3 # @summary A module to manage RabbitMQ
8 # @example rabbitmq class
10 # service_manage => false,
12 # delete_guest_user => true,
15 # @example Offline installation from local mirror:
18 # key_content => template('openstack/rabbit.pub.key'),
19 # package_gpg_key => '/tmp/rabbit.pub.key',
22 # @example Use external package key source for any (apt/rpm) package provider:
24 # package_gpg_key => 'http://www.some_site.some_domain/some_key.pub.key',
27 # @example To use RabbitMQ Environment Variables, use the parameters `environment_variables` e.g.:
31 # environment_variables => {
32 # 'NODENAME' => 'node01',
33 # 'SERVICENAME' => 'RabbitMQ'
37 # @example Change RabbitMQ Config Variables in rabbitmq.config:
41 # config_variables => {
42 # 'hipe_compile' => true,
43 # 'frame_max' => 131072,
44 # 'log_levels' => "[{connection, info}]"
48 # @example Change Erlang Kernel Config Variables in rabbitmq.config
51 # config_kernel_variables => {
52 # 'inet_dist_listen_min' => 9100,
53 # 'inet_dist_listen_max' => 9105,
56 # @example Change Management Plugin Config Variables in rabbitmq.config
58 # config_management_variables => {
59 # 'rates_mode' => 'basic',
63 # @example Change Additional Config Variables in rabbitmq.config
65 # config_additional_variables => {
66 # 'autocluster' => '[{consul_service, "rabbit"},{cluster_name, "rabbit"}]',
67 # 'foo' => '[{bar, "baz"}]'
70 # This will result in the following config appended to the config file:
71 # {autocluster, [{consul_service, "rabbit"},{cluster_name, "rabbit"}]},
72 # {foo, [{bar, "baz"}]}
73 # (This is required for the [autocluster plugin](https://github.com/aweber/rabbitmq-autocluster)
75 # @example Use RabbitMQ clustering facilities
77 # config_cluster => true,
78 # cluster_nodes => ['rabbit1', 'rabbit2'],
79 # cluster_node_type => 'ram',
80 # erlang_cookie => 'A_SECRET_COOKIE_STRING',
81 # wipe_db_on_cookie_change => true,
84 # @param admin_enable If enabled sets up the management interface/plugin for RabbitMQ.
85 # @param auth_backends An array specifying authorization/authentication backend to use. Single quotes should be placed around array entries, ex. ['{foo, baz}', 'baz'] Defaults to [rabbit_auth_backend_internal], and if using LDAP defaults to [rabbit_auth_backend_internal, rabbit_auth_backend_ldap].
86 # @param cluster_node_type Choose between disc and ram nodes.
87 # @param cluster_nodes An array of nodes for clustering.
88 # @param cluster_partition_handling Value to set for `cluster_partition_handling` RabbitMQ configuration variable.
89 # @param collect_statistics_interval Set the collect_statistics_interval in rabbitmq.config
90 # @param config The file to use as the rabbitmq.config template.
91 # @param config_additional_variables Additional config variables in rabbitmq.config
92 # @param config_cluster Enable or disable clustering support.
93 # @param config_kernel_variables Hash of Erlang kernel configuration variables to set (see [Variables Configurable in rabbitmq.config](#variables-configurable-in-rabbitmq.config)).
94 # @param config_path The path to write the RabbitMQ configuration file to.
95 # @param config_management_variables Hash of configuration variables for the [Management Plugin](https://www.rabbitmq.com/management.html).
96 # @param config_stomp Enable or disable stomp.
97 # @param config_shovel Enable or disable shovel.
98 # @param config_shovel_statics Hash of static shovel configurations
99 # @param config_variables To set config variables in rabbitmq.config
100 # @param default_user Username to set for the `default_user` in rabbitmq.config.
101 # @param default_pass Password to set for the `default_user` in rabbitmq.config.
102 # @param delete_guest_user Controls whether default guest user is deleted.
103 # @param env_config The template file to use for rabbitmq_env.config.
104 # @param env_config_path The path to write the rabbitmq_env.config file to.
