]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/roles/manifests/pubsub.pp
projects / dsa-puppet.git / blob
? search:


8ebe3e70b52585163f2eb77da3dbb63319cb7ec4
[dsa-puppet.git] / modules / roles / manifests / pubsub.pp
1 class roles::pubsub {
2         include roles::pubsub::params
3         include roles::pubsub::entities
4
5         $cluster_cookie  = $roles::pubsub::params::cluster_cookie
6
7         $cc_master       = rainier
8         $cc_secondary    = rapoport
9
10         class { 'rabbitmq':
11                 cluster           => true,
12                 clustermembers    => [
13                         "rabbit@${cc_master}",
14                         "rabbit@${cc_secondary}",
15                 ],
16                 clustercookie     => '8r17so6o1s124ns49sr08n0o24342160',
17                 delete_guest_user => true,
18                 master            => $cc_master,
19         }
20
21         user { 'rabbitmq':
22                 groups => 'ssl-cert'
23         }
24
25         concat::fragment { 'rabbit_ssl':
26                 target => '/etc/rabbitmq/rabbitmq.config',
27                 order  => 35,
28                 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
29         }
30
31         concat::fragment { 'rabbit_mgmt_ssl':
32                 target => '/etc/rabbitmq/rabbitmq.config',
33                 order  => 55,
34                 source => 'puppet:///modules/roles/pubsub/rabbitmq-mgmt.config'
35         }
36
37         @ferm::rule { 'rabbitmq':
38                 description => 'rabbitmq connections',
39                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
40         }
41
42         @ferm::rule { 'rabbitmq-v6':
43                 domain      => 'ip6',
44                 description => 'rabbitmq connections',
45                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
46         }
47
48         @ferm::rule { 'rabbitmq-adm':
49                 description => 'rabbitmq connections',
50                 rule        => '&SERVICE_RANGE(tcp, 5671, $DSA_IPS)'
51         }
52
53         @ferm::rule { 'rabbitmq-v6-adm':
54                 domain      => 'ip6',
55                 description => 'rabbitmq connections',
56                 rule        => '&SERVICE_RANGE(tcp, 5671, $DSA_V6_IPS)'
57         }
58
59         if $::hostname == $cc_master {
60                 $you  = '5.153.231.15'
61                 $you6 = '2001:41c8:1000:21::21:15'
62         } else {
63                 $you  = '5.153.231.16'
64                 $you6 = '2001:41c8:1000:21::21:16'
65         }
66
67         @ferm::rule { 'rabbitmq_cluster':
68                 domain      => 'ip',
69                 description => 'rabbitmq cluster connections',
70                 rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
71         }
72         @ferm::rule { 'rabbitmq_cluster_v6':
73                 domain      => 'ip6',
74                 description => 'rabbitmq cluster connections',
75                 rule        => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
76         }
77         @ferm::rule { 'rabbitmq_mgmt':
78                 description => 'rabbitmq cluster connections',
79                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
80         }
81         @ferm::rule { 'rabbitmq_mgmt_v6':
82                 domain      => '(ip6)',
83                 description => 'rabbitmq cluster connections',
84                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'
85         }
86 }
Unnamed repository; edit this file 'description' to name the repository.