3rdparty/modules/rabbitmq/manifests/config.pp

   1 # Class: rabbitmq::config
   2 # Sets all the configuration values for RabbitMQ and creates the directories for
   3 # config and ssl.
   4 class rabbitmq::config {
   5
   6   $admin_enable                        = $rabbitmq::admin_enable
   7   $cluster_node_type                   = $rabbitmq::cluster_node_type
   8   $cluster_nodes                       = $rabbitmq::cluster_nodes
   9   $config                              = $rabbitmq::config
  10   $config_cluster                      = $rabbitmq::config_cluster
  11   $config_path                         = $rabbitmq::config_path
  12   $config_ranch                        = $rabbitmq::config_ranch
  13   $config_stomp                        = $rabbitmq::config_stomp
  14   $config_shovel                       = $rabbitmq::config_shovel
  15   $config_shovel_statics               = $rabbitmq::config_shovel_statics
  16   $default_user                        = $rabbitmq::default_user
  17   $default_pass                        = $rabbitmq::default_pass
  18   $env_config                          = $rabbitmq::env_config
  19   $env_config_path                     = $rabbitmq::env_config_path
  20   $erlang_cookie                       = $rabbitmq::erlang_cookie
  21   $interface                           = $rabbitmq::interface
  22   $management_port                     = $rabbitmq::management_port
  23   $management_ssl                      = $rabbitmq::management_ssl
  24   $management_hostname                 = $rabbitmq::management_hostname
  25   $node_ip_address                     = $rabbitmq::node_ip_address
  26   $rabbitmq_user                       = $rabbitmq::rabbitmq_user
  27   $rabbitmq_group                      = $rabbitmq::rabbitmq_group
  28   $rabbitmq_home                       = $rabbitmq::rabbitmq_home
  29   $port                                = $rabbitmq::port
  30   $tcp_keepalive                       = $rabbitmq::tcp_keepalive
  31   $tcp_backlog                         = $rabbitmq::tcp_backlog
  32   $tcp_sndbuf                          = $rabbitmq::tcp_sndbuf
  33   $tcp_recbuf                          = $rabbitmq::tcp_recbuf
  34   $heartbeat                           = $rabbitmq::heartbeat
  35   $service_name                        = $rabbitmq::service_name
  36   $ssl                                 = $rabbitmq::ssl
  37   $ssl_only                            = $rabbitmq::ssl_only
  38   $ssl_cacert                          = $rabbitmq::ssl_cacert
  39   $ssl_cert                            = $rabbitmq::ssl_cert
  40   $ssl_key                             = $rabbitmq::ssl_key
  41   $ssl_depth                           = $rabbitmq::ssl_depth
  42   $ssl_cert_password                   = $rabbitmq::ssl_cert_password
  43   $ssl_port                            = $rabbitmq::ssl_port
  44   $ssl_interface                       = $rabbitmq::ssl_interface
  45   $ssl_management_port                 = $rabbitmq::ssl_management_port
  46   $ssl_management_verify               = $rabbitmq::ssl_management_verify
  47   $ssl_management_fail_if_no_peer_cert = $rabbitmq::ssl_management_fail_if_no_peer_cert
  48   $ssl_stomp_port                      = $rabbitmq::ssl_stomp_port
  49   $ssl_verify                          = $rabbitmq::ssl_verify
  50   $ssl_fail_if_no_peer_cert            = $rabbitmq::ssl_fail_if_no_peer_cert
  51   $ssl_secure_renegotiate              = $rabbitmq::ssl_secure_renegotiate
  52   $ssl_reuse_sessions                  = $rabbitmq::ssl_reuse_sessions
  53   $ssl_honor_cipher_order              = $rabbitmq::ssl_honor_cipher_order
  54   $ssl_dhfile                          = $rabbitmq::ssl_dhfile
  55   $ssl_versions                        = $rabbitmq::ssl_versions
  56   $ssl_ciphers                         = $rabbitmq::ssl_ciphers
  57   $stomp_port                          = $rabbitmq::stomp_port
  58   $stomp_ssl_only                      = $rabbitmq::stomp_ssl_only
  59   $ldap_auth                           = $rabbitmq::ldap_auth
  60   $ldap_server                         = $rabbitmq::ldap_server
  61   $ldap_user_dn_pattern                = $rabbitmq::ldap_user_dn_pattern
  62   $ldap_other_bind                     = $rabbitmq::ldap_other_bind
  63   $ldap_use_ssl                        = $rabbitmq::ldap_use_ssl
  64   $ldap_port                           = $rabbitmq::ldap_port
  65   $ldap_log                            = $rabbitmq::ldap_log
  66   $ldap_config_variables               = $rabbitmq::ldap_config_variables
  67   $wipe_db_on_cookie_change            = $rabbitmq::wipe_db_on_cookie_change
  68   $config_variables                    = $rabbitmq::config_variables
  69   $config_kernel_variables             = $rabbitmq::config_kernel_variables
  70   $config_management_variables         = $rabbitmq::config_management_variables
  71   $config_additional_variables         = $rabbitmq::config_additional_variables
  72   $auth_backends                       = $rabbitmq::auth_backends
  73   $cluster_partition_handling          = $rabbitmq::cluster_partition_handling
  74   $file_limit                          = $rabbitmq::file_limit
  75   $collect_statistics_interval         = $rabbitmq::collect_statistics_interval
  76   $ipv6                                = $rabbitmq::ipv6
  77   $inetrc_config                       = $rabbitmq::inetrc_config
  78   $inetrc_config_path                  = $rabbitmq::inetrc_config_path
  79   $ssl_erl_dist                        = $rabbitmq::ssl_erl_dist
  80
  81   if $ssl_only {
  82     $default_ssl_env_variables = {}
  83   } else {
  84     $default_ssl_env_variables = {
  85       'NODE_PORT'        => $port,
  86       'NODE_IP_ADDRESS'  => $node_ip_address,
  87     }
  88   }
  89
  90   # This seems like a sensible default, and I think we have to assign it here
  91   # to be safe. Use $node_ip_address (which can also be undef) if
  92   # $management_ip_address is not set.
