From e90ec28ebe60c6432452e46a041c49a99d5d1e20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 5 Oct 2018 09:40:57 +0000
Subject: [PATCH] The RabbitMQ ansible modules can't use https yet.

Disable SSL on the management api, and mitigate the security risk by
only listening on localhost.
---
 roles/rabbitmq_cluster/templates/rabbitmq.config | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/roles/rabbitmq_cluster/templates/rabbitmq.config b/roles/rabbitmq_cluster/templates/rabbitmq.config
index 3fa421d26e..366fd38bbf 100644
--- a/roles/rabbitmq_cluster/templates/rabbitmq.config
+++ b/roles/rabbitmq_cluster/templates/rabbitmq.config
@@ -31,10 +31,13 @@
  {rabbitmq_management,
   [
    {listener, [{port, 15672},
-               {ssl, true},
-               {ssl_opts, [{cacertfile, "/etc/rabbitmq/ca.crt"},
-                           {certfile,   "/etc/rabbitmq/nodecert/node.crt"},
-                           {keyfile,    "/etc/rabbitmq/nodecert/node.key"}]}]}
+               {ip, "127.0.0.1"}
+               # Ansible can't use HTTPS yet
+               #{ssl, true},
+               #{ssl_opts, [{cacertfile, "/etc/rabbitmq/ca.crt"},
+               #            {certfile,   "/etc/rabbitmq/nodecert/node.crt"},
+               #            {keyfile,    "/etc/rabbitmq/nodecert/node.key"}]}
+              ]}
   ]},
 
  {rabbitmq_management_agent,