3 # @summary A module to manage RabbitMQ
8 # @example rabbitmq class
10 # service_manage => false,
12 # delete_guest_user => true,
15 # @example Offline installation from local mirror:
18 # key_content => template('openstack/rabbit.pub.key'),
19 # package_gpg_key => '/tmp/rabbit.pub.key',
22 # @example Use external package key source for any (apt/rpm) package provider:
24 # package_gpg_key => 'http://www.some_site.some_domain/some_key.pub.key',
27 # @example To use RabbitMQ Environment Variables, use the parameters `environment_variables` e.g.:
31 # environment_variables => {
32 # 'NODENAME' => 'node01',
33 # 'SERVICENAME' => 'RabbitMQ'
37 # @example Change RabbitMQ Config Variables in rabbitmq.config:
41 # config_variables => {
42 # 'hipe_compile' => true,
43 # 'frame_max' => 131072,
44 # 'log_levels' => "[{connection, info}]"
48 # @example Change Erlang Kernel Config Variables in rabbitmq.config
51 # config_kernel_variables => {
52 # 'inet_dist_listen_min' => 9100,
53 # 'inet_dist_listen_max' => 9105,
56 # @example Change Management Plugin Config Variables in rabbitmq.config
58 # config_management_variables => {
59 # 'rates_mode' => 'basic',
63 # @example Change Additional Config Variables in rabbitmq.config
65 # config_additional_variables => {
66 # 'autocluster' => '[{consul_service, "rabbit"},{cluster_name, "rabbit"}]',
67 # 'foo' => '[{bar, "baz"}]'
70 # This will result in the following config appended to the config file:
71 # {autocluster, [{consul_service, "rabbit"},{cluster_name, "rabbit"}]},
72 # {foo, [{bar, "baz"}]}
73 # (This is required for the [autocluster plugin](https://github.com/aweber/rabbitmq-autocluster)
75 # @example Use RabbitMQ clustering facilities
77 # config_cluster => true,
78 # cluster_nodes => ['rabbit1', 'rabbit2'],
79 # cluster_node_type => 'ram',
80 # erlang_cookie => 'A_SECRET_COOKIE_STRING',
81 # wipe_db_on_cookie_change => true,
84 # @param admin_enable If enabled sets up the management interface/plugin for RabbitMQ.
85 # @param auth_backends An array specifying authorization/authentication backend to use. Single quotes should be placed around array entries, ex. ['{foo, baz}', 'baz'] Defaults to [rabbit_auth_backend_internal], and if using LDAP defaults to [rabbit_auth_backend_internal, rabbit_auth_backend_ldap].
86 # @param cluster_node_type Choose between disc and ram nodes.
87 # @param cluster_nodes An array of nodes for clustering.
88 # @param cluster_partition_handling Value to set for `cluster_partition_handling` RabbitMQ configuration variable.
89 # @param collect_statistics_interval Set the collect_statistics_interval in rabbitmq.config
90 # @param config The file to use as the rabbitmq.config template.
91 # @param config_additional_variables Additional config variables in rabbitmq.config
92 # @param config_cluster Enable or disable clustering support.
93 # @param config_kernel_variables Hash of Erlang kernel configuration variables to set (see [Variables Configurable in rabbitmq.config](#variables-configurable-in-rabbitmq.config)).
94 # @param config_path The path to write the RabbitMQ configuration file to.
95 # @param config_ranch When true, suppress config directives needed for older (<3.6) RabbitMQ versions.
96 # @param config_management_variables Hash of configuration variables for the [Management Plugin](https://www.rabbitmq.com/management.html).
97 # @param config_stomp Enable or disable stomp.
98 # @param config_shovel Enable or disable shovel.
99 # @param config_shovel_statics Hash of static shovel configurations
100 # @param config_variables To set config variables in rabbitmq.config
101 # @param default_user Username to set for the `default_user` in rabbitmq.config.
102 # @param default_pass Password to set for the `default_user` in rabbitmq.config.
103 # @param delete_guest_user Controls whether default guest user is deleted.
104 # @param env_config The template file to use for rabbitmq_env.config.
105 # @param env_config_path The path to write the rabbitmq_env.config file to.
