Document how to use TLS/SSL with RabbitMQ #848
Conversation
|
|
||
| .. code-block:: ini | ||
| url = amqp://guest:guest@127.0.0.1:5671/?ssl=true |
There was a problem hiding this comment.
Is there anything else that's required on ST2 conf side to configure certificates/trusted/chain to communicate with SSL-enabled RabbitMQ server, the right way?
Just for reference, I'm looking at RabbitMQ clients from the examples like:
https://www.rabbitmq.com/ssl.html#java-client-connecting-with-peer-verification
https://pika.readthedocs.io/en/latest/examples/tls_mutual_authentication.html
http://docs.celeryproject.org/projects/kombu/en/latest/reference/kombu.connection.html
which highlight more configuration and parameters like CA, cert chain and so forth.
There was a problem hiding this comment.
This change only enables secure communication to the server using TLS, but it doesn't do peer verification and it also doesn't support client certificate based authentication.
For that we will need to modify the code (similar to the user contribution for MongoDB not too long ago).
The plan is to use the same configuration option names as we use for MongoDB in the database section in st2.conf (for consistency reasons).
But yeah, that will be a separate change. I will open an issue in StackStorm/st2 to track it.
There was a problem hiding this comment.
Would be good to add a small note about that part in st2docs then.
|
I was actually also hoping to implement those missing config options before v2.10.2 will be released, but I will add a note about that and merge it for now. |
This pull request documents how to enable TLS for RabbitMQ connections.
Part of #847.