]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/roles/manifests/pubsub.pp
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add wbadm user
[dsa-puppet.git] / modules / roles / manifests / pubsub.pp
1 class roles::pubsub {
2         include roles::pubsub::params
3
4         $cluster_cookie  = $roles::pubsub::params::cluster_cookie
5         $admin_password  = $roles::pubsub::params::admin_password
6         $ftp_password    = $roles::pubsub::params::ftp_password
7         $buildd_password = $roles::pubsub::params::buildd_password
8         $wbadm_password  = $roles::pubsub::params::wbadm_password
9
10         $cc_master       = rainier
11         $cc_secondary    = rapoport
12
13         class { 'rabbitmq':
14                 cluster           => true,
15                 clustermembers    => [
16                         "rabbit@${cc_master}",
17                         "rabbit@${cc_secondary}",
18                 ],
19                 clustercookie     => '8r17so6o1s124ns49sr08n0o24342160',
20                 delete_guest_user => true,
21                 master            => $cc_master,
22         }
23
24         user { 'rabbitmq':
25                 groups => 'ssl-cert'
26         }
27
28         concat::fragment { 'rabbit_ssl':
29                 target => '/etc/rabbitmq/rabbitmq.config',
30                 order  => 35,
31                 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
32         }
33
34         rabbitmq_user { 'admin':
35                 admin    => true,
36                 password => $admin_password,
37                 provider => 'rabbitmqctl',
38         }
39
40         rabbitmq_user { 'ftpteam':
41                 admin    => true,
42                 password => $ftp_password,
43                 provider => 'rabbitmqctl',
44         }
45
46         rabbitmq_user { 'buildd':
47                 admin    => true,
48                 password => $buildd_password,
49                 provider => 'rabbitmqctl',
50         }
51
52         rabbitmq_user { 'wbadm':
53                 admin    => true,
54                 password => $wbadm_password,
55                 provider => 'rabbitmqctl',
56         }
57
58         rabbitmq_vhost { 'packages':
59                 ensure   => present,
60                 provider => 'rabbitmqctl',
61         }
62
63         rabbitmq_vhost { 'buildd':
64                 ensure   => present,
65                 provider => 'rabbitmqctl',
66         }
67
68         rabbitmq_user_permissions { 'admin@buildd':
69                 configure_permission => '.*',
70                 read_permission      => '.*',
71                 write_permission     => '.*',
72                 provider             => 'rabbitmqctl',
73                 require              => [
74                         Rabbitmq_user['admin'],
75                         Rabbitmq_vhost['buildd']
76                 ]
77         }
78         rabbitmq_user_permissions { 'admin@packages':
79                 configure_permission => '.*',
80                 read_permission      => '.*',
81                 write_permission     => '.*',
82                 provider             => 'rabbitmqctl',
83                 require              => [
84                         Rabbitmq_user['admin'],
85                         Rabbitmq_vhost['packages']
86                 ]
87         }
88
89         rabbitmq_user_permissions { 'admin@/':
90                 configure_permission => '.*',
91                 read_permission      => '.*',
92                 write_permission     => '.*',
93                 provider             => 'rabbitmqctl',
94                 require              => Rabbitmq_user['admin']
95         }
96
97         rabbitmq_user_permissions { 'ftpteam@packages':
98                 configure_permission => '.*',
99                 read_permission      => '.*',
100                 write_permission     => '.*',
101                 provider             => 'rabbitmqctl',
102                 require              => [
103                         Rabbitmq_user['ftpteam'],
104                         Rabbitmq_vhost['packages']
105                 ]
106         }
107
108         rabbitmq_user_permissions { 'buildd@buildd':
109                 configure_permission => '.*',
110                 read_permission      => '.*',
111                 write_permission     => '.*',
112                 provider             => 'rabbitmqctl',
113                 require              => [
114                         Rabbitmq_user['buildd'],
115                         Rabbitmq_vhost['buildd']
116                 ]
117         }
118
119         rabbitmq_policy { 'mirror-buildd':
120                 vhost   => 'buildd',
121                 match   => '.*',
122                 policy  => '{"ha-mode":"all"}',
123                 require => Rabbitmq_vhost['buildd']
124         }
125
126         rabbitmq_policy { 'mirror-packages':
127                 vhost   => 'packages',
128                 match   => '.*',
129                 policy  => '{"ha-mode":"all"}',
130                 require => Rabbitmq_vhost['packages']
131         }
132
133         rabbitmq_plugin { 'rabbitmq_management':
134                 ensure   => present,
135                 provider => 'rabbitmqplugins',
136                 require  => Package['rabbitmq-server'],
137                 notify   => Service['rabbitmq-server']
138         }
139         rabbitmq_plugin { 'rabbitmq_management_agent':
140                 ensure   => present,
141                 provider => 'rabbitmqplugins',
142                 require  => Package['rabbitmq-server'],
143                 notify   => Service['rabbitmq-server']
144         }
145         rabbitmq_plugin { 'rabbitmq_tracing':
146                 ensure   => present,
147                 provider => 'rabbitmqplugins',
148                 require  => Package['rabbitmq-server'],
149                 notify   => Service['rabbitmq-server']
150         }
151         rabbitmq_plugin { 'rabbitmq_management_visualiser':
152                 ensure   => present,
153                 provider => 'rabbitmqplugins',
154                 require  => Package['rabbitmq-server'],
155                 notify   => Service['rabbitmq-server']
156         }
157
158         @ferm::rule { 'rabbitmq':
159                 description => 'rabbitmq connections',
160                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
161         }
162
163         @ferm::rule { 'rabbitmq-v6':
164                 domain      => 'ip6',
165                 description => 'rabbitmq connections',
166                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
167         }
168
169         if $::hostname == $cc_master {
170                 $you = $cc_secondary
171         } else {
172                 $you = $cc_master
173         }
174
175         @ferm::rule { 'rabbitmq_cluster':
176                 domain      => '(ip ip6)',
177                 description => 'rabbitmq cluster connections',
178                 rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
179         }
180         @ferm::rule { 'rabbitmq_mgmt':
181                 description => 'rabbitmq cluster connections',
182                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
183         }
184         @ferm::rule { 'rabbitmq_mgmt_v6':
185                 domain      => '(ip6)',
186                 description => 'rabbitmq cluster connections',
187                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'
188         }
189 }
Unnamed repository; edit this file 'description' to name the repository.