106 # @param environment_variables RabbitMQ Environment Variables in rabbitmq_env.config
107 # @param erlang_cookie The erlang cookie to use for clustering - must be the same between all nodes. This value has no default and must be
108 # set explicitly if using clustering. If you run Pacemaker and you don't want to use RabbitMQ buildin cluster, you can set config_cluster
109 # to 'False' and set 'erlang_cookie'.
110 # @param file_limit Set rabbitmq file ulimit. Defaults to 16384. Only available on systems with `$::osfamily == 'Debian'` or
111 # `$::osfamily == 'RedHat'`.
112 # @param heartbeat Set the heartbeat timeout interval, default is unset which uses the builtin server defaults of 60 seconds. Setting this
113 # @param inetrc_config Template to use for the inetrc config
114 # @param inetrc_config_path Path of the file to push the inetrc config to.
115 # @param ipv6 Whether to listen on ipv6
116 # @param interface Interface to bind to (sets tcp_listeners parameter). By default, bind to all interfaces
117 # to `0` will disable heartbeats.
118 # @param key_content Uses content method for Debian OS family. Should be a template for apt::source class. Overrides `package_gpg_key`
119 # behavior, if enabled. Undefined by default.
120 # @param ldap_auth Set to true to enable LDAP auth.
121 # @param ldap_server LDAP server to use for auth.
122 # @param ldap_user_dn_pattern User DN pattern for LDAP auth.
123 # @param ldap_other_bind How to bind to the LDAP server. Defaults to 'anon'.
124 # @param ldap_config_variables Hash of other LDAP config variables.
125 # @param ldap_use_ssl Set to true to use SSL for the LDAP server.
126 # @param ldap_port Numeric port for LDAP server.
127 # @param ldap_log Set to true to log LDAP auth.
128 # @param manage_python If enabled, on platforms that don't provide a Python 2 package by default, ensure that the python package is
129 # installed (for rabbitmqadmin). This will only apply if `admin_enable` and `service_manage` are set.
130 # @param management_hostname The hostname for the RabbitMQ management interface.
131 # @param management_port The port for the RabbitMQ management interface.
132 # @param management_ip_address Allows you to set the IP for management interface to bind to separately. Set to 127.0.0.1 to bind to
133 # localhost only, or 0.0.0.0 to bind to all interfaces.
134 # @param management_ssl Enable/Disable SSL for the management port. Has an effect only if ssl => true.
135 # @param node_ip_address Allows you to set the IP for RabbitMQ service to bind to. Set to 127.0.0.1 to bind to localhost only, or 0.0.0.0
136 # to bind to all interfaces.
137 # @param package_apt_pin Whether to pin the package to a particular source
138 # @param package_ensure Determines the ensure state of the package. Set to installed by default, but could be changed to latest.
139 # @param package_gpg_key RPM package GPG key to import. Uses source method. Should be a URL for Debian/RedHat OS family, or a file name for
140 # RedHat OS family. Set to https://packagecloud.io/gpg.key by default. Note, that `key_content`, if specified, would override this
141 # parameter for Debian OS family.
142 # @param package_name Name(s) of the package(s) to install
143 # @param port The RabbitMQ port.
144 # @param repos_ensure Ensure that a repo with the official (and newer) RabbitMQ package is configured, along with its signing key.
145 # Defaults to false (use system packages). This does not ensure that soft dependencies (like EPEL on RHEL systems) are present.
146 # @param service_ensure The state of the service.
147 # @param service_manage Determines if the service is managed.
148 # @param service_name The name of the service to manage.
149 # @param $service_restart. Default defined in param.pp. Whether to resetart the service on config change.
150 # @param ssl Configures the service for using SSL.
152 # @param ssl_cacert CA cert path to use for SSL.
153 # @param ssl_cert Cert to use for SSL.
154 # @param ssl_cert_password Password used when generating CSR.
155 # @param ssl_depth SSL verification depth.
156 # @param ssl_dhfile Use this dhparam file [example: generate with `openssl dhparam -out /etc/rabbitmq/ssl/dhparam.pem 2048`
157 # @param ssl_erl_dist Whether to use the erlang package's SSL (relies on the ssl_erl_path fact)
158 # @param ssl_honor_cipher_order Force use of server cipher order
159 # @param ssl_interface Interface for SSL listener to bind to
160 # @param ssl_key Key to use for SSL.