105 # @param environment_variables RabbitMQ Environment Variables in rabbitmq_env.config
106 # @param erlang_cookie The erlang cookie to use for clustering - must be the same between all nodes. This value has no default and must be
107 # set explicitly if using clustering. If you run Pacemaker and you don't want to use RabbitMQ buildin cluster, you can set config_cluster
108 # to 'False' and set 'erlang_cookie'.
109 # @param file_limit Set rabbitmq file ulimit. Defaults to 16384. Only available on systems with `$::osfamily == 'Debian'` or
110 # `$::osfamily == 'RedHat'`.
111 # @param heartbeat Set the heartbeat timeout interval, default is unset which uses the builtin server defaults of 60 seconds. Setting this
112 # @param inetrc_config Template to use for the inetrc config
113 # @param inetrc_config_path Path of the file to push the inetrc config to.
114 # @param ipv6 Whether to listen on ipv6
115 # @param interface Interface to bind to (sets tcp_listeners parameter). By default, bind to all interfaces
116 # to `0` will disable heartbeats.
117 # @param key_content Uses content method for Debian OS family. Should be a template for apt::source class. Overrides `package_gpg_key`
118 # behavior, if enabled. Undefined by default.
119 # @param ldap_auth Set to true to enable LDAP auth.
120 # @param ldap_server LDAP server to use for auth.
121 # @param ldap_user_dn_pattern User DN pattern for LDAP auth.
122 # @param ldap_other_bind How to bind to the LDAP server. Defaults to 'anon'.
123 # @param ldap_config_variables Hash of other LDAP config variables.
124 # @param ldap_use_ssl Set to true to use SSL for the LDAP server.
125 # @param ldap_port Numeric port for LDAP server.
126 # @param ldap_log Set to true to log LDAP auth.
127 # @param manage_python If enabled, on platforms that don't provide a Python 2 package by default, ensure that the python package is
128 # installed (for rabbitmqadmin). This will only apply if `admin_enable` and `service_manage` are set.
129 # @param management_hostname The hostname for the RabbitMQ management interface.
130 # @param management_port The port for the RabbitMQ management interface.
131 # @param management_ip_address Allows you to set the IP for management interface to bind to separately. Set to 127.0.0.1 to bind to
132 # localhost only, or 0.0.0.0 to bind to all interfaces.
133 # @param management_ssl Enable/Disable SSL for the management port. Has an effect only if ssl => true.
134 # @param node_ip_address Allows you to set the IP for RabbitMQ service to bind to. Set to 127.0.0.1 to bind to localhost only, or 0.0.0.0
135 # to bind to all interfaces.
136 # @param package_apt_pin Whether to pin the package to a particular source
137 # @param package_ensure Determines the ensure state of the package. Set to installed by default, but could be changed to latest.
138 # @param package_gpg_key RPM package GPG key to import. Uses source method. Should be a URL for Debian/RedHat OS family, or a file name for
139 # RedHat OS family. Set to https://packagecloud.io/gpg.key by default. Note, that `key_content`, if specified, would override this
140 # parameter for Debian OS family.
141 # @param package_name Name(s) of the package(s) to install
142 # @param port The RabbitMQ port.
143 # @param repos_ensure Ensure that a repo with the official (and newer) RabbitMQ package is configured, along with its signing key.
144 # Defaults to false (use system packages). This does not ensure that soft dependencies (like EPEL on RHEL systems) are present.
145 # @param service_ensure The state of the service.
146 # @param service_manage Determines if the service is managed.
147 # @param service_name The name of the service to manage.
148 # @param ssl Configures the service for using SSL.
150 # @param ssl_cacert CA cert path to use for SSL.
151 # @param ssl_cert Cert to use for SSL.
152 # @param ssl_cert_password Password used when generating CSR.
153 # @param ssl_depth SSL verification depth.
154 # @param ssl_dhfile Use this dhparam file [example: generate with `openssl dhparam -out /etc/rabbitmq/ssl/dhparam.pem 2048`
155 # @param ssl_erl_dist Whether to use the erlang package's SSL (relies on the ssl_erl_path fact)
156 # @param ssl_honor_cipher_order Force use of server cipher order
157 # @param ssl_interface Interface for SSL listener to bind to
158 # @param ssl_key Key to use for SSL.
