namevar +##### `arguments` -vhost +binding arguments -Default value: `/` +Default value: {} #### Parameters The following parameters are available in the `rabbitmq_binding` type. -* [`name`](#name) -* [`password`](#password) -* [`provider`](#provider) -* [`user`](#user) - -##### `name` +##### `name` namevar resource name, either source@destination@vhost or arbitrary name with params -##### `password` - -Valid values: `%r{\S+}` - -The password to use to connect to rabbitmq +##### `user` -Default value: `guest` +Valid values: %r{^\S+$} -##### `provider` +The user to use to connect to rabbitmq -The specific backend to use for this `rabbitmq_binding` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. +Default value: guest -##### `user` +##### `password` -Valid values: `%r{^\S+$}` +Valid values: %r{\S+} -The user to use to connect to rabbitmq +The password to use to connect to rabbitmq -Default value: `guest` +Default value: guest -### `rabbitmq_cluster` +### rabbitmq_cluster Native type for managing rabbitmq cluster @@ -1328,45 +1211,35 @@ The following properties are available in the `rabbitmq_cluster` type. ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present #### Parameters The following parameters are available in the `rabbitmq_cluster` type. -* [`init_node`](#init_node) -* [`name`](#name) -* [`node_disc_type`](#node_disc_type) -* [`provider`](#provider) - -##### `init_node` - -Name of which cluster node to join. - -##### `name` +##### `name` namevar The cluster name -##### `node_disc_type` +##### `init_node` -Valid values: `%r{disc|ram}` +Name of which cluster node to join. -Storage type of node, default disc. +##### `node_disc_type` -Default value: `disc` +Valid values: %r{disc|ram} -##### `provider` +Storage type of node, default disc. -The specific backend to use for this `rabbitmq_cluster` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. +Default value: disc -### `rabbitmq_erlang_cookie` +### rabbitmq_erlang_cookie Type to manage the rabbitmq erlang cookie securely @@ -1384,7 +1257,7 @@ The following properties are available in the `rabbitmq_erlang_cookie` type. ##### `content` -Valid values: `%r{^\S+$}` +Valid values: %r{^\S+$} Content of cookie @@ -1392,50 +1265,43 @@ Content of cookie The following parameters are available in the `rabbitmq_erlang_cookie` type. -* [`force`](#force) -* [`path`](#path) -* [`provider`](#provider) -* [`rabbitmq_group`](#rabbitmq_group) -* [`rabbitmq_home`](#rabbitmq_home) -* [`rabbitmq_user`](#rabbitmq_user) -* [`service_name`](#service_name) +##### `path` + + + +##### `force` -##### `force` +Valid values: `true`, `false` -Valid values: ``true``, ``false`` -Default value: ``false`` +Default value: `false` -##### `path` +##### `rabbitmq_user` -##### `provider` -The specific backend to use for this `rabbitmq_erlang_cookie` resource. You will seldom need to specify this --- Puppet -will usually discover the appropriate provider for your platform. +Default value: rabbitmq -##### `rabbitmq_group` +##### `rabbitmq_group` -Default value: `rabbitmq` -##### `rabbitmq_home` +Default value: rabbitmq +##### `rabbitmq_home` -Default value: `/var/lib/rabbitmq` -##### `rabbitmq_user` +Default value: /var/lib/rabbitmq -Default value: `rabbitmq` +##### `service_name` -##### `service_name` +Valid values: %r{^\S+$} -Valid values: `%r{^\S+$}` -### `rabbitmq_exchange` +### rabbitmq_exchange Native type for managing rabbitmq exchanges @@ -1464,92 +1330,77 @@ The following properties are available in the `rabbitmq_exchange` type. ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present #### Parameters The following parameters are available in the `rabbitmq_exchange` type. -* [`arguments`](#arguments) -* [`auto_delete`](#auto_delete) -* [`durable`](#durable) -* [`internal`](#internal) -* [`name`](#name) -* [`password`](#password) -* [`provider`](#provider) -* [`type`](#type) -* [`user`](#user) - -##### `arguments` +##### `name` -Exchange arguments example: {"hash-header": "message-distribution-hash"} +Valid values: %r{^\S*@\S+$} -Default value: `{}` +namevar -##### `auto_delete` +Name of exchange -Valid values: `%r{^\S+$}` +##### `type` -Exchange auto delete option to be set *on creation* +Valid values: %r{^\S+$} -Default value: ``false`` +Exchange type to