modules/roles/manifests/pubsub.pp

   1 class roles::pubsub {
   2         include roles::pubsub::params
   3
   4         $cluster_cookie = $roles::pubsub::params::cluster_cookie
   5         $admin_password = $roles::pubsub::params::admin_password
   6         $ftp_password   = $roles::pubsub::params::ftp_password
   7         $cc_master      = rainier
   8         $cc_secondary   = rapoport
   9
  10         class { 'rabbitmq':
  11                 cluster           => true,
  12                 clustermembers    => [
  13                         "rabbit@${cc_master}",
  14                         "rabbit@${cc_secondary}",
  15                 ],
  16                 clustercookie     => '8r17so6o1s124ns49sr08n0o24342160',
  17                 delete_guest_user => true,
  18                 master            => $cc_master,
  19         }
  20
  21         rabbitmq_user { 'admin':
  22                 admin    => true,
  23                 password => $admin_password,
  24                 provider => 'rabbitmqctl',
  25         }
  26
  27         rabbitmq_user { 'ftpteam':
  28                 admin    => true,
  29                 password => $ftp_password,
  30                 provider => 'rabbitmqctl',
  31         }
  32
  33         rabbitmq_vhost { 'packages':
  34                 ensure   => present,
  35                 provider => 'rabbitmqctl',
  36         }
  37
  38         rabbitmq_user_permissions { 'admin@packages':
  39                 configure_permission => '.*',
  40                 read_permission      => '.*',
  41                 write_permission     => '.*',
  42                 provider             => 'rabbitmqctl',
  43                 require              => [
  44                         Rabbitmq_user['admin'],
  45                         Rabbitmq_vhost['packages']
  46                 ]
  47         }
  48
  49         rabbitmq_user_permissions { 'admin@/':
  50                 configure_permission => '.*',
  51                 read_permission      => '.*',
  52                 write_permission     => '.*',
  53                 provider             => 'rabbitmqctl',
  54                 require              => Rabbitmq_user['admin']
  55         }
  56
  57         rabbitmq_user_permissions { 'ftpteam@packages':
  58                 configure_permission => '.*',
  59                 read_permission      => '.*',
  60                 write_permission     => '.*',
  61                 provider             => 'rabbitmqctl',
  62                 require              => [
  63                         Rabbitmq_user['ftpteam'],
  64                         Rabbitmq_vhost['packages']
  65                 ]
  66         }
  67
  68         @ferm::rule { 'rabbitmq':
  69                 description => 'rabbitmq connections',
  70                 rule        => '&SERVICE_RANGE(tcp, 5672, $HOST_DEBIAN_V4)'
  71         }
  72
  73         @ferm::rule { 'rabbitmq-v6':
  74                 domain      => 'ip6',
  75                 description => 'rabbitmq connections',
  76                 rule        => '&SERVICE_RANGE(tcp, 5672, $HOST_DEBIAN_V6)'
  77         }
  78
  79         if $::hostname == $cc_master {
  80                 $you = $cc_secondary
  81         } else {
  82                 $you = $cc_master
  83         }
  84
  85         @ferm::rule { 'rabbitmq_cluster':
  86                 domain      => '(ip ip6)',
  87                 description => 'rabbitmq cluster connections',
  88                 rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
  89         }
  90 }