2 include roles::pubsub::params
3 include roles::pubsub::entities
5 $cluster_cookie = $roles::pubsub::params::cluster_cookie
8 $cc_secondary = rapoport
13 "rabbit@${cc_master}",
14 "rabbit@${cc_secondary}",
16 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
17 delete_guest_user => true,
25 concat::fragment { 'rabbit_ssl':
26 target => '/etc/rabbitmq/rabbitmq.config',
28 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
31 concat::fragment { 'rabbit_mgmt_ssl':
32 target => '/etc/rabbitmq/rabbitmq.config',
34 source => 'puppet:///modules/roles/pubsub/rabbitmq-mgmt.config'
37 @ferm::rule { 'rabbitmq':
38 description => 'rabbitmq connections',
39 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
42 @ferm::rule { 'rabbitmq-v6':
44 description => 'rabbitmq connections',
45 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
48 @ferm::rule { 'rabbitmq-adm':
49 description => 'rabbitmq connections',
50 rule => '&SERVICE_RANGE(tcp, 5671, $DSA_IPS)'
53 @ferm::rule { 'rabbitmq-v6-adm':
55 description => 'rabbitmq connections',
56 rule => '&SERVICE_RANGE(tcp, 5671, $DSA_V6_IPS)'
59 if $::hostname == $cc_master {
65 @ferm::rule { 'rabbitmq_cluster':
67 description => 'rabbitmq cluster connections',
68 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
70 @ferm::rule { 'rabbitmq_mgmt':
71 description => 'rabbitmq cluster connections',
72 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
74 @ferm::rule { 'rabbitmq_mgmt_v6':
76 description => 'rabbitmq cluster connections',
77 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'