2 include roles::pubsub::params
4 $cluster_cookie = $roles::pubsub::params::cluster_cookie
5 $admin_password = $roles::pubsub::params::admin_password
6 $ftp_password = $roles::pubsub::params::ftp_password
7 $buildd_password = $roles::pubsub::params::ftp_password
9 $cc_secondary = rapoport
14 "rabbit@${cc_master}",
15 "rabbit@${cc_secondary}",
17 clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
18 delete_guest_user => true,
26 concat::fragment { 'rabbit_ssl':
27 target => '/etc/rabbitmq/rabbitmq.config',
29 source => 'puppet:///modules/roles/pubsub/rabbitmq.config'
32 rabbitmq_user { 'admin':
34 password => $admin_password,
35 provider => 'rabbitmqctl',
38 rabbitmq_user { 'ftpteam':
40 password => $ftp_password,
41 provider => 'rabbitmqctl',
44 rabbitmq_vhost { 'packages':
46 provider => 'rabbitmqctl',
49 rabbitmq_vhost { 'buildd':
51 provider => 'rabbitmqctl',
54 rabbitmq_user_permissions { 'admin@buildd':
55 configure_permission => '.*',
56 read_permission => '.*',
57 write_permission => '.*',
58 provider => 'rabbitmqctl',
60 Rabbitmq_user['admin'],
61 Rabbitmq_vhost['buildd']
64 rabbitmq_user_permissions { 'admin@packages':
65 configure_permission => '.*',
66 read_permission => '.*',
67 write_permission => '.*',
68 provider => 'rabbitmqctl',
70 Rabbitmq_user['admin'],
71 Rabbitmq_vhost['packages']
75 rabbitmq_user_permissions { 'admin@/':
76 configure_permission => '.*',
77 read_permission => '.*',
78 write_permission => '.*',
79 provider => 'rabbitmqctl',
80 require => Rabbitmq_user['admin']
83 rabbitmq_user_permissions { 'ftpteam@packages':
84 configure_permission => '.*',
85 read_permission => '.*',
86 write_permission => '.*',
87 provider => 'rabbitmqctl',
89 Rabbitmq_user['ftpteam'],
90 Rabbitmq_vhost['packages']
94 rabbitmq_user_permissions { 'buildd@buildd':
95 configure_permission => '.*',
96 read_permission => '.*',
97 write_permission => '.*',
98 provider => 'rabbitmqctl',
100 Rabbitmq_user['buildd'],
101 Rabbitmq_vhost['buildd']
105 rabbitmq_policy { 'mirror-buildd':
108 policy => '{"ha-mode":"all"}',
109 require => Rabbitmq_vhost['buildd']
112 rabbitmq_policy { 'mirror-packages':
115 policy => '{"ha-mode":"all"}',
116 require => Rabbitmq_vhost['packages']
119 rabbitmq_plugin { 'rabbitmq_management':
121 provider => 'rabbitmqplugins',
122 require => Package['rabbitmq-server'],
123 notify => Service['rabbitmq-server']
125 rabbitmq_plugin { 'rabbitmq_management_agent':
127 provider => 'rabbitmqplugins',
128 require => Package['rabbitmq-server'],
129 notify => Service['rabbitmq-server']
131 rabbitmq_plugin { 'rabbitmq_tracing':
133 provider => 'rabbitmqplugins',
134 require => Package['rabbitmq-server'],
135 notify => Service['rabbitmq-server']
137 rabbitmq_plugin { 'rabbitmq_management_visualiser':
139 provider => 'rabbitmqplugins',
140 require => Package['rabbitmq-server'],
141 notify => Service['rabbitmq-server']
144 @ferm::rule { 'rabbitmq':
145 description => 'rabbitmq connections',
146 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
149 @ferm::rule { 'rabbitmq-v6':
151 description => 'rabbitmq connections',
152 rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
155 if $::hostname == $cc_master {
161 @ferm::rule { 'rabbitmq_cluster':
162 domain => '(ip ip6)',
163 description => 'rabbitmq cluster connections',
164 rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
166 @ferm::rule { 'rabbitmq_mgmt':
167 description => 'rabbitmq cluster connections',
168 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'
170 @ferm::rule { 'rabbitmq_mgmt_v6':
172 description => 'rabbitmq cluster connections',
173 rule => '&SERVICE_RANGE(tcp, 15672, $DSA_V6_IPS)'