modules/roles/manifests/pubsub.pp

   1 class roles::pubsub {
   2         include roles::pubsub::params
   3
   4         $cluster_cookie = $roles::pubsub::params::cluster_cookie
   5         $admin_password = $roles::pubsub::params::admin_password
   6         $cc_master      = rainier
   7         $cc_secondary   = rapoport
   8
   9         class { 'rabbitmq':
  10                 cluster           => true,
  11                 clustermembers    => [
  12                         "rabbit@${cc_master}",
  13                         "rabbit@${cc_secondary}",
  14                 ],
  15                 clustercookie     => '8r17so6o1s124ns49sr08n0o24342160',
  16                 delete_guest_user => true,
  17                 master            => $cc_master,
  18         }
  19
  20         rabbitmq_user { 'admin':
  21                 admin    => true,
  22                 password => $admin_password,
  23                 provider => 'rabbitmqctl',
  24         }
  25
  26         rabbitmq_vhost { 'packages':
  27                 ensure   => present,
  28                 provider => 'rabbitmqctl',
  29         }
  30
  31         rabbitmq_user_permissions { 'admin@packages':
  32                 configure_permission => '.*',
  33                 read_permission      => '.*',
  34                 write_permission     => '.*',
  35                 provider             => 'rabbitmqctl',
  36                 require              => [
  37                         Rabbitmq_user['admin'],
  38                         Rabbitmq_vhost['packages']
  39                 ]
  40         }
  41
  42         rabbitmq_user_permissions { 'admin@/':
  43                 configure_permission => '.*',
  44                 read_permission      => '.*',
  45                 write_permission     => '.*',
  46                 provider             => 'rabbitmqctl',
  47                 require              => Rabbitmq_user['admin']
  48         }
  49
  50         @ferm::rule { 'rabbitmq':
  51                 description => 'rabbitmq connections',
  52                 rule        => '&SERVICE_RANGE(tcp, 5672, $HOST_DEBIAN_V4)'
  53         }
  54
  55         @ferm::rule { 'rabbitmq-v6':
  56                 domain      => 'ip6',
  57                 description => 'rabbitmq connections',
  58                 rule        => '&SERVICE_RANGE(tcp, 5672, $HOST_DEBIAN_V6)'
  59         }
  60
  61         if $::hostname == $cc_master {
  62                 $you = $cc_secondary
  63         } else {
  64                 $you = $cc_master
  65         }
  66
  67         @ferm::rule { 'rabbitmq_cluster':
  68                 domain      => '(ip ip6)',
  69                 description => 'rabbitmq cluster connections',
  70                 rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
  71         }
  72 }