Build combined config

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/rabbitmq_cluster/tasks/main.yml

@@ -23,9 +23,15 @@
   - rabbitmq_cluster
   - config
 
+- name: create node cert directory
+  file: path=/etc/rabbitmq/nodecert/ owner=root group=root mode=0644 state=directory
+  tags:
+  - rabbitmq_cluster
+  - config
+
 - name: deploy node certificate
   copy: src="{{private}}/files/rabbitmq/{{env}}/pki/issued/{{inventory_hostname}}.crt"
-        dest=/etc/rabbitmq/node.crt
+        dest=/etc/rabbitmq/nodecert/node.crt
         owner=root group=root mode=0644
   tags:
   - rabbitmq_cluster
@@ -33,12 +39,19 @@
 
 - name: deploy node private key
   copy: src="{{private}}/files/rabbitmq/{{env}}/pki/private/{{inventory_hostname}}.key"
-        dest=/etc/rabbitmq/node.key
+        dest=/etc/rabbitmq/nodecert/node.key
         owner=rabbitmq group=rabbitmq mode=0600
   tags:
   - rabbitmq_cluster
   - config
 
+- name: build combined node key
+  assemble: src=/etc/rabbitmq/nodecert/ dest=/etc/rabbitmq/nodecert.combined.pem
+            owner=rabbitmq group=rabbitmq mode=0600
+  tags:
+  - rabbitmq_cluster
+  - config
+
 - name: enable plugins
   copy: src=enabled_plugins dest=/etc/rabbitmq/enabled_plugins owner=root group=root mode=0644
   with_items:

roles/rabbitmq_cluster/templates/rabbitmq-env.conf

@@ -0,0 +1,11 @@
+ERL_SSL_PATH="/usr/lib64/erlang/lib/ssl-7.3.3.2/ebin"
+
+SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH \
+-proto_dist inet_tls \
+-ssl_dist_opt server_certfile /etc/rabbitmq/node.combined.pem \
+-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
+
+CTL_ERL_ARGS="-pa $ERL_SSL_PATH \
+-proto_dist inet_tls \
+-ssl_dist_opt server_certfile /etc/rabbitmq/node.combined.pem \
+-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"