be set *on creation* -##### `durable` +##### `durable` -Valid values: `%r{^\S+$}` +Valid values: %r{^\S+$} Exchange durability to be set *on creation* -Default value: ``false`` - -##### `internal` - -Valid values: `%r{^\S+$}` +Default value: `false` -Exchange internal option to be set *on creation* +##### `auto_delete` -Default value: ``false`` +Valid values: %r{^\S+$} -##### `name` +Exchange auto delete option to be set *on creation* -Valid values: `%r{^\S*@\S+$}` +Default value: `false` -namevar +##### `internal` -Name of exchange +Valid values: %r{^\S+$} -##### `password` +Exchange internal option to be set *on creation* -Valid values: `%r{\S+}` +Default value: `false` -The password to use to connect to rabbitmq +##### `arguments` -Default value: `guest` +Exchange arguments example: {"hash-header": "message-distribution-hash"} -##### `provider` +Default value: {} -The specific backend to use for this `rabbitmq_exchange` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. +##### `user` -##### `type` +Valid values: %r{^\S+$} -Valid values: `%r{^\S+$}` +The user to use to connect to rabbitmq -Exchange type to be set *on creation* +Default value: guest -##### `user` +##### `password` -Valid values: `%r{^\S+$}` +Valid values: %r{\S+} -The user to use to connect to rabbitmq +The password to use to connect to rabbitmq -Default value: `guest` +Default value: guest -### `rabbitmq_parameter` +### rabbitmq_parameter Type for managing rabbitmq parameters @@ -1592,17 +1443,17 @@ rabbitmq_parameter { 'documentumShovelNoMunging@/': The following properties are available in the `rabbitmq_parameter` type. -##### `component_name` - -The component_name to use when setting parameter, eg: shovel or federation - ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present + +##### `component_name` + +The component_name to use when setting parameter, eg: shovel or federation ##### `value` @@ -1612,32 +1463,23 @@ A hash of values to use with the component name you are setting The following parameters are available in the `rabbitmq_parameter` type. -* [`autoconvert`](#autoconvert) -* [`name`](#name) -* [`provider`](#provider) - -##### `autoconvert` - -Valid values: ``true``, ``false`` - -whether numeric strings from `value` should be converted to int automatically - -Default value: ``true`` - -##### `name` +##### `name` -Valid values: `%r{^\S+@\S+$}` +Valid values: %r{^\S+@\S+$} namevar combination of name@vhost to set parameter for -##### `provider` +##### `autoconvert` + +Valid values: `true`, `false` + +whether numeric strings from `value` should be converted to int automatically -The specific backend to use for this `rabbitmq_parameter` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. +Default value: `true` -### `rabbitmq_plugin` +### rabbitmq_plugin manages rabbitmq plugins @@ -1672,49 +1514,39 @@ The following properties are available in the `rabbitmq_plugin` type. ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present #### Parameters The following parameters are available in the `rabbitmq_plugin` type. -* [`mode`](#mode) -* [`name`](#name) -* [`provider`](#provider) -* [`umask`](#umask) - -##### `mode` - -Valid values: `online`, `offline`, `best` - -Define how the plugin should be enabled regarding node status. - -Default value: `best` - -##### `name` +##### `name` -Valid values: `%r{^\S+$}` +Valid values: %r{^\S+$} namevar The name of the plugin to enable -##### `provider` +##### `mode` -The specific backend to use for this `rabbitmq_plugin` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. +Valid values: online, offline, best -##### `umask` +Define how the plugin should be enabled regarding node status. + +Default value: best + +##### `umask` Sets the octal umask to be used while creating this resource -Default value: `0022` +Default value: 0022 -### `rabbitmq_policy` +### rabbitmq_policy Type for managing rabbitmq policies @@ -1738,59 +1570,51 @@ rabbitmq_policy { 'ha-all@myvhost': The following properties are available in the `rabbitmq_policy` type. -##### `applyto` +##### `ensure` -Valid values: `all`, `exchanges`, `queues` +Valid values: present, absent -policy apply to +The basic property that the resource should be in. -Default value: `all` +Default value: present -##### `definition` +##### `pattern` -policy definition +policy pattern -##### `ensure` +##### `applyto` -Valid values: `present`, `absent` +Valid values: all, exchanges, queues -The basic property that the resource should be in. +policy apply to -Default value: `present` +Default value: all -##### `pattern` +##### `definition` -policy pattern +policy definition ##### `priority` -Valid values: `%r{^\d+$}` +Valid values: %r{^\d+$} policy priority -Default value: `0` +Default value: 0 #### Parameters The following parameters are available in the `rabbitmq_policy` type. -* [`name`](#name) -* [`provider`](#provider) - -##### `name` +##### `name` -Valid values: `%r{^\S+@\S+$}` +Valid values: %r{^\S+@\S+$} namevar combination of policy@vhost to create policy for -##### `provider` - -The specific backend to use for this `rabbitmq_policy` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. - -### `rabbitmq_queue` +### rabbitmq_queue Native type for managing rabbitmq queue @@ -1818,76 +1642,63 @@ The following properties are available in the `rabbitmq_queue` type. ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present #### Parameters The following parameters are available in the `rabbitmq_queue` type. -* [`arguments`](#arguments) -* [`auto_delete`](#auto_delete) -* [`durable`](#durable) -* [`name`](#name) -* [`password`](#password) -* [`provider`](#provider) -* [`user`](#user) - -##### `arguments` - -Queue arguments example: {x-message-ttl => 60, x-expires => 10} - -Default value: `{}` - -##### `auto_delete` +##### `name` -Valid values: `%r{true|false}` +Valid values: %r{^\S*@\S+$} -Queue will be auto deleted +namevar -Default value: ``false`` +Name of queue -##### `durable` +##### `durable` -Valid values: `%r{true|false}` +Valid values: %r{true|false} Queue is durable -Default value: ``true`` +Default value: `true` -##### `name` +##### `auto_delete` -Valid values: `%r{^\S*@\S+$}` +Valid values: %r{true|false} -namevar +Queue will be auto deleted -Name of queue +Default value: `false` + +##### `arguments` -##### `password` +Queue arguments example: {x-message-ttl => 60, x-expires => 10} -Valid values: `%r{\S+}` +Default value: {} -The password to use to connect to rabbitmq +##### `user` -Default value: `guest` +Valid values: %r{^\S+$} -##### `provider` +The user to use to connect to rabbitmq -The specific backend to use for this `rabbitmq_queue` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. +Default value: guest -##### `user` +##### `password` -Valid values: `%r{^\S+$}` +Valid values: %r{\S+} -The user to use to connect to rabbitmq +The password to use to connect to rabbitmq -Default value: `guest` +Default value: guest -### `rabbitmq_user` +### rabbitmq_user Native type for managing rabbitmq users @@ -1923,53 +1734,45 @@ rabbitmq_user { 'dan': The following properties are available in the `rabbitmq_user` type. -##### `admin` - -Valid values: `%r{true|false}` - -whether or not user should be an admin - -Default value: `false` - ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present ##### `password` User password to be set *on creation* and validated each run +##### `admin` + +Valid values: %r{true|false} + +whether or not user should be an admin + +Default value: false + ##### `tags` additional tags for the user -Default value: `[]` +Default value: [] #### Parameters The following parameters are available in the `rabbitmq_user` type. -* [`name`](#name) -* [`provider`](#provider) - -##### `name` +##### `name` -Valid values: `%r{^\S+$}` +Valid values: %r{^\S+$} namevar Name of user -##### `provider` - -The specific backend to use for this `rabbitmq_user` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. - -### `rabbitmq_user_permissions` +### rabbitmq_user_permissions Type for managing rabbitmq user permissions @@ -1989,17 +1792,17 @@ rabbitmq_user_permissions { 'dan@myvhost': The following properties are available in the `rabbitmq_user_permissions` type. -##### `configure_permission` - -regexp representing configuration permissions - ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present + +##### `configure_permission` + +regexp representing configuration permissions ##### `read_permission` @@ -2013,23 +1816,15 @@ regexp representing write permissions The following parameters are