2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
7 $buildd_password = $roles::pubsub::params::ftp_password
9 $cc_secondary = rapoport
14 "rabbit@${cc_master}",
15 "rabbit@${cc_secondary}",
17 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
18 delete_guest_user => true,
26 concat::fragment { 'rabbit_ssl':
27 target => '/etc/rabbitmq/rabbitmq.config',
29 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
32 rabbitmq_user { 'admin':
34 password => $admin_password,
35 provider => 'rabbitmqctl',
38 rabbitmq_user { 'ftpteam':
40 password => $ftp_password,
41 provider => 'rabbitmqctl',
44 rabbitmq_user { 'buildd':
46 password => $buildd_password,
47 provider => 'rabbitmqctl',
50 rabbitmq_vhost { 'packages':
52 provider => 'rabbitmqctl',
55 rabbitmq_vhost { 'buildd':
57 provider => 'rabbitmqctl',
60 rabbitmq_user_permissions { 'admin@buildd':
61 configure_permission => '.*',
62 read_permission => '.*',
63 write_permission => '.*',
64 provider => 'rabbitmqctl',
66 Rabbitmq_user['admin'],
67 Rabbitmq_vhost['buildd']
70 rabbitmq_user_permissions { 'admin@packages':
71 configure_permission => '.*',
72 read_permission => '.*',
73 write_permission => '.*',
74 provider => 'rabbitmqctl',
76 Rabbitmq_user['admin'],
77 Rabbitmq_vhost['packages']
81 rabbitmq_user_permissions { 'admin@/':
82 configure_permission => '.*',
83 read_permission => '.*',
84 write_permission => '.*',
85 provider => 'rabbitmqctl',
86 require => Rabbitmq_user['admin']
89 rabbitmq_user_permissions { 'ftpteam@packages':
90 configure_permission => '.*',
91 read_permission => '.*',
92 write_permission => '.*',
93 provider => 'rabbitmqctl',
95 Rabbitmq_user['ftpteam'],
96 Rabbitmq_vhost['packages']
100 rabbitmq_user_permissions { 'buildd@buildd':
101 configure_permission => '.*',
102 read_permission => '.*',
103 write_permission => '.*',
104 provider => 'rabbitmqctl',
106 Rabbitmq_user['buildd'],
107 Rabbitmq_vhost['buildd']
111 rabbitmq_policy { 'mirror-buildd':
114 policy => '{"ha-mode":"all"}',
115 require => Rabbitmq_vhost['buildd']
118 rabbitmq_policy { 'mirror-packages':
121 policy => '{"ha-mode":"all"}',
122 require => Rabbitmq_vhost['packages']
125 rabbitmq_plugin { 'rabbitmq_management':
127 provider => 'rabbitmqplugins',
128 require => Package['rabbitmq-server'],
129 notify => Service['rabbitmq-server']
131 rabbitmq_plugin { 'rabbitmq_management_agent':
133 provider => 'rabbitmqplugins',
134 require => Package['rabbitmq-server'],
135 notify => Service['rabbitmq-server']
137 rabbitmq_plugin { 'rabbitmq_tracing':
139 provider => 'rabbitmqplugins',
140 require => Package['rabbitmq-server'],
141 notify => Service['rabbitmq-server']
143 rabbitmq_plugin { 'rabbitmq_management_visualiser':
145 provider => 'rabbitmqplugins',
146 require => Package['rabbitmq-server'],
147 notify => Service['rabbitmq-server']
150 @ferm::rule { 'rabbitmq':
151 description => 'rabbitmq connections',
152 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
155 @ferm::rule { 'rabbitmq-v6':
157 description => 'rabbitmq connections',
158 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
161 if $::hostname == $cc_master {
167 @ferm::rule { 'rabbitmq_cluster':
168 domain => '(ip ip6)',
169 description => 'rabbitmq cluster connections',
170 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
172 @ferm::rule { 'rabbitmq_mgmt':
173 description => 'rabbitmq cluster connections',
174 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
176 @ferm::rule { 'rabbitmq_mgmt_v6':
178 description => 'rabbitmq cluster connections',
179 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'