  93   if $rabbitmq::management_ip_address {
  94     $management_ip_address = $rabbitmq::management_ip_address
  95   } else {
  96     $management_ip_address = $rabbitmq::node_ip_address
  97   }
  98
  99   $inetrc_env = {'export ERL_INETRC' => $inetrc_config_path}
 100
 101   # Handle env variables.
 102   $_environment_variables = $default_ssl_env_variables + $inetrc_env + $rabbitmq::environment_variables
 103
 104   if $ipv6 or $ssl_erl_dist {
 105     # must append "-proto_dist inet6_tcp" to any provided ERL_ARGS for
 106     # both the server and rabbitmqctl, being careful not to mess up
 107     # quoting. If both IPv6 and TLS are enabled, we must use "inet6_tls".
 108     # Finally, if only TLS is enabled (no IPv6), the -proto_dist value to use
 109     # is "inet_tls".
 110     if $ipv6 and $ssl_erl_dist {
 111       $proto_dist = 'inet6_tls'
 112       $ssl_path = " -pa ${::erl_ssl_path} "
 113     } elsif $ssl_erl_dist {
 114       $proto_dist = 'inet_tls'
 115       $ssl_path = " -pa ${::erl_ssl_path} "
 116     } else {
 117       $proto_dist = 'inet6_tcp'
 118       $ssl_path = ''
 119     }
 120     $ipv6_or_tls_env = ['SERVER', 'CTL'].reduce({}) |$memo, $item| {
 121       $orig = $_environment_variables["RABBITMQ_${item}_ERL_ARGS"]
 122       $munged = $orig ? {
 123         # already quoted, keep quoting
 124         /^([\'\"])(.*)\1/ => "${1}${2}${ssl_path} -proto_dist ${proto_dist}${1}",
 125         # unset, add our own quoted value
 126         undef             => "\"${ssl_path}-proto_dist ${proto_dist}\"",
 127         # previously unquoted value, add quoting
 128         default           => "\"${orig}${ssl_path} -proto_dist ${proto_dist}\"",
 129       }
 130
 131       merge($memo, {"RABBITMQ_${item}_ERL_ARGS" => $munged})
 132     }
 133
 134     $environment_variables = $_environment_variables + $ipv6_or_tls_env
 135   } else {
 136     $environment_variables = $_environment_variables
 137   }
 138
 139   file { '/etc/rabbitmq':
 140     ensure => directory,
 141     owner  => '0',
 142     group  => '0',
 143     mode   => '0755',
 144   }
 145
 146   file { '/etc/rabbitmq/ssl':
 147     ensure => directory,
 148     owner  => '0',
 149     group  => '0',
 150     mode   => '0755',
 151   }
 152
 153   file { 'rabbitmq.config':
 154     ensure  => file,
 155     path    => $config_path,
 156     content => template($config),
 157     owner   => '0',
 158     group   => $rabbitmq_group,
 159     mode    => '0640',
 160     notify  => Class['rabbitmq::service'],
 161   }
 162
 163   file { 'rabbitmq-env.config':
 164     ensure  => file,
 165     path    => $env_config_path,
 166     content => template($env_config),
 167     owner   => '0',
 168     group   => $rabbitmq_group,
 169     mode    => '0640',
 170     notify  => Class['rabbitmq::service'],
 171   }
 172
 173   file { 'rabbitmq-inetrc':
 174     ensure  => file,
 175     path    => $inetrc_config_path,
 176     content => template($inetrc_config),
 177     owner   => '0',
 178     group   => $rabbitmq_group,
 179     mode    => '0640',
 180     notify  => Class['rabbitmq::service'],
 181   }
 182
 183   if $admin_enable {
 184     file { 'rabbitmqadmin.conf':
 185       ensure  => file,
 186       path    => '/etc/rabbitmq/rabbitmqadmin.conf',
 187       content => template('rabbitmq/rabbitmqadmin.conf.erb'),
 188       owner   => '0',
 189       group   => $rabbitmq_group,
 190       mode    => '0640',
 191       require => File['/etc/rabbitmq'],
 192     }
 193   }
 194
 195   case $facts['os']['family'] {
 196     'Debian': {
 197       if versioncmp($facts['os']['release']['full'], '16.04') >= 0 {
 198         file { '/etc/systemd/system/rabbitmq-server.service.d':
 199           ensure                  => directory,
 200           owner                   => '0',
 201           group                   => '0',