available in the `rabbitmq_user_permissions` type. -* [`name`](#name) -* [`provider`](#provider) +##### `name` -##### `name` - -Valid values: `%r{^\S+@\S+$}` +Valid values: %r{^\S+@\S+$} namevar combination of user@vhost to grant privileges to -##### `provider` - -The specific backend to use for this `rabbitmq_user_permissions` resource. You will seldom need to specify this --- -Puppet will usually discover the appropriate provider for your platform. - -### `rabbitmq_vhost` +### rabbitmq_vhost Native type for managing rabbitmq vhosts @@ -2055,29 +1850,21 @@ The following properties are available in the `rabbitmq_vhost` type. ##### `ensure` -Valid values: `present`, `absent` +Valid values: present, absent The basic property that the resource should be in. -Default value: `present` +Default value: present #### Parameters The following parameters are available in the `rabbitmq_vhost` type. -* [`name`](#name) -* [`provider`](#provider) +##### `name` -##### `name` - -Valid values: `%r{^\S+$}` +Valid values: %r{^\S+$} namevar The name of the vhost to add -##### `provider` - -The specific backend to use for this `rabbitmq_vhost` resource. You will seldom need to specify this --- Puppet will -usually discover the appropriate provider for your platform. - From f22ec7fc1bec15e224fbbf8c350e2a4b6e7c68aa Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 16:18:52 -0700 Subject: [PATCH 06/11] Invert default value for ssl_client_renegotiation --- REFERENCE.md | 2 +- data/common.yaml | 2 +- manifests/init.pp | 2 +- spec/classes/rabbitmq_spec.rb | 18 +++++++++--------- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index c601f63ac..009f68884 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -816,7 +816,7 @@ Data type: `Boolean` Allow ssl client renegotiation -Default value: `false` +Default value: `true` ##### `ssl_secure_renegotiate` diff --git a/data/common.yaml b/data/common.yaml index 2ae52962a..8b4b74bec 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -61,7 +61,7 @@ rabbitmq::ssl_fail_if_no_peer_cert: false rabbitmq::ssl_management_verify: 'verify_none' rabbitmq::ssl_management_fail_if_no_peer_cert: false rabbitmq::ssl_versions: ~ -rabbitmq::ssl_client_renegotiation: false +rabbitmq::ssl_client_renegotiation: true rabbitmq::ssl_secure_renegotiate: true rabbitmq::ssl_reuse_sessions: true rabbitmq::ssl_honor_cipher_order: true diff --git a/manifests/init.pp b/manifests/init.pp index 95141fefe..c5f47f908 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -394,7 +394,7 @@ Enum['verify_none','verify_peer'] $ssl_management_verify = 'verify_none', Boolean $ssl_management_fail_if_no_peer_cert = false, Optional[Array] $ssl_versions = undef, - Boolean $ssl_client_renegotiation = false, + Boolean $ssl_client_renegotiation = true, Boolean $ssl_secure_renegotiate = true, Boolean $ssl_reuse_sessions = true, Boolean $ssl_honor_cipher_order = true, diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index a4ad652e4..1ec82af18 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -912,7 +912,7 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', - ssl_client_renegotiation: false, + ssl_client_renegotiation: true, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -938,7 +938,7 @@ %r{keyfile,"/path/to/key"} ) is_expected.to contain_file('rabbitmq.config').with_content( - %r{client_renegotiation,false} + %r{client_renegotiation,true} ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} @@ -971,7 +971,7 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', - ssl_client_renegotiation: false, + ssl_client_renegotiation: true, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -1001,7 +1001,7 @@ %r{keyfile,"/path/to/key"} ) is_expected.to contain_file('rabbitmq.config').with_content( - %r{client_renegotiation,false} + %r{client_renegotiation,true} ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} @@ -1049,7 +1049,7 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', - ssl_client_renegotiation: false, + ssl_client_renegotiation: true, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -1073,7 +1073,7 @@ %r{keyfile,"/path/to/key"} ) is_expected.to contain_file('rabbitmq.config').with_content( - %r{client_renegotiation,false} + %r{client_renegotiation,true} ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} @@ -1387,14 +1387,14 @@ it { is_expected.to contain_file('rabbitmq.config').without_content(%r{dhfile,}) } end - describe 'ssl with ssl_client_renegotiation true' do + describe 'ssl with ssl_client_renegotiation false' do let(:params) do { ssl: true, ssl_interface: '0.0.0.0', - ssl_client_renegotiation: true } + ssl_client_renegotiation: false } end - it { is_expected.to contain_file('rabbitmq.config').with_content(%r{client_renegotiation,true}) } + it { is_expected.to contain_file('rabbitmq.config').with_content(%r{client_renegotiation,false}) } end describe 'ssl with ssl_secure_renegotiate false' do From 882458a28a5d84644fcfeecd26a400c61aab01c1 Mon Sep 17 00:00:00 2001 From: kperronne Date: Tue, 5 Apr 2022 16:26:59 -0700 Subject: [PATCH 07/11] Better tlsv1.3 and ssl_versions conditional --- templates/rabbitmq.config.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 7a514d636..b4b2e140e 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -82,7 +82,7 @@ end <%- if @ssl_dhfile -%> {dhfile, "<%= @ssl_dhfile %>"}, <%- end -%> - <%- if !@ssl_versions.include?('tlsv1.3') -%> + <%- if !@ssl_versions || !@ssl_versions.include?('tlsv1.3') -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, <%- end -%> @@ -140,7 +140,7 @@ end <%- end -%> {certfile, "<%= @ssl_management_cert %>"}, {keyfile, "<%= @ssl_management_key %>"}, - <%- if !@ssl_versions.include?('tlsv1.3') -%> + <%- if !@ssl_versions || !@ssl_versions.include?('tlsv1.3') -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, <%- end -%> From 54f64f70ce618366c34d246801ba6560260a64c7 Mon Sep 17 00:00:00 2001 From: kperronne Date: Wed, 6 Apr 2022 09:19:22 -0700 Subject: [PATCH 08/11] Default ssl_client_renegotiation to undef --- REFERENCE.md | 2 +- data/common.yaml | 2 +- manifests/init.pp | 2 +- templates/rabbitmq.config.erb | 4 ++++ 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 009f68884..87e7212e4 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -816,7 +816,7 @@ Data type: `Boolean` Allow ssl client renegotiation -Default value: `true` +Default value: `undef` ##### `ssl_secure_renegotiate` diff --git a/data/common.yaml b/data/common.yaml index 8b4b74bec..de36aa884 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -61,7 +61,7 @@ rabbitmq::ssl_fail_if_no_peer_cert: false rabbitmq::ssl_management_verify: 'verify_none' rabbitmq::ssl_management_fail_if_no_peer_cert: false rabbitmq::ssl_versions: ~ -rabbitmq::ssl_client_renegotiation: true +rabbitmq::ssl_client_renegotiation: ~ rabbitmq::ssl_secure_renegotiate: true rabbitmq::ssl_reuse_sessions: true rabbitmq::ssl_honor_cipher_order: true diff --git a/manifests/init.pp b/manifests/init.pp index c5f47f908..8265a60ee 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -394,7 +394,7 @@ Enum['verify_none','verify_peer'] $ssl_management_verify = 'verify_none', Boolean $ssl_management_fail_if_no_peer_cert = false, Optional[Array] $ssl_versions = undef, - Boolean $ssl_client_renegotiation = true, + Boolean $ssl_client_renegotiation = undef, Boolean $ssl_secure_renegotiate = true, Boolean $ssl_reuse_sessions = true, Boolean $ssl_honor_cipher_order = true, diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index b4b2e140e..6365b4249 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -83,7 +83,9 @@ end {dhfile, "<%= @ssl_dhfile %>"}, <%- end -%> <%- if !@ssl_versions || !@ssl_versions.include?('tlsv1.3') -%> + <%- if @ssl_client_renegotiation -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, + <%- end -%> {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, <%- end -%> {reuse_sessions,<%= @ssl_reuse_sessions %>}, @@ -141,7 +143,9 @@ end {certfile, "<%= @ssl_management_cert %>"}, {keyfile, "<%= @ssl_management_key %>"}, <%- if !@ssl_versions || !@ssl_versions.include?