Improve SSL support for Sensu

This patch allows operator to create SSL certificates for SSL auth to RabbitMQ.

Change-Id: I250aedcfdbe3b7a7e8c611c0e6122cf8fe0edda4

diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml
index a8303a5..2fa1569 100644 (file)
--- a/puppet/services/monitoring/sensu-base.yaml
+++ b/puppet/services/monitoring/sensu-base.yaml
@@ -29,7 +29,18 @@ parameters:
     default: false
     description: >
         RabbitMQ client subscriber parameter to specify an SSL connection
-        to the RabbitMQ host.
+        to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without
+        specifying a private key or cert chain to use SSL transport,
+        but not cert auth.
+    type: string
+  MonitoringRabbitSSLPrivateKey:
+    default: ''
+    description: Private key to be used by Sensu to connect to RabbitMQ host.
+    type: string
+  MonitoringRabbitSSLCertChain:
+    default: ''
+    description: >
+      Private SSL cert chain to be used by Sensu to connect to RabbitMQ host.
     type: string
   MonitoringRabbitPassword:
     description: The RabbitMQ password used for monitoring purposes.
@@ -71,6 +82,8 @@ outputs:
         sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword}
         sensu::rabbitmq_port: {get_param: MonitoringRabbitPort}
         sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL}
+        sensu::rabbitmq_ssl_private_key: {get_param: MonitoringRabbitSSLPrivateKey}
+        sensu::rabbitmq_ssl_cert_chain: {get_param: MonitoringRabbitSSLCertChain}
         sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName}
         sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost}
         sensu::redact: {get_param: SensuRedactVariables}