Merge branch 'master' of ssh://handel.debian.org/~/dsa-puppet

diff --git a/modules/rabbitmq/manifests/autouser.pp b/modules/rabbitmq/manifests/autouser.pp
new file mode 100644 (file)
index 0000000..90758b7
--- /dev/null
+++ b/modules/rabbitmq/manifests/autouser.pp
@@ -0,0 +1,32 @@
+# == Define: rabbitmq::autouser
+#
+# Create a user in rabbitmq automatically for debian.org hosts
+# Should automatically create a password
+#
+# === Parameters
+#
+# === Examples
+#
+#  rabbitmq::autouser { 'master.debian.org': }
+#
+define rabbitmq::autouser () {
+
+       $rabbit_password = hkdf('/etc/puppet/secret', "mq-client-${name}")
+
+       rabbitmq_user { $name:
+               admin    => false,
+               password => $rabbit_password,
+               provider => 'rabbitmqctl',
+       }
+
+       rabbitmq_user_permissions { "${name}@dsa":
+               configure_permission => '.*',
+               read_permission      => '.*',
+               write_permission     => '.*',
+               provider             => 'rabbitmqctl',
+               require              => [
+                       Rabbitmq_user[$name],
+                       Rabbitmq_vhost['dsa']
+               ]
+       }
+}

diff --git a/modules/roles/manifests/pubsub/entities.pp b/modules/roles/manifests/pubsub/entities.pp
index 5496aed26478d3f7fa5f30f9dcc742e569753679..5248bbc75254a67794eb755814ab0d9124803f9c 100644 (file)
--- a/modules/roles/manifests/pubsub/entities.pp
+++ b/modules/roles/manifests/pubsub/entities.pp
@@ -66,6 +66,10 @@ class roles::pubsub::entities {
                provider => 'rabbitmqctl',
        }
 
+       $do_hosts = keys($site::localinfo)
+
+       rabbitmq::autouser { $do_hosts: }
+
        rabbitmq_vhost { 'packages':
                ensure   => present,
                provider => 'rabbitmqctl',
@@ -192,28 +196,6 @@ class roles::pubsub::entities {
                ]
        }
 
-       rabbitmq_user_permissions { 'mailly@dsa':
-               configure_permission => '.*',
-               read_permission      => '.*',
-               write_permission     => '.*',
-               provider             => 'rabbitmqctl',
-               require              => [
-                       Rabbitmq_user['mailly'],
-                       Rabbitmq_vhost['dsa']
-               ]
-       }
-
-       rabbitmq_user_permissions { 'muffat@dsa':
-               configure_permission => '.*',
-               read_permission      => '.*',
-               write_permission     => '.*',
-               provider             => 'rabbitmqctl',
-               require              => [
-                       Rabbitmq_user['muffat'],
-                       Rabbitmq_vhost['dsa']
-               ]
-       }
-
        rabbitmq_user_permissions { 'pet-devel@pet':
                configure_permission => '.*',
                read_permission      => '.*',
@@ -277,11 +259,5 @@ class roles::pubsub::entities {
                require  => Package['rabbitmq-server'],
                notify   => Service['rabbitmq-server']
        }
-       rabbitmq_plugin { 'rabbitmq_auth_mechanism_ssl':
-               ensure   => present,
-               provider => 'rabbitmqplugins',
-               require  => Package['rabbitmq-server'],
-               notify   => Service['rabbitmq-server']
-       }
 
 }

diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index ee11c51584f099e936a08c6526224dfe6697d97a..cecc4ccdcc973d036797beb0afd9e7e8981b9f2b 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -290,6 +290,7 @@ file=/etc/aliases
 file=/etc/multipath.conf
 file=/etc/static-components.conf
 file=/etc/rabbitmq/rabbitmq.config
+file=/etc/rabbitmq/enabled_plugins
 dir=/etc/bacula/storages-list.d
 dir=/etc/bacula/storage-conf.d
 dir=/etc/bacula/conf.d