('tlsv1.3') -%> + <%- if @ssl_client_renegotiation -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, + <%- end -%> {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, <%- end -%> {reuse_sessions,<%= @ssl_reuse_sessions %>}, From 5e344b496fcd49915f5b920395f8cf33295b8b76 Mon Sep 17 00:00:00 2001 From: kperronne Date: Wed, 6 Apr 2022 09:24:51 -0700 Subject: [PATCH 09/11] Conditional tlsv1.3 for distro support, remove undef setting --- spec/classes/rabbitmq_spec.rb | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index 1ec82af18..4e59032e3 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -912,7 +912,6 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', - ssl_client_renegotiation: true, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -937,9 +936,6 @@ is_expected.to contain_file('rabbitmq.config').with_content( %r{keyfile,"/path/to/key"} ) - is_expected.to contain_file('rabbitmq.config').with_content( - %r{client_renegotiation,true} - ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} ) @@ -971,7 +967,6 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', - ssl_client_renegotiation: true, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -1000,9 +995,6 @@ is_expected.to contain_file('rabbitmq.config').with_content( %r{keyfile,"/path/to/key"} ) - is_expected.to contain_file('rabbitmq.config').with_content( - %r{client_renegotiation,true} - ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} ) @@ -1049,7 +1041,6 @@ ssl_cacert: '/path/to/cacert', ssl_cert: '/path/to/cert', ssl_key: '/path/to/key', - ssl_client_renegotiation: true, ssl_secure_renegotiate: true, ssl_reuse_sessions: true, ssl_honor_cipher_order: true, @@ -1072,9 +1063,6 @@ is_expected.to contain_file('rabbitmq.config').with_content( %r{keyfile,"/path/to/key"} ) - is_expected.to contain_file('rabbitmq.config').with_content( - %r{client_renegotiation,true} - ) is_expected.to contain_file('rabbitmq.config').with_content( %r{secure_renegotiate,true} ) @@ -1175,7 +1163,8 @@ end end - describe 'ssl options with ssl version tlsv1.3' do + # tlsv1.3 not supported on older RMQ/Erlang with this distro + describe 'ssl options with ssl version tlsv1.3', unless: facts[:osfamily] == 'RedHat' do let(:params) do { ssl: true, ssl_port: 3141, From 5c08f48dfa8cf47130b6612596cc5d7519954c81 Mon Sep 17 00:00:00 2001 From: kperronne Date: Wed, 6 Apr 2022 09:28:41 -0700 Subject: [PATCH 10/11] Make ssl_client_renegotiation optional --- REFERENCE.md | 2 +- manifests/init.pp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 87e7212e4..aeb2f03de 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -812,7 +812,7 @@ Default value: `true` ##### `ssl_client_renegotiation` -Data type: `Boolean` +Data type: `Optional[Boolean]` Allow ssl client renegotiation diff --git a/manifests/init.pp b/manifests/init.pp index 8265a60ee..d28fd97d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -394,14 +394,14 @@ Enum['verify_none','verify_peer'] $ssl_management_verify = 'verify_none', Boolean $ssl_management_fail_if_no_peer_cert = false, Optional[Array] $ssl_versions = undef, - Boolean $ssl_client_renegotiation = undef, + Optional[Boolean] $ssl_client_renegotiation = undef, Boolean $ssl_secure_renegotiate = true, Boolean $ssl_reuse_sessions = true, Boolean $ssl_honor_cipher_order = true, Optional[Stdlib::Absolutepath] $ssl_dhfile = undef, Array $ssl_ciphers = [], Enum['true','false','peer','best_effort'] $ssl_crl_check = 'false', - Optional[Stdlib::Absolutepath] $ssl_crl_cache_hash_dir = undef, + Optional[Stdlib::Absolutepath] $ssl_crl_cache_hash_dir = undef, Optional[Integer] $ssl_crl_cache_http_timeout = undef, Boolean $stomp_ensure = false, Boolean $ldap_auth = false, From 77af2a70ccfcac1f7c8fc6230ecf37bc9de8a67f Mon Sep 17 00:00:00 2001 From: kperronne Date: Wed, 6 Apr 2022 10:27:10 -0700 Subject: [PATCH 11/11] Properly check for ssl_client_renegotiation --- templates/rabbitmq.config.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index 6365b4249..d3c280e1c 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -83,7 +83,7 @@ end {dhfile, "<%= @ssl_dhfile %>"}, <%- end -%> <%- if !@ssl_versions || !@ssl_versions.include?('tlsv1.3') -%> - <%- if @ssl_client_renegotiation -%> + <%- if defined?(@ssl_client_renegotiation) -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, <%- end -%> {secure_renegotiate,<%= @ssl_secure_renegotiate %>}, @@ -143,7 +143,7 @@ end {certfile, "<%= @ssl_management_cert %>"}, {keyfile, "<%= @ssl_management_key %>"}, <%- if !@ssl_versions || !@ssl_versions.include?('tlsv1.3') -%> - <%- if @ssl_client_renegotiation -%> + <%- if defined?(@ssl_client_renegotiation) -%> {client_renegotiation,<%= @ssl_client_renegotiation %>}, <%- end -%> {secure_renegotiate,<%= @ssl_secure_renegotiate %>},