161 # @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and
162 # @param ssl_management_port SSL management port.
163 # @param ssl_port SSL port for RabbitMQ
164 # @param ssl_reuse_sessions Reuse ssl sessions
165 # @param ssl_secure_renegotiate Use ssl secure renegotiate
166 # @param ssl_stomp_port SSL stomp port.
167 # @param ssl_verify rabbitmq.config SSL verify setting.
168 # @param ssl_fail_if_no_peer_cert rabbitmq.config `fail_if_no_peer_cert` setting.
169 # @param ssl_management_verify rabbitmq.config SSL verify setting for rabbitmq_management.
170 # @param ssl_manaagement_fail_if_no_peer_cert rabbitmq.config `fail_if_no_peer_cert` setting for rabbitmq_management.
171 # @param ssl_versions Choose which SSL versions to enable. Example: `['tlsv1.2', 'tlsv1.1']` Note that it is recommended to disable `sslv3
172 # and `tlsv1` to prevent against POODLE and BEAST attacks. Please see the [RabbitMQ SSL](https://www.rabbitmq.com/ssl.html) documentation
173 # for more information.
174 # @param ssl_ciphers Support only a given list of SSL ciphers. Example: `['dhe_rsa,aes_256_cbc,sha','dhe_dss,aes_256_cbc,sha',
175 # 'ecdhe_rsa,aes_256_cbc,sha']`. Supported ciphers in your install can be listed with: rabbitmqctl eval 'ssl:cipher_suites().'
176 # Functionality can be tested with cipherscan or similar tool: https://github.com/jvehent/cipherscan.git
177 # @param stomp_port The port to use for Stomp.
178 # @param stomp_ssl_only Configures STOMP to only use SSL. No cleartext STOMP TCP listeners will be created. Requires setting
179 # ssl_stomp_port also.
180 # @param stomp_ensure Enable to install the stomp plugin.
181 # @param tcp_backlog The size of the backlog on TCP connections.
182 # @param tcp_keepalive Enable TCP connection keepalive for RabbitMQ service.
183 # @param tcp_recbuf Corresponds to recbuf in RabbitMQ `tcp_listen_options`
184 # @param tcp_sndbuf Integer, corresponds to sndbuf in RabbitMQ `tcp_listen_options`
185 # @param wipe_db_on_cookie_change Boolean to determine if we should DESTROY AND DELETE the RabbitMQ database.
186 # @param rabbitmq_user OS dependent, default defined in param.pp. The system user the rabbitmq daemon runs as.
187 # @param rabbitmq_group OS dependent, default defined in param.pp. The system group the rabbitmq daemon runs as.
188 # @param rabbitmq_home OS dependent. default defined in param.pp. The home directory of the rabbitmq deamon.
189 # @param $rabbitmqadmin_package OS dependent. default defined in param.pp. If undef: install rabbitmqadmin via archive, otherwise via package
190 # @param $archive_options. default defined in param.pp. Extra options to Archive resource to download rabbitmqadmin file
191 # @param $loopback_users. default defined in param.pp. This option configures a list of users to allow access via the loopback interfaces
193 Boolean $admin_enable = $rabbitmq::params::admin_enable,
194 Enum['ram', 'disk', 'disc'] $cluster_node_type = $rabbitmq::params::cluster_node_type,
195 Array $cluster_nodes = $rabbitmq::params::cluster_nodes,
196 String $config = $rabbitmq::params::config,
197 Boolean $config_cluster = $rabbitmq::params::config_cluster,
198 Stdlib::Absolutepath $config_path = $rabbitmq::params::config_path,
199 Boolean $config_ranch = $rabbitmq::params::config_ranch,
200 Boolean $config_stomp = $rabbitmq::params::config_stomp,
201 Boolean $config_shovel = $rabbitmq::params::config_shovel,
202 Hash $config_shovel_statics = $rabbitmq::params::config_shovel_statics,
203 String $default_user = $rabbitmq::params::default_user,