159 # @param ssl_only Configures the service to only use SSL. No cleartext TCP listeners will be created. Requires that ssl => true and
160 # @param ssl_management_port SSL management port.
161 # @param ssl_port SSL port for RabbitMQ
162 # @param ssl_reuse_sessions Reuse ssl sessions
163 # @param ssl_secure_renegotiate Use ssl secure renegotiate
164 # @param ssl_stomp_port SSL stomp port.
165 # @param ssl_verify rabbitmq.config SSL verify setting.
166 # @param ssl_fail_if_no_peer_cert rabbitmq.config `fail_if_no_peer_cert` setting.
167 # @param ssl_management_verify rabbitmq.config SSL verify setting for rabbitmq_management.
168 # @param ssl_manaagement_fail_if_no_peer_cert rabbitmq.config `fail_if_no_peer_cert` setting for rabbitmq_management.
169 # @param ssl_versions Choose which SSL versions to enable. Example: `['tlsv1.2', 'tlsv1.1']` Note that it is recommended to disable `sslv3
170 # and `tlsv1` to prevent against POODLE and BEAST attacks. Please see the [RabbitMQ SSL](https://www.rabbitmq.com/ssl.html) documentation
171 # for more information.
172 # @param ssl_ciphers Support only a given list of SSL ciphers. Example: `['dhe_rsa,aes_256_cbc,sha','dhe_dss,aes_256_cbc,sha',
173 # 'ecdhe_rsa,aes_256_cbc,sha']`. Supported ciphers in your install can be listed with: rabbitmqctl eval 'ssl:cipher_suites().'
174 # Functionality can be tested with cipherscan or similar tool: https://github.com/jvehent/cipherscan.git
175 # @param stomp_port The port to use for Stomp.
176 # @param stomp_ssl_only Configures STOMP to only use SSL. No cleartext STOMP TCP listeners will be created. Requires setting
177 # ssl_stomp_port also.
178 # @param stomp_ensure Enable to install the stomp plugin.
179 # @param tcp_backlog The size of the backlog on TCP connections.
180 # @param tcp_keepalive Enable TCP connection keepalive for RabbitMQ service.
181 # @param tcp_recbuf Corresponds to recbuf in RabbitMQ `tcp_listen_options`
182 # @param tcp_sndbuf Integer, corresponds to sndbuf in RabbitMQ `tcp_listen_options`
183 # @param wipe_db_on_cookie_change Boolean to determine if we should DESTROY AND DELETE the RabbitMQ database.
184 # @param rabbitmq_user OS dependent, default defined in param.pp. The system user the rabbitmq daemon runs as.
185 # @param rabbitmq_group OS dependent, default defined in param.pp. The system group the rabbitmq daemon runs as.
186 # @param rabbitmq_home OS dependent. default defined in param.pp. The home directory of the rabbitmq deamon.
187 # @param $rabbitmqadmin_package OS dependent. default defined in param.pp. If undef: install rabbitmqadmin via archive, otherwise via package
188 # @param $archive_options. default defined in param.pp. Extra options to Archive resource to download rabbitmqadmin file
190 Boolean $admin_enable = $rabbitmq::params::admin_enable,
191 Enum['ram', 'disk', 'disc'] $cluster_node_type = $rabbitmq::params::cluster_node_type,
192 Array $cluster_nodes = $rabbitmq::params::cluster_nodes,
193 String $config = $rabbitmq::params::config,
194 Boolean $config_cluster = $rabbitmq::params::config_cluster,
195 Stdlib::Absolutepath $config_path = $rabbitmq::params::config_path,
196 Boolean $config_ranch = $rabbitmq::params::config_ranch,
197 Boolean $config_stomp = $rabbitmq::params::config_stomp,
198 Boolean $config_shovel = $rabbitmq::params::config_shovel,
199 Hash $config_shovel_statics = $rabbitmq::params::config_shovel_statics,
200 String $default_user = $rabbitmq::params::default_user,
