Bug 1484547

Upstream PR for puppet-rabbitmq - https://github.com/voxpupuli/puppet-rabbitmq/pull/574

This is merged upstream and pulled into RDO, just needs to wait on next downstream sync.

openstack-tripleo-heat-templates-7.0.3-13.el7ost.noarch

 sudo cat /var/log/pacemaker/bundles/rabbitmq-bundle-0/rabbitmq/rabbit |grep SSL
‎started SSL Listener on 172.17.1.18:5672
‎

[heat-admin@overcloud-controller-0 ~]$ openssl s_client -connect overcloud-controller-0.internalapi.redhat.local:5672
CONNECTED(00000003)
depth=1 O = REDHAT.LOCAL, CN = Certificate Authority
verify return:1
depth=0 O = REDHAT.LOCAL, CN = overcloud-controller-0.internalapi.redhat.local
verify return:1
---
Certificate chain
 0 s:/O=REDHAT.LOCAL/CN=overcloud-controller-0.internalapi.redhat.local
   i:/O=REDHAT.LOCAL/CN=Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIBFjANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQKDAxSRURI
QVQuTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzEx
MjcxNTIzNTBaFw0xOTExMjgxNTIzNTBaMFExFTATBgNVBAoMDFJFREhBVC5MT0NB
TDE4MDYGA1UEAwwvb3ZlcmNsb3VkLWNvbnRyb2xsZXItMC5pbnRlcm5hbGFwaS5y
ZWRoYXQubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyqmJK
W1jXzfKx3ltZswDaDdBE3dPDnkiSPvWuWyKfWPLBoNTtutO7rdw7mYlo2wTMCTV+
rjaOMsm7mApLby0bDBKSMhKU4uxHd1QHKoWYaG9MsX7wwz5G3Q90tHTX5yRgSFpZ
OfugczJgm50WNIfoQTU1rEuktLeBJsICa2o8KwT77jspwnVsiSBZU+AKMQFLL9Xp
5fJxanGQINQKWOqV7FNHzb1NqUoWbqwrbtihG7wGILvLwi02EvK45gR4fW0cqbJu
9Q7D7nETKoVtxcHn9FYH6lBlNCwF4JfvypygiuAUfYGf+sMrle5kmNpY3hCwEQav
9Ju9WDlfADz9yGphAgMBAAGjggIoMIICJDAfBgNVHSMEGDAWgBQIMIhuYSdXuoR8
Z5k1RRi4HYLeoTA+BggrBgEFBQcBAQQyMDAwLgYIKwYBBQUHMAGGImh0dHA6Ly9p
cGEtY2EucmVkaGF0LmxvY2FsL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMGygNKAyhjBodHRw
Oi8vaXBhLWNhLnJlZGhhdC5sb2NhbC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQy
MDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkwHQYDVR0OBBYEFN9VbnOe3MR0mXyLGzE/z3IUGg+sMIH5BgNVHREEgfEwge6C
L292ZXJjbG91ZC1jb250cm9sbGVyLTAuaW50ZXJuYWxhcGkucmVkaGF0LmxvY2Fs
oFUGCisGAQQBgjcUAgOgRwxFcmFiYml0bXEvb3ZlcmNsb3VkLWNvbnRyb2xsZXIt
MC5pbnRlcm5hbGFwaS5yZWRoYXQubG9jYWxAUkVESEFULkxPQ0FMoGQGBisGAQUC
AqBaMFigDhsMUkVESEFULkxPQ0FMoUYwRKADAgEBoT0wOxsIcmFiYml0bXEbL292
ZXJjbG91ZC1jb250cm9sbGVyLTAuaW50ZXJuYWxhcGkucmVkaGF0LmxvY2FsMA0G
CSqGSIb3DQEBCwUAA4IBAQBl6LaEiB+8ny2T5KxkzFnFsT/JUq9lMSLhT0MVhLpj
aLHwyV2ObW3vttPfKJWdkKRQhi21xUojHvbZ7ZIhZiGKIu3qrNi9R9DJheey4W4C
Qw6OkFt2cQVkGdJgKfFiFTLw5Q6cXlZiINZVTGLu8J1lLUcaYYzk73BkMbDSbJ4Y
FvNMepweRKPqQv/0NUcu03gSRHlFb3M55A5ZQRomQLaIL3Tu5XcR7MQaFvd2Klsj
Fvgx239w+0XhRXSsvNKDMhcMlOlwGmrdNEj/lzZ9gWM2wZkDp/bNhFn2iCbmssr0
014pU3FGNm3KzF7tfY1+lOkz9CmG82LW932kRdsc3zZq
-----END CERTIFICATE-----
subject=/O=REDHAT.LOCAL/CN=overcloud-controller-0.internalapi.redhat.local
issuer=/O=REDHAT.LOCAL/CN=Certificate Authority
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1834 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 2FD55EBE050F1B913A78F7B533BCEADAF01FB6C0BAD0FFA678F79F7F2729A4E4
    Session-ID-ctx: 
    Master-Key: 60D705D3CFDD6D7FF94EC455FB7CAC6F88E8CBC3611E5B92CFAB80086E2E9913AF8DF1A0B3A6858AFABB230DE29BFE8E
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1511799122
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

VERIFIED

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462