2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
8 $cc_secondary = rapoport
13 "rabbit@${cc_master}",
14 "rabbit@${cc_secondary}",
16 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
17 delete_guest_user => true,
25 concat::fragment { 'rabbit_ssl':
26 target => '/etc/rabbitmq/rabbitmq.config',
28 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
31 rabbitmq_user { 'admin':
33 password => $admin_password,
34 provider => 'rabbitmqctl',
37 rabbitmq_user { 'ftpteam':
39 password => $ftp_password,
40 provider => 'rabbitmqctl',
43 rabbitmq_vhost { 'packages':
45 provider => 'rabbitmqctl',
48 rabbitmq_user_permissions { 'admin@packages':
49 configure_permission => '.*',
50 read_permission => '.*',
51 write_permission => '.*',
52 provider => 'rabbitmqctl',
54 Rabbitmq_user['admin'],
55 Rabbitmq_vhost['packages']
59 rabbitmq_user_permissions { 'admin@/':
60 configure_permission => '.*',
61 read_permission => '.*',
62 write_permission => '.*',
63 provider => 'rabbitmqctl',
64 require => Rabbitmq_user['admin']
67 rabbitmq_user_permissions { 'ftpteam@packages':
68 configure_permission => '.*',
69 read_permission => '.*',
70 write_permission => '.*',
71 provider => 'rabbitmqctl',
73 Rabbitmq_user['ftpteam'],
74 Rabbitmq_vhost['packages']
78 rabbitmq_policy { 'mirror-packages':
81 policy => '{"ha-mode":"all"}',
82 require => Rabbitmq_vhost['packages']
85 rabbitmq_plugin { 'rabbitmq_management':
87 provider => 'rabbitmqplugins',
88 require => Package['rabbitmq-server'],
89 notify => Service['rabbitmq-server']
91 rabbitmq_plugin { 'rabbitmq_management_agent':
93 provider => 'rabbitmqplugins',
94 require => Package['rabbitmq-server'],
95 notify => Service['rabbitmq-server']
97 rabbitmq_plugin { 'rabbitmq_tracing':
99 provider => 'rabbitmqplugins',
100 require => Package['rabbitmq-server'],
101 notify => Service['rabbitmq-server']
103 rabbitmq_plugin { 'rabbitmq_management_visualiser':
105 provider => 'rabbitmqplugins',
106 require => Package['rabbitmq-server'],
107 notify => Service['rabbitmq-server']
110 @ferm::rule { 'rabbitmq':
111 description => 'rabbitmq connections',
112 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
115 @ferm::rule { 'rabbitmq-v6':
117 description => 'rabbitmq connections',
118 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
121 if $::hostname == $cc_master {
127 @ferm::rule { 'rabbitmq_cluster':
128 domain => '(ip ip6)',
129 description => 'rabbitmq cluster connections',
130 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
132 @ferm::rule { 'rabbitmq_mgmt':
133 description => 'rabbitmq cluster connections',
134 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
136 @ferm::rule { 'rabbitmq_mgmt_v6':
138 description => 'rabbitmq cluster connections',
139 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'