201 String $default_pass = $rabbitmq::params::default_pass,
202 Boolean $delete_guest_user = $rabbitmq::params::delete_guest_user,
203 String $env_config = $rabbitmq::params::env_config,
204 Stdlib::Absolutepath $env_config_path = $rabbitmq::params::env_config_path,
205 Optional[String] $erlang_cookie = undef,
206 Optional[String] $interface = undef,
207 Optional[String] $management_ip_address = undef,
208 Integer[1, 65535] $management_port = $rabbitmq::params::management_port,
209 Boolean $management_ssl = $rabbitmq::params::management_ssl,
210 Optional[String] $management_hostname = undef,
211 Optional[String] $node_ip_address = undef,
212 Optional[Variant[Numeric, String]] $package_apt_pin = undef,
213 String $package_ensure = $rabbitmq::params::package_ensure,
214 Optional[String] $package_gpg_key = $rabbitmq::params::package_gpg_key,
215 Variant[String, Array] $package_name = $rabbitmq::params::package_name,
216 Optional[String] $package_source = undef,
217 Optional[String] $package_provider = undef,
218 Boolean $repos_ensure = $rabbitmq::params::repos_ensure,
219 Boolean $manage_python = $rabbitmq::params::manage_python,
220 String $rabbitmq_user = $rabbitmq::params::rabbitmq_user,
221 String $rabbitmq_group = $rabbitmq::params::rabbitmq_group,
222 Stdlib::Absolutepath $rabbitmq_home = $rabbitmq::params::rabbitmq_home,
223 Integer $port = $rabbitmq::params::port,
224 Boolean $tcp_keepalive = $rabbitmq::params::tcp_keepalive,
225 Integer $tcp_backlog = $rabbitmq::params::tcp_backlog,
226 Optional[Integer] $tcp_sndbuf = undef,
227 Optional[Integer] $tcp_recbuf = undef,
228 Optional[Integer] $heartbeat = undef,
229 Enum['running', 'stopped'] $service_ensure = $rabbitmq::params::service_ensure,
230 Boolean $service_manage = $rabbitmq::params::service_manage,
231 String $service_name = $rabbitmq::params::service_name,
232 Boolean $ssl = $rabbitmq::params::ssl,
233 Boolean $ssl_only = $rabbitmq::params::ssl_only,
234 Optional[Stdlib::Absolutepath] $ssl_cacert = undef,
235 Optional[Stdlib::Absolutepath] $ssl_cert = undef,
236 Optional[Stdlib::Absolutepath] $ssl_key = undef,
237 Optional[Integer] $ssl_depth = undef,
238 Optional[String] $ssl_cert_password = undef,
239 Integer[1, 65535] $ssl_port = $rabbitmq::params::ssl_port,
240 Optional[String] $ssl_interface = undef,
241 Integer[1, 65535] $ssl_management_port = $rabbitmq::params::ssl_management_port,
242 Integer[1, 65535] $ssl_stomp_port = $rabbitmq::params::ssl_stomp_port,
243 Enum['verify_none','verify_peer'] $ssl_verify = $rabbitmq::params::ssl_verify,
244 Boolean $ssl_fail_if_no_peer_cert = $rabbitmq::params::ssl_fail_if_no_peer_cert,
245 Enum['verify_none','verify_peer'] $ssl_management_verify = $rabbitmq::params::ssl_management_verify,
246 Boolean $ssl_management_fail_if_no_peer_cert = $rabbitmq::params::ssl_management_fail_if_no_peer_cert,
247 Optional[Array] $ssl_versions = undef,
248 Boolean $ssl_secure_renegotiate = $rabbitmq::params::ssl_secure_renegotiate,
249 Boolean $ssl_reuse_sessions = $rabbitmq::params::ssl_reuse_sessions,
250 Boolean $ssl_honor_cipher_order = $rabbitmq::params::ssl_honor_cipher_order,
251 Optional[Stdlib::Absolutepath] $ssl_dhfile = undef,
252 Array $ssl_ciphers = $rabbitmq::params::ssl_ciphers,
253 Boolean $stomp_ensure = $rabbitmq::params::stomp_ensure,
254 Boolean $ldap_auth = $rabbitmq::params::ldap_auth,
255 String $ldap_server = $rabbitmq::params::ldap_server,
