]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/roles/manifests/pubsub.pp
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add build user
[dsa-puppet.git] / modules / roles / manifests / pubsub.pp
1 class roles::pubsub {
2         include roles::pubsub::params
3
4         $cluster_cookie  = $roles::pubsub::params::cluster_cookie
5         $admin_password  = $roles::pubsub::params::admin_password
6         $ftp_password    = $roles::pubsub::params::ftp_password
7         $buildd_password = $roles::pubsub::params::ftp_password
8         $cc_master      = rainier
9         $cc_secondary   = rapoport
10
11         class { 'rabbitmq':
12                 cluster           => true,
13                 clustermembers    => [
14                         "rabbit@${cc_master}",
15                         "rabbit@${cc_secondary}",
16                 ],
17                 clustercookie     => '8r17so6o1s124ns49sr08n0o24342160',
18                 delete_guest_user => true,
19                 master            => $cc_master,
20         }
21
22         user { 'rabbitmq':
23                 groups => 'ssl-cert'
24         }
25
26         concat::fragment { 'rabbit_ssl':
27                 target => '/etc/rabbitmq/rabbitmq.config',
28                 order  => 35,
29                 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
30         }
31
32         rabbitmq_user { 'admin':
33                 admin    => true,
34                 password => $admin_password,
35                 provider => 'rabbitmqctl',
36         }
37
38         rabbitmq_user { 'ftpteam':
39                 admin    => true,
40                 password => $ftp_password,
41                 provider => 'rabbitmqctl',
42         }
43
44         rabbitmq_user { 'buildd':
45                 admin    => true,
46                 password => $buildd_password,
47                 provider => 'rabbitmqctl',
48         }
49
50         rabbitmq_vhost { 'packages':
51                 ensure   => present,
52                 provider => 'rabbitmqctl',
53         }
54
55         rabbitmq_vhost { 'buildd':
56                 ensure   => present,
57                 provider => 'rabbitmqctl',
58         }
59
60         rabbitmq_user_permissions { 'admin@buildd':
61                 configure_permission => '.*',
62                 read_permission      => '.*',
63                 write_permission     => '.*',
64                 provider             => 'rabbitmqctl',
65                 require              => [
66                         Rabbitmq_user['admin'],
67                         Rabbitmq_vhost['buildd']
68                 ]
69         }
70         rabbitmq_user_permissions { 'admin@packages':
71                 configure_permission => '.*',
72                 read_permission      => '.*',
73                 write_permission     => '.*',
74                 provider             => 'rabbitmqctl',
75                 require              => [
76                         Rabbitmq_user['admin'],
77                         Rabbitmq_vhost['packages']
78                 ]
79         }
80
81         rabbitmq_user_permissions { 'admin@/':
82                 configure_permission => '.*',
83                 read_permission      => '.*',
84                 write_permission     => '.*',
85                 provider             => 'rabbitmqctl',
86                 require              => Rabbitmq_user['admin']
87         }
88
89         rabbitmq_user_permissions { 'ftpteam@packages':
90                 configure_permission => '.*',
91                 read_permission      => '.*',
92                 write_permission     => '.*',
93                 provider             => 'rabbitmqctl',
94                 require              => [
95                         Rabbitmq_user['ftpteam'],
96                         Rabbitmq_vhost['packages']
97                 ]
98         }
99
100         rabbitmq_user_permissions { 'buildd@buildd':
101                 configure_permission => '.*',
102                 read_permission      => '.*',
103                 write_permission     => '.*',
104                 provider             => 'rabbitmqctl',
105                 require              => [
106                         Rabbitmq_user['buildd'],
107                         Rabbitmq_vhost['buildd']
108                 ]
109         }
110
111         rabbitmq_policy { 'mirror-buildd':
112                 vhost   => 'buildd',
113                 match   => '.*',
114                 policy  => '{"ha-mode":"all"}',
115                 require => Rabbitmq_vhost['buildd']
116         }
117
118         rabbitmq_policy { 'mirror-packages':
119                 vhost   => 'packages',
120                 match   => '.*',
121                 policy  => '{"ha-mode":"all"}',
122                 require => Rabbitmq_vhost['packages']
123         }
124
125         rabbitmq_plugin { 'rabbitmq_management':
126                 ensure   => present,
127                 provider => 'rabbitmqplugins',
128                 require  => Package['rabbitmq-server'],
129                 notify   => Service['rabbitmq-server']
130         }
131         rabbitmq_plugin { 'rabbitmq_management_agent':
132                 ensure   => present,
133                 provider => 'rabbitmqplugins',
134                 require  => Package['rabbitmq-server'],
135                 notify   => Service['rabbitmq-server']
136         }
137         rabbitmq_plugin { 'rabbitmq_tracing':
138                 ensure   => present,
139                 provider => 'rabbitmqplugins',
140                 require  => Package['rabbitmq-server'],
141                 notify   => Service['rabbitmq-server']
142         }
143         rabbitmq_plugin { 'rabbitmq_management_visualiser':
144                 ensure   => present,
145                 provider => 'rabbitmqplugins',
146                 require  => Package['rabbitmq-server'],
147                 notify   => Service['rabbitmq-server']
148         }
149
150         @ferm::rule { 'rabbitmq':
151                 description => 'rabbitmq connections',
152                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
153         }
154
155         @ferm::rule { 'rabbitmq-v6':
156                 domain      => 'ip6',
157                 description => 'rabbitmq connections',
158                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
159         }
160
161         if $::hostname == $cc_master {
162                 $you = $cc_secondary
163         } else {
164                 $you = $cc_master
165         }
166
167         @ferm::rule { 'rabbitmq_cluster':
168                 domain      => '(ip ip6)',
169                 description => 'rabbitmq cluster connections',
170                 rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
171         }
172         @ferm::rule { 'rabbitmq_mgmt':
173                 description => 'rabbitmq cluster connections',
174                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
175         }
176         @ferm::rule { 'rabbitmq_mgmt_v6':
177                 domain      => '(ip6)',
178                 description => 'rabbitmq cluster connections',
179                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'
180         }
181 }
Unnamed repository; edit this file 'description' to name the repository.