2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
8 $cc_secondary = rapoport
13 "rabbit@${cc_master}",
14 "rabbit@${cc_secondary}",
16 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
17 delete_guest_user => true,
25 concat::fragment { 'rabbit_ssl':
26 target => '/etc/rabbitmq/rabbitmq.config',
28 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
31 rabbitmq_user { 'admin':
33 password => $admin_password,
34 provider => 'rabbitmqctl',
37 rabbitmq_user { 'ftpteam':
39 password => $ftp_password,
40 provider => 'rabbitmqctl',
43 rabbitmq_vhost { 'packages':
45 provider => 'rabbitmqctl',
48 rabbitmq_user_permissions { 'admin@packages':
49 configure_permission => '.*',
50 read_permission => '.*',
51 write_permission => '.*',
52 provider => 'rabbitmqctl',
54 Rabbitmq_user['admin'],
55 Rabbitmq_vhost['packages']
59 rabbitmq_user_permissions { 'admin@/':
60 configure_permission => '.*',
61 read_permission => '.*',
62 write_permission => '.*',
63 provider => 'rabbitmqctl',
64 require => Rabbitmq_user['admin']
67 rabbitmq_user_permissions { 'ftpteam@packages':
68 configure_permission => '.*',
69 read_permission => '.*',
70 write_permission => '.*',
71 provider => 'rabbitmqctl',
73 Rabbitmq_user['ftpteam'],
74 Rabbitmq_vhost['packages']
78 rabbitmq_policy { 'mirror-packages':
81 policy => '{"ha-mode":"all"}',
82 require => Rabbitmq_vhost['packages']
85 @ferm::rule { 'rabbitmq':
86 description => 'rabbitmq connections',
87 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
90 @ferm::rule { 'rabbitmq-v6':
92 description => 'rabbitmq connections',
93 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
96 if $::hostname == $cc_master {
102 @ferm::rule { 'rabbitmq_cluster':
103 domain => '(ip ip6)',
104 description => 'rabbitmq cluster connections',
105 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"