2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
7 $buildd_password = $roles::pubsub::params::buildd_password
8 $wbadm_password = $roles::pubsub::params::wbadm_password
11 $cc_secondary = rapoport
16 "rabbit@${cc_master}",
17 "rabbit@${cc_secondary}",
19 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
20 delete_guest_user => true,
28 concat::fragment { 'rabbit_ssl':
29 target => '/etc/rabbitmq/rabbitmq.config',
31 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
34 rabbitmq_user { 'admin':
36 password => $admin_password,
37 provider => 'rabbitmqctl',
40 rabbitmq_user { 'ftpteam':
42 password => $ftp_password,
43 provider => 'rabbitmqctl',
46 rabbitmq_user { 'buildd':
48 password => $buildd_password,
49 provider => 'rabbitmqctl',
52 rabbitmq_user { 'wbadm':
54 password => $wbadm_password,
55 provider => 'rabbitmqctl',
58 rabbitmq_vhost { 'packages':
60 provider => 'rabbitmqctl',
63 rabbitmq_vhost { 'buildd':
65 provider => 'rabbitmqctl',
68 rabbitmq_user_permissions { 'admin@buildd':
69 configure_permission => '.*',
70 read_permission => '.*',
71 write_permission => '.*',
72 provider => 'rabbitmqctl',
74 Rabbitmq_user['admin'],
75 Rabbitmq_vhost['buildd']
78 rabbitmq_user_permissions { 'admin@packages':
79 configure_permission => '.*',
80 read_permission => '.*',
81 write_permission => '.*',
82 provider => 'rabbitmqctl',
84 Rabbitmq_user['admin'],
85 Rabbitmq_vhost['packages']
89 rabbitmq_user_permissions { 'admin@/':
90 configure_permission => '.*',
91 read_permission => '.*',
92 write_permission => '.*',
93 provider => 'rabbitmqctl',
94 require => Rabbitmq_user['admin']
97 rabbitmq_user_permissions { 'ftpteam@packages':
98 configure_permission => '.*',
99 read_permission => '.*',
100 write_permission => '.*',
101 provider => 'rabbitmqctl',
103 Rabbitmq_user['ftpteam'],
104 Rabbitmq_vhost['packages']
108 rabbitmq_user_permissions { 'wbadm@packages':
109 read_permission => 'unchecked',
110 write_permission => 'wbadm',
111 provider => 'rabbitmqctl',
113 Rabbitmq_user['wbadm'],
114 Rabbitmq_vhost['packages']
118 rabbitmq_user_permissions { 'buildd@buildd':
119 configure_permission => '.*',
120 read_permission => '.*',
121 write_permission => '.*',
122 provider => 'rabbitmqctl',
124 Rabbitmq_user['buildd'],
125 Rabbitmq_vhost['buildd']
129 rabbitmq_user_permissions { 'wbadm@buildd':
130 configure_permission => '.*',
131 read_permission => '.*',
132 write_permission => '.*',
133 provider => 'rabbitmqctl',
135 Rabbitmq_user['wbadm'],
136 Rabbitmq_vhost['buildd']
140 rabbitmq_policy { 'mirror-buildd':
143 policy => '{"ha-mode":"all"}',
144 require => Rabbitmq_vhost['buildd']
147 rabbitmq_policy { 'mirror-packages':
150 policy => '{"ha-mode":"all"}',
151 require => Rabbitmq_vhost['packages']
154 rabbitmq_plugin { 'rabbitmq_management':
156 provider => 'rabbitmqplugins',
157 require => Package['rabbitmq-server'],
158 notify => Service['rabbitmq-server']
160 rabbitmq_plugin { 'rabbitmq_management_agent':
162 provider => 'rabbitmqplugins',
163 require => Package['rabbitmq-server'],
164 notify => Service['rabbitmq-server']
166 rabbitmq_plugin { 'rabbitmq_tracing':
168 provider => 'rabbitmqplugins',
169 require => Package['rabbitmq-server'],
170 notify => Service['rabbitmq-server']
172 rabbitmq_plugin { 'rabbitmq_management_visualiser':
174 provider => 'rabbitmqplugins',
175 require => Package['rabbitmq-server'],
176 notify => Service['rabbitmq-server']
179 @ferm::rule { 'rabbitmq':
180 description => 'rabbitmq connections',
181 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
184 @ferm::rule { 'rabbitmq-v6':
186 description => 'rabbitmq connections',
187 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
190 if $::hostname == $cc_master {
196 @ferm::rule { 'rabbitmq_cluster':
197 domain => '(ip ip6)',
198 description => 'rabbitmq cluster connections',
199 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
201 @ferm::rule { 'rabbitmq_mgmt':
202 description => 'rabbitmq cluster connections',
203 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
205 @ferm::rule { 'rabbitmq_mgmt_v6':
207 description => 'rabbitmq cluster connections',
208 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'