modules/roles/manifests/pubsub.pp

   1 class roles::pubsub {
   2         include roles::pubsub::params
   3
   4         $cluster_cookie = $roles::pubsub::params::cluster_cookie
   5         $admin_password = $roles::pubsub::params::admin_password
   6         $ftp_password   = $roles::pubsub::params::ftp_password
   7         $cc_master      = rainier
   8         $cc_secondary   = rapoport
   9
  10         class { 'rabbitmq':
  11                 cluster           => true,
  12                 clustermembers    => [
  13                         "rabbit@${cc_master}",
  14                         "rabbit@${cc_secondary}",
  15                 ],
  16                 clustercookie     => '8r17so6o1s124ns49sr08n0o24342160',
  17                 delete_guest_user => true,
  18                 master            => $cc_master,
  19         }
  20
  21         user { 'rabbitmq':
  22                 groups => 'ssl-cert'
  23         }
  24
  25         concat::fragment { 'rabbit_ssl':
  26                 target => '/etc/rabbitmq/rabbitmq.config',
  27                 order  => 35,
  28                 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
  29         }
  30
  31         rabbitmq_user { 'admin':
  32                 admin    => true,
  33                 password => $admin_password,
  34                 provider => 'rabbitmqctl',
  35         }
  36
  37         rabbitmq_user { 'ftpteam':
  38                 admin    => true,
  39                 password => $ftp_password,
  40                 provider => 'rabbitmqctl',
  41         }
  42
  43         rabbitmq_vhost { 'packages':
  44                 ensure   => present,
  45                 provider => 'rabbitmqctl',
  46         }
  47
  48         rabbitmq_user_permissions { 'admin@packages':
  49                 configure_permission => '.*',
  50                 read_permission      => '.*',
  51                 write_permission     => '.*',
  52                 provider             => 'rabbitmqctl',
  53                 require              => [
  54                         Rabbitmq_user['admin'],
  55                         Rabbitmq_vhost['packages']
  56                 ]
  57         }
  58
  59         rabbitmq_user_permissions { 'admin@/':
  60                 configure_permission => '.*',
  61                 read_permission      => '.*',
  62                 write_permission     => '.*',
  63                 provider             => 'rabbitmqctl',
  64                 require              => Rabbitmq_user['admin']
  65         }
  66
  67         rabbitmq_user_permissions { 'ftpteam@packages':
  68                 configure_permission => '.*',
  69                 read_permission      => '.*',
  70                 write_permission     => '.*',
  71                 provider             => 'rabbitmqctl',
  72                 require              => [
  73                         Rabbitmq_user['ftpteam'],
  74                         Rabbitmq_vhost['packages']
  75                 ]
  76         }
  77
  78         rabbitmq_policy { 'mirror-packages':
  79                 vhost   => 'packages',
  80                 match   => '.*',
  81                 policy  => '{"ha-mode":"all"}',
  82                 require => Rabbitmq_vhost['packages']
  83         }
  84
  85         rabbitmq_plugin { 'rabbitmq_management':
  86                 ensure   => present,
  87                 provider => 'rabbitmqplugins',
  88                 require  => Package['rabbitmq-server'],
  89                 notify   => Service['rabbitmq-server']
  90         }
  91         rabbitmq_plugin { 'rabbitmq_management_agent':
  92                 ensure   => present,
  93                 provider => 'rabbitmqplugins',
  94                 require  => Package['rabbitmq-server'],
  95                 notify   => Service['rabbitmq-server']
  96         }
  97         rabbitmq_plugin { 'rabbitmq_tracing':
  98                 ensure   => present,
  99                 provider => 'rabbitmqplugins',
 100                 require  => Package['rabbitmq-server'],
 101                 notify   => Service['rabbitmq-server']
 102         }
 103         rabbitmq_plugin { 'rabbitmq_management_visualiser':
 104                 ensure   => present,
 105                 provider => 'rabbitmqplugins',
 106                 require  => Package['rabbitmq-server'],
 107                 notify   => Service['rabbitmq-server']
 108         }
 109
 110         @ferm::rule { 'rabbitmq':
 111                 description => 'rabbitmq connections',
 112                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
 113         }
 114
 115         @ferm::rule { 'rabbitmq-v6':
 116                 domain      => 'ip6',
 117                 description => 'rabbitmq connections',
 118                 rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
 119         }
 120
 121         if $::hostname == $cc_master {
 122                 $you = $cc_secondary
 123         } else {
 124                 $you = $cc_master
 125         }
 126
 127         @ferm::rule { 'rabbitmq_cluster':
 128                 domain      => '(ip ip6)',
 129                 description => 'rabbitmq cluster connections',
 130                 rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
 131         }
 132         @ferm::rule { 'rabbitmq_mgmt':
 133                 description => 'rabbitmq cluster connections',
 134                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
 135         }
 136         @ferm::rule { 'rabbitmq_mgmt_v6':
 137                 domain      => '(ip6)',
 138                 description => 'rabbitmq cluster connections',
 139                 rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'
 140         }
 141 }