2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
7 $buildd_password = $roles::pubsub::params::buildd_password
8 $wbadm_password = $roles::pubsub::params::wbadm_password
11 $cc_secondary = rapoport
16 "rabbit@${cc_master}",
17 "rabbit@${cc_secondary}",
19 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
20 delete_guest_user => true,
28 concat::fragment { 'rabbit_ssl':
29 target => '/etc/rabbitmq/rabbitmq.config',
31 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
34 rabbitmq_user { 'admin':
36 password => $admin_password,
37 provider => 'rabbitmqctl',
40 rabbitmq_user { 'ftpteam':
42 password => $ftp_password,
43 provider => 'rabbitmqctl',
46 rabbitmq_user { 'buildd':
48 password => $buildd_password,
49 provider => 'rabbitmqctl',
52 rabbitmq_user { 'wbadm':
54 password => $wbadm_password,
55 provider => 'rabbitmqctl',
58 rabbitmq_vhost { 'packages':
60 provider => 'rabbitmqctl',
63 rabbitmq_vhost { 'buildd':
65 provider => 'rabbitmqctl',
68 rabbitmq_user_permissions { 'admin@buildd':
69 configure_permission => '.*',
70 read_permission => '.*',
71 write_permission => '.*',
72 provider => 'rabbitmqctl',
74 Rabbitmq_user['admin'],
75 Rabbitmq_vhost['buildd']
78 rabbitmq_user_permissions { 'admin@packages':
79 configure_permission => '.*',
80 read_permission => '.*',
81 write_permission => '.*',
82 provider => 'rabbitmqctl',
84 Rabbitmq_user['admin'],
85 Rabbitmq_vhost['packages']
89 rabbitmq_user_permissions { 'admin@/':
90 configure_permission => '.*',
91 read_permission => '.*',
92 write_permission => '.*',
93 provider => 'rabbitmqctl',
94 require => Rabbitmq_user['admin']
97 rabbitmq_user_permissions { 'ftpteam@packages':
98 configure_permission => '.*',
99 read_permission => '.*',
100 write_permission => '.*',
101 provider => 'rabbitmqctl',
103 Rabbitmq_user['ftpteam'],
104 Rabbitmq_vhost['packages']
108 rabbitmq_user_permissions { 'buildd@buildd':
109 configure_permission => '.*',
110 read_permission => '.*',
111 write_permission => '.*',
112 provider => 'rabbitmqctl',
114 Rabbitmq_user['buildd'],
115 Rabbitmq_vhost['buildd']
119 rabbitmq_policy { 'mirror-buildd':
122 policy => '{"ha-mode":"all"}',
123 require => Rabbitmq_vhost['buildd']
126 rabbitmq_policy { 'mirror-packages':
129 policy => '{"ha-mode":"all"}',
130 require => Rabbitmq_vhost['packages']
133 rabbitmq_plugin { 'rabbitmq_management':
135 provider => 'rabbitmqplugins',
136 require => Package['rabbitmq-server'],
137 notify => Service['rabbitmq-server']
139 rabbitmq_plugin { 'rabbitmq_management_agent':
141 provider => 'rabbitmqplugins',
142 require => Package['rabbitmq-server'],
143 notify => Service['rabbitmq-server']
145 rabbitmq_plugin { 'rabbitmq_tracing':
147 provider => 'rabbitmqplugins',
148 require => Package['rabbitmq-server'],
149 notify => Service['rabbitmq-server']
151 rabbitmq_plugin { 'rabbitmq_management_visualiser':
153 provider => 'rabbitmqplugins',
154 require => Package['rabbitmq-server'],
155 notify => Service['rabbitmq-server']
158 @ferm::rule { 'rabbitmq':
159 description => 'rabbitmq connections',
160 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
163 @ferm::rule { 'rabbitmq-v6':
165 description => 'rabbitmq connections',
166 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
169 if $::hostname == $cc_master {
175 @ferm::rule { 'rabbitmq_cluster':
176 domain => '(ip ip6)',
177 description => 'rabbitmq cluster connections',
178 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
180 @ferm::rule { 'rabbitmq_mgmt':
181 description => 'rabbitmq cluster connections',
182 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
184 @ferm::rule { 'rabbitmq_mgmt_v6':
186 description => 'rabbitmq cluster connections',
187 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'