204 String $default_pass = $rabbitmq::params::default_pass,
205 Boolean $delete_guest_user = $rabbitmq::params::delete_guest_user,
206 String $env_config = $rabbitmq::params::env_config,
207 Stdlib::Absolutepath $env_config_path = $rabbitmq::params::env_config_path,
208 Optional[String] $erlang_cookie = undef,
209 Optional[String] $interface = undef,
210 Optional[String] $management_ip_address = undef,
211 Integer[1, 65535] $management_port = $rabbitmq::params::management_port,
212 Boolean $management_ssl = $rabbitmq::params::management_ssl,
213 Optional[String] $management_hostname = undef,
214 Optional[String] $node_ip_address = undef,
215 Optional[Variant[Numeric, String]] $package_apt_pin = undef,
216 String $package_ensure = $rabbitmq::params::package_ensure,
217 Optional[String] $package_gpg_key = $rabbitmq::params::package_gpg_key,
218 Variant[String, Array] $package_name = $rabbitmq::params::package_name,
219 Optional[String] $package_source = undef,
220 Optional[String] $package_provider = undef,
221 Boolean $repos_ensure = $rabbitmq::params::repos_ensure,
222 Boolean $manage_python = $rabbitmq::params::manage_python,
223 String $rabbitmq_user = $rabbitmq::params::rabbitmq_user,
224 String $rabbitmq_group = $rabbitmq::params::rabbitmq_group,
225 Stdlib::Absolutepath $rabbitmq_home = $rabbitmq::params::rabbitmq_home,
226 Integer $port = $rabbitmq::params::port,
227 Boolean $tcp_keepalive = $rabbitmq::params::tcp_keepalive,
228 Integer $tcp_backlog = $rabbitmq::params::tcp_backlog,
229 Optional[Integer] $tcp_sndbuf = undef,
230 Optional[Integer] $tcp_recbuf = undef,
231 Optional[Integer] $heartbeat = undef,
232 Enum['running', 'stopped'] $service_ensure = $rabbitmq::params::service_ensure,
233 Boolean $service_manage = $rabbitmq::params::service_manage,
234 String $service_name = $rabbitmq::params::service_name,
235 Boolean $ssl = $rabbitmq::params::ssl,
236 Boolean $ssl_only = $rabbitmq::params::ssl_only,
237 Optional[Stdlib::Absolutepath] $ssl_cacert = undef,
238 Optional[Stdlib::Absolutepath] $ssl_cert = undef,
239 Optional[Stdlib::Absolutepath] $ssl_key = undef,
240 Optional[Integer] $ssl_depth = undef,
241 Optional[String] $ssl_cert_password = undef,
242 Integer[1, 65535] $ssl_port = $rabbitmq::params::ssl_port,
243 Optional[String] $ssl_interface = undef,
244 Integer[1, 65535] $ssl_management_port = $rabbitmq::params::ssl_management_port,
245 Integer[1, 65535] $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port,
246 Enum['verify_none','verify_peer'] $ssl_verify = $rabbitmq::params::ssl_verify,
247 Boolean $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert,
248 Enum['verify_none','verify_peer'] $ssl_management_verify = $rabbitmq::params::ssl_management_verify,
249 Boolean $ssl_management_fail_if_no_peer_cert = $rabbitmq::params::ssl_management_fail_if_no_peer_cert,
250 Optional[Array] $ssl_versions = undef,
251 Boolean $ssl_secure_renegotiate = $rabbitmq::params::ssl_secure_renegotiate,
252 Boolean $ssl_reuse_sessions = $rabbitmq::params::ssl_reuse_sessions,
253 Boolean $ssl_honor_cipher_order = $rabbitmq::params::ssl_honor_cipher_order,
254 Optional[Stdlib::Absolutepath] $ssl_dhfile = undef,
255 Array $ssl_ciphers = $rabbitmq::params::ssl_ciphers,
256 Boolean $stomp_ensure = $rabbitmq::params::stomp_ensure,
257 Boolean $ldap_auth = $rabbitmq::params::ldap_auth,
258 String $ldap_server = $rabbitmq::params::ldap_server,
259 Optional[String] $ldap_user_dn_pattern = $rabbitmq::params::ldap_user_dn_pattern,
260 String $ldap_other_bind = $rabbitmq::params::ldap_other_bind,
