From 585aebf3df9e2f61d432996735cdde3c4d7e48d4 Mon Sep 17 00:00:00 2001 From: stachdude Date: Wed, 7 Sep 2016 09:36:58 +0200 Subject: [PATCH 1/2] Added RABBITMQ_CLUSTER_NODES option in docker-entrypoint.sh to allow clustering --- docker-entrypoint.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index e070eba9..c30381dc 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -35,6 +35,7 @@ rabbitConfigKeys=( default_user default_vhost hipe_compile + cluster_nodes ) fileConfigKeys=( management_ssl_cacertfile @@ -187,6 +188,11 @@ rabbit_env_config() { [ "$val" ] && rawVal='true' || rawVal='false' ;; + cluster_nodes) + [ "$val" ] || continue + rawVal=''"$val"'' + ;; + cacertfile|certfile|keyfile) [ "$val" ] || continue rawVal='"'"$val"'"' From 6aead45460df5fb7a73cf61b79a32b638802ee50 Mon Sep 17 00:00:00 2001 From: stachdude Date: Mon, 12 Sep 2016 13:49:16 +0200 Subject: [PATCH 2/2] Added depth parameter which will allow using a client certificate signed by an intermediate CA, and it may be necessary to configure RabbitMQ server to use a higher verification depth. Removed a comment about not handling clustering --- docker-entrypoint.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index c30381dc..94ed6767 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -26,6 +26,7 @@ sslConfigKeys=( fail_if_no_peer_cert keyfile verify + depth ) managementConfigKeys=( "${sslConfigKeys[@]/#/ssl_}" @@ -188,6 +189,11 @@ rabbit_env_config() { [ "$val" ] && rawVal='true' || rawVal='false' ;; + depth) + [ "$val" ] || continue + rawVal=''"$val"'' + ;; + cluster_nodes) [ "$val" ] || continue rawVal=''"$val"'' @@ -276,8 +282,6 @@ if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; t fi if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then # More ENV vars for make clustering happiness - # we don't handle clustering in this script, but these args should ensure - # clustered SSL-enabled members will talk nicely export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)" export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" export RABBITMQ_CTL_ERL_ARGS="$RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS"