2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
7 $buildd_password = $roles::pubsub::params::buildd_password
8 $wbadm_password = $roles::pubsub::params::wbadm_password
11 $cc_secondary = rapoport
16 "rabbit@${cc_master}",
17 "rabbit@${cc_secondary}",
19 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
20 delete_guest_user => true,
28 concat::fragment { 'rabbit_ssl':
29 target => '/etc/rabbitmq/rabbitmq.config',
31 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
34 concat::fragment { 'rabbit_mgmt_ssl':
35 target => '/etc/rabbitmq/rabbitmq.config',
37 source => 'puppet:///modules/roles/pubsub/rabbitmq-mgmt.config'
40 rabbitmq_user { 'admin':
42 password => $admin_password,
43 provider => 'rabbitmqctl',
46 rabbitmq_user { 'ftpteam':
48 password => $ftp_password,
49 provider => 'rabbitmqctl',
52 rabbitmq_user { 'buildd':
54 password => $buildd_password,
55 provider => 'rabbitmqctl',
58 rabbitmq_user { 'wbadm':
60 password => $wbadm_password,
61 provider => 'rabbitmqctl',
64 rabbitmq_vhost { 'packages':
66 provider => 'rabbitmqctl',
69 rabbitmq_vhost { 'buildd':
71 provider => 'rabbitmqctl',
74 rabbitmq_user_permissions { 'admin@buildd':
75 configure_permission => '.*',
76 read_permission => '.*',
77 write_permission => '.*',
78 provider => 'rabbitmqctl',
80 Rabbitmq_user['admin'],
81 Rabbitmq_vhost['buildd']
84 rabbitmq_user_permissions { 'admin@packages':
85 configure_permission => '.*',
86 read_permission => '.*',
87 write_permission => '.*',
88 provider => 'rabbitmqctl',
90 Rabbitmq_user['admin'],
91 Rabbitmq_vhost['packages']
95 rabbitmq_user_permissions { 'admin@/':
96 configure_permission => '.*',
97 read_permission => '.*',
98 write_permission => '.*',
99 provider => 'rabbitmqctl',
100 require => Rabbitmq_user['admin']
103 rabbitmq_user_permissions { 'ftpteam@packages':
104 configure_permission => '.*',
105 read_permission => '.*',
106 write_permission => '.*',
107 provider => 'rabbitmqctl',
109 Rabbitmq_user['ftpteam'],
110 Rabbitmq_vhost['packages']
114 rabbitmq_user_permissions { 'wbadm@packages':
115 read_permission => 'unchecked',
116 write_permission => 'wbadm',
117 provider => 'rabbitmqctl',
119 Rabbitmq_user['wbadm'],
120 Rabbitmq_vhost['packages']
124 rabbitmq_user_permissions { 'buildd@buildd':
125 configure_permission => '.*',
126 read_permission => '.*',
127 write_permission => '.*',
128 provider => 'rabbitmqctl',
130 Rabbitmq_user['buildd'],
131 Rabbitmq_vhost['buildd']
135 rabbitmq_user_permissions { 'wbadm@buildd':
136 configure_permission => '.*',
137 read_permission => '.*',
138 write_permission => '.*',
139 provider => 'rabbitmqctl',
141 Rabbitmq_user['wbadm'],
142 Rabbitmq_vhost['buildd']
146 rabbitmq_policy { 'mirror-buildd':
149 policy => '{"ha-mode":"all"}',
150 require => Rabbitmq_vhost['buildd']
153 rabbitmq_policy { 'mirror-packages':
156 policy => '{"ha-mode":"all"}',
157 require => Rabbitmq_vhost['packages']
160 rabbitmq_plugin { 'rabbitmq_management':
162 provider => 'rabbitmqplugins',
163 require => Package['rabbitmq-server'],
164 notify => Service['rabbitmq-server']
166 rabbitmq_plugin { 'rabbitmq_management_agent':
168 provider => 'rabbitmqplugins',
169 require => Package['rabbitmq-server'],
170 notify => Service['rabbitmq-server']
172 rabbitmq_plugin { 'rabbitmq_tracing':
174 provider => 'rabbitmqplugins',
175 require => Package['rabbitmq-server'],
176 notify => Service['rabbitmq-server']
178 rabbitmq_plugin { 'rabbitmq_management_visualiser':
180 provider => 'rabbitmqplugins',
181 require => Package['rabbitmq-server'],
182 notify => Service['rabbitmq-server']
185 @ferm::rule { 'rabbitmq':
186 description => 'rabbitmq connections',
187 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
190 @ferm::rule { 'rabbitmq-v6':
192 description => 'rabbitmq connections',
193 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
196 @ferm::rule { 'rabbitmq-adm':
197 description => 'rabbitmq connections',
198 rule => '&SERVICE_RANGE(tcp, 5671, $DSA_IPS)'
201 @ferm::rule { 'rabbitmq-v6-adm':
203 description => 'rabbitmq connections',
204 rule => '&SERVICE_RANGE(tcp, 5671, $DSA_V6_IPS)'
207 if $::hostname == $cc_master {
213 @ferm::rule { 'rabbitmq_cluster':
214 domain => '(ip ip6)',
215 description => 'rabbitmq cluster connections',
216 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
218 @ferm::rule { 'rabbitmq_mgmt':
219 description => 'rabbitmq cluster connections',
220 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
222 @ferm::rule { 'rabbitmq_mgmt_v6':
224 description => 'rabbitmq cluster connections',
225 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'