261 Boolean $ldap_use_ssl = $rabbitmq::params::ldap_use_ssl,
262 Integer[1, 65535] $ldap_port = $rabbitmq::params::ldap_port,
263 Boolean $ldap_log = $rabbitmq::params::ldap_log,
264 Hash $ldap_config_variables = $rabbitmq::params::ldap_config_variables,
265 Integer[1, 65535] $stomp_port = $rabbitmq::params::stomp_port,
266 Boolean $stomp_ssl_only = $rabbitmq::params::stomp_ssl_only,
267 Boolean $wipe_db_on_cookie_change = $rabbitmq::params::wipe_db_on_cookie_change,
268 String $cluster_partition_handling = $rabbitmq::params::cluster_partition_handling,
269 Variant[Integer[-1],Enum['unlimited'],Pattern[/^(infinity|\d+(:(infinity|\d+))?)$/]] $file_limit = $rabbitmq::params::file_limit,
270 Hash $environment_variables = $rabbitmq::params::environment_variables,
271 Hash $config_variables = $rabbitmq::params::config_variables,
272 Hash $config_kernel_variables = $rabbitmq::params::config_kernel_variables,
273 Hash $config_management_variables = $rabbitmq::params::config_management_variables,
274 Hash $config_additional_variables = $rabbitmq::params::config_additional_variables,
275 Optional[Array] $auth_backends = undef,
276 Optional[String] $key_content = undef,
277 Optional[Integer] $collect_statistics_interval = undef,
278 Boolean $ipv6 = $rabbitmq::params::ipv6,
279 String $inetrc_config = $rabbitmq::params::inetrc_config,
280 Stdlib::Absolutepath $inetrc_config_path = $rabbitmq::params::inetrc_config_path,
281 Boolean $ssl_erl_dist = $rabbitmq::params::ssl_erl_dist,
282 Optional[String] $rabbitmqadmin_package = $rabbitmq::params::rabbitmqadmin_package,
283 Array $archive_options = $rabbitmq::params::archive_options,
284 Array $loopback_users = $rabbitmq::params::loopback_users,
285 Boolean $service_restart = $rabbitmq::params::service_restart,
286 ) inherits rabbitmq::params {
288 if $ssl_only and ! $ssl {
289 fail('$ssl_only => true requires that $ssl => true')
292 if $config_stomp and $stomp_ssl_only and ! $ssl_stomp_port {
293 fail('$stomp_ssl_only requires that $ssl_stomp_port be set')
298 fail('$ssl_versions requires that $ssl => true')
303 case $facts['os']['family'] {
305 contain rabbitmq::repo::rhel
306 Class['rabbitmq::repo::rhel'] -> Class['rabbitmq::install']
309 contain rabbitmq::repo::apt
310 Class['rabbitmq::repo::apt'] -> Class['rabbitmq::install']
317 contain rabbitmq::install
318 contain rabbitmq::config
319 contain rabbitmq::service
320 contain rabbitmq::management
322 if $admin_enable and $service_manage {
323 include 'rabbitmq::install::rabbitmqadmin'
325 rabbitmq_plugin { 'rabbitmq_management':
327 notify => Class['rabbitmq::service'],
328 provider => 'rabbitmqplugins',
331 Class['rabbitmq::service'] -> Class['rabbitmq::install::rabbitmqadmin']
332 Class['rabbitmq::install::rabbitmqadmin'] -> Rabbitmq_exchange<| |>
336 rabbitmq_plugin { 'rabbitmq_stomp':
338 notify => Class['rabbitmq::service'],
343 rabbitmq_plugin { 'rabbitmq_auth_backend_ldap':
345 notify => Class['rabbitmq::service'],
349 if ($config_shovel) {
350 rabbitmq_plugin { 'rabbitmq_shovel':
352 notify => Class['rabbitmq::service'],
353 provider => 'rabbitmqplugins',
357 rabbitmq_plugin { 'rabbitmq_shovel_management':
359 notify => Class['rabbitmq::service'],
360 provider => 'rabbitmqplugins',
365 if ($service_restart) {
366 Class['rabbitmq::config'] ~> Class['rabbitmq::service']
369 Class['rabbitmq::install']
370 -> Class['rabbitmq::config']
371 -> Class['rabbitmq::service']
372 -> Class['rabbitmq::management']
374 # Make sure the various providers have their requirements in place.
375 Class['rabbitmq::install'] -> Rabbitmq_plugin<| |>