256 Optional[String] $ldap_user_dn_pattern = $rabbitmq::params::ldap_user_dn_pattern,
257 String $ldap_other_bind = $rabbitmq::params::ldap_other_bind,
258 Boolean $ldap_use_ssl = $rabbitmq::params::ldap_use_ssl,
259 Integer[1, 65535] $ldap_port = $rabbitmq::params::ldap_port,
260 Boolean $ldap_log = $rabbitmq::params::ldap_log,
261 Hash $ldap_config_variables = $rabbitmq::params::ldap_config_variables,
262 Integer[1, 65535] $stomp_port = $rabbitmq::params::stomp_port,
263 Boolean $stomp_ssl_only = $rabbitmq::params::stomp_ssl_only,
264 Boolean $wipe_db_on_cookie_change = $rabbitmq::params::wipe_db_on_cookie_change,
265 String $cluster_partition_handling = $rabbitmq::params::cluster_partition_handling,
266 Variant[Integer[-1,], Enum['unlimited', 'infinity']] $file_limit = $rabbitmq::params::file_limit,
267 Hash $environment_variables = $rabbitmq::params::environment_variables,
268 Hash $config_variables = $rabbitmq::params::config_variables,
269 Hash $config_kernel_variables = $rabbitmq::params::config_kernel_variables,
270 Hash $config_management_variables = $rabbitmq::params::config_management_variables,
271 Hash $config_additional_variables = $rabbitmq::params::config_additional_variables,
272 Optional[Array] $auth_backends = undef,
273 Optional[String] $key_content = undef,
274 Optional[Integer] $collect_statistics_interval = undef,
275 Boolean $ipv6 = $rabbitmq::params::ipv6,
276 String $inetrc_config = $rabbitmq::params::inetrc_config,
277 Stdlib::Absolutepath $inetrc_config_path = $rabbitmq::params::inetrc_config_path,
278 Boolean $ssl_erl_dist = $rabbitmq::params::ssl_erl_dist,
279 Optional[String] $rabbitmqadmin_package = $rabbitmq::params::rabbitmqadmin_package,
280 Array $archive_options = $rabbitmq::params::archive_options,
281 ) inherits rabbitmq::params {
283 if $ssl_only and ! $ssl {
284 fail('$ssl_only => true requires that $ssl => true')
287 if $config_stomp and $stomp_ssl_only and ! $ssl_stomp_port {
288 fail('$stomp_ssl_only requires that $ssl_stomp_port be set')
293 fail('$ssl_versions requires that $ssl => true')
298 case $facts['os']['family'] {
300 contain rabbitmq::repo::rhel
301 Class['rabbitmq::repo::rhel'] -> Class['rabbitmq::install']
304 contain rabbitmq::repo::apt
305 Class['rabbitmq::repo::apt'] -> Class['rabbitmq::install']
312 contain rabbitmq::install
313 contain rabbitmq::config
314 contain rabbitmq::service
315 contain rabbitmq::management
317 if $admin_enable and $service_manage {
318 include 'rabbitmq::install::rabbitmqadmin'
320 rabbitmq_plugin { 'rabbitmq_management':
322 notify => Class['rabbitmq::service'],
323 provider => 'rabbitmqplugins',
326 Class['rabbitmq::service'] -> Class['rabbitmq::install::rabbitmqadmin']
327 Class['rabbitmq::install::rabbitmqadmin'] -> Rabbitmq_exchange<| |>
331 rabbitmq_plugin { 'rabbitmq_stomp':
333 notify => Class['rabbitmq::service'],
338 rabbitmq_plugin { 'rabbitmq_auth_backend_ldap':
340 notify => Class['rabbitmq::service'],
344 if ($config_shovel) {
345 rabbitmq_plugin { 'rabbitmq_shovel':
347 notify => Class['rabbitmq::service'],
348 provider => 'rabbitmqplugins',
352 rabbitmq_plugin { 'rabbitmq_shovel_management':
354 notify => Class['rabbitmq::service'],
355 provider => 'rabbitmqplugins',
360 Class['rabbitmq::install']
361 -> Class['rabbitmq::config']
362 ~> Class['rabbitmq::service']
363 -> Class['rabbitmq::management']
365 # Make sure the various providers have their requirements in place.
366 Class['rabbitmq::install'] -> Rabbitmq_plugin<| |>