Use template for MQSC commands for TLS config

2018-04-10 15:03:36 +01:00
parent 516c8ecc41
commit 6773496d99
3 changed files with 21 additions and 11 deletions
--- a/cmd/runmqdevserver/tls.go
+++ b/cmd/runmqdevserver/tls.go
@@ -117,20 +117,24 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error {
 		return err
 	}

-	f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770)
+	var sslCipherSpec string
+	if os.Getenv("MQ_DEV") == "true" {
+		sslCipherSpec = "TLS_RSA_WITH_AES_128_CBC_SHA256"
+	} else {
+		sslCipherSpec = ""
+	}
+
+	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
+	const mqscTemplate string = mqsc + ".tpl"
+
+	err = processTemplateFile(mqsc+".tpl", mqsc, map[string]string{
+		"SSLKeyR":          filepath.Join(dir, "key"),
+		"CertificateLabel": newLabel,
+		"SSLCipherSpec":    sslCipherSpec,
+	})
 	if err != nil {
 		return err
 	}
-	defer f.Close()
-	// Change the Queue Manager's Key Repository to point at the new TLS key store
-	fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key"))
-	fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel)
-
-	if os.Getenv("MQ_DEV") == "true" {
-		// Alter the DEV channels to use TLS
-		fmt.Fprintln(f, "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
-		fmt.Fprintln(f, "ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
-	}

 	err = configureWebTLS(cms)
 	if err != nil {
--- a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -0,0 +1,4 @@
+ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
+ALTER QMGR CERTLABL('{{ .CertificateLabel }}}}')
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
--- a/incubating/mqadvanced-server-dev/Dockerfile
+++ b/incubating/mqadvanced-server-dev/Dockerfile
@@ -51,6 +51,8 @@ COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqserver /u
 COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/
 # Copy template MQSC for default developer configuration
 COPY incubating/mqadvanced-server-dev/10-dev.mqsc.tpl /etc/mqm/
+# Copy template MQSC for default developer TLS configuration
+COPY incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl /etc/mqm/
 # Copy template JSON for default web console configuration
 COPY incubating/mqadvanced-server-dev/admin.json.tpl /etc/mqm/
 # Copy web XML files for default developer configuration