 202           mode                    => '0755',
 203           selinux_ignore_defaults => true,
 204         }
 205         -> file { '/etc/systemd/system/rabbitmq-server.service.d/limits.conf':
 206           content => template('rabbitmq/rabbitmq-server.service.d/limits.conf'),
 207           owner   => '0',
 208           group   => '0',
 209           mode    => '0644',
 210           notify  => Exec['rabbitmq-systemd-reload'],
 211         }
 212         exec { 'rabbitmq-systemd-reload':
 213           command     => '/bin/systemctl daemon-reload',
 214           notify      => Class['Rabbitmq::Service'],
 215           refreshonly => true,
 216         }
 217       }
 218       file { '/etc/default/rabbitmq-server':
 219         ensure  => file,
 220         content => template('rabbitmq/default.erb'),
 221         mode    => '0644',
 222         owner   => '0',
 223         group   => '0',
 224         notify  => Class['rabbitmq::service'],
 225       }
 226     }
 227     'RedHat': {
 228       if versioncmp($facts['os']['release']['major'], '7') >= 0 {
 229         file { '/etc/systemd/system/rabbitmq-server.service.d':
 230           ensure                  => directory,
 231           owner                   => '0',
 232           group                   => '0',
 233           mode                    => '0755',
 234           selinux_ignore_defaults => true,
 235         }
 236         -> file { '/etc/systemd/system/rabbitmq-server.service.d/limits.conf':
 237           content => template('rabbitmq/rabbitmq-server.service.d/limits.conf'),
 238           owner   => '0',
 239           group   => '0',
 240           mode    => '0644',
 241           notify  => Exec['rabbitmq-systemd-reload'],
 242         }
 243         exec { 'rabbitmq-systemd-reload':
 244           command     => '/bin/systemctl daemon-reload',
 245           notify      => Class['Rabbitmq::Service'],
 246           refreshonly => true,
 247         }
 248       }
 249       file { '/etc/security/limits.d/rabbitmq-server.conf':
 250         content => template('rabbitmq/limits.conf'),
 251         owner   => '0',
 252         group   => '0',
 253         mode    => '0644',
 254         notify  => Class['Rabbitmq::Service'],
 255       }
 256     }
 257     'Archlinux': {
 258       file { '/etc/systemd/system/rabbitmq.service.d':
 259         ensure                  => directory,
 260         owner                   => '0',
 261         group                   => '0',
 262         mode                    => '0755',
 263         selinux_ignore_defaults => true,
 264       }
 265       -> file { '/etc/systemd/system/rabbitmq.service.d/limits.conf':
 266         content => template('rabbitmq/rabbitmq-server.service.d/limits.conf'),
 267         owner   => '0',
 268         group   => '0',
 269         mode    => '0644',
 270         notify  => Exec['rabbitmq-systemd-reload'],
 271       }
 272       exec { 'rabbitmq-systemd-reload':
 273         command     => '/bin/systemctl daemon-reload',
 274         notify      => Class['Rabbitmq::Service'],
 275         refreshonly => true,
 276       }
 277     }
 278     default: {
 279     }
 280   }
 281
 282   if $erlang_cookie == undef and $config_cluster {
 283     fail('You must set the $erlang_cookie value in order to configure clustering.')
 284   } elsif $erlang_cookie != undef {
 285     rabbitmq_erlang_cookie { "${rabbitmq_home}/.erlang.cookie":
 286       content        => $erlang_cookie,
 287       force          => $wipe_db_on_cookie_change,
 288       rabbitmq_user  => $rabbitmq_user,
 289       rabbitmq_group => $rabbitmq_group,
 290       rabbitmq_home  => $rabbitmq_home,
 291       service_name   => $service_name,
 292       before         => File['rabbitmq.config'],
 293       notify         => Class['rabbitmq::service'],
 294     }
 295   }
 296 }