projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
create users for debian.org hosts
[mirror/dsa-puppet.git]
/
modules
/
roles
/
manifests
/
pubsub
/
entities.pp
diff --git
a/modules/roles/manifests/pubsub/entities.pp
b/modules/roles/manifests/pubsub/entities.pp
index
d728612
..
9ce30f4
100644
(file)
--- a/
modules/roles/manifests/pubsub/entities.pp
+++ b/
modules/roles/manifests/pubsub/entities.pp
@@
-1,3
+1,11
@@
+# = Class: roles::pubsub::entities
+#
+# MQ users, vhosts, policies, and permissions for pubsub hosts
+#
+# == Sample Usage:
+#
+# include roles::pubsub::entities
+#
class roles::pubsub::entities {
include roles::pubsub::params
class roles::pubsub::entities {
include roles::pubsub::params
@@
-8,6
+16,7
@@
class roles::pubsub::entities {
$mailadm_password = $roles::pubsub::params::mailadm_password
$mailly_password = $roles::pubsub::params::mailly_password
$muffat_password = $roles::pubsub::params::muffat_password
$mailadm_password = $roles::pubsub::params::mailadm_password
$mailly_password = $roles::pubsub::params::mailly_password
$muffat_password = $roles::pubsub::params::muffat_password
+ $pet_password = $roles::pubsub::params::pet_password
rabbitmq_user { 'admin':
admin => true,
rabbitmq_user { 'admin':
admin => true,
@@
-16,41
+25,51
@@
class roles::pubsub::entities {
}
rabbitmq_user { 'ftpteam':
}
rabbitmq_user { 'ftpteam':
- admin =>
tru
e,
+ admin =>
fals
e,
password => $ftp_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'buildd':
password => $ftp_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'buildd':
- admin =>
tru
e,
+ admin =>
fals
e,
password => $buildd_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'wbadm':
password => $buildd_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'wbadm':
- admin =>
tru
e,
+ admin =>
fals
e,
password => $wbadm_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'mailadm':
password => $wbadm_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'mailadm':
- admin =>
tru
e,
+ admin =>
fals
e,
password => $mailadm_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'mailly':
password => $mailadm_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'mailly':
- admin =>
tru
e,
+ admin =>
fals
e,
password => $mailly_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'muffat':
password => $mailly_password,
provider => 'rabbitmqctl',
}
rabbitmq_user { 'muffat':
- admin =>
tru
e,
+ admin =>
fals
e,
password => $muffat_password,
provider => 'rabbitmqctl',
}
password => $muffat_password,
provider => 'rabbitmqctl',
}
+ rabbitmq_user { 'pet-devel':
+ admin => false,
+ password => $pet_password,
+ provider => 'rabbitmqctl',
+ }
+
+ do_hosts = keys($site::localinfo)
+
+ rabbitmq::autouser { do_hosts: }
+
rabbitmq_vhost { 'packages':
ensure => present,
provider => 'rabbitmqctl',
rabbitmq_vhost { 'packages':
ensure => present,
provider => 'rabbitmqctl',
@@
-66,6
+85,11
@@
class roles::pubsub::entities {
provider => 'rabbitmqctl',
}
provider => 'rabbitmqctl',
}
+ rabbitmq_vhost { 'pet':
+ ensure => present,
+ provider => 'rabbitmqctl',
+ }
+
rabbitmq_user_permissions { 'admin@/':
configure_permission => '.*',
read_permission => '.*',
rabbitmq_user_permissions { 'admin@/':
configure_permission => '.*',
read_permission => '.*',
@@
-107,6
+131,17
@@
class roles::pubsub::entities {
]
}
]
}
+ rabbitmq_user_permissions { 'admin@pet':
+ configure_permission => '.*',
+ read_permission => '.*',
+ write_permission => '.*',
+ provider => 'rabbitmqctl',
+ require => [
+ Rabbitmq_user['admin'],
+ Rabbitmq_vhost['pet']
+ ]
+ }
+
rabbitmq_user_permissions { 'ftpteam@packages':
configure_permission => '.*',
read_permission => '.*',
rabbitmq_user_permissions { 'ftpteam@packages':
configure_permission => '.*',
read_permission => '.*',
@@
-162,9
+197,9
@@
class roles::pubsub::entities {
}
rabbitmq_user_permissions { 'mailly@dsa':
}
rabbitmq_user_permissions { 'mailly@dsa':
- configure_permission => '*',
- read_permission => '*',
- write_permission => '*',
+ configure_permission => '
.
*',
+ read_permission => '
.
*',
+ write_permission => '
.
*',
provider => 'rabbitmqctl',
require => [
Rabbitmq_user['mailly'],
provider => 'rabbitmqctl',
require => [
Rabbitmq_user['mailly'],
@@
-173,9
+208,9
@@
class roles::pubsub::entities {
}
rabbitmq_user_permissions { 'muffat@dsa':
}
rabbitmq_user_permissions { 'muffat@dsa':
- configure_permission => '*',
- read_permission => '*',
- write_permission => '*',
+ configure_permission => '
.
*',
+ read_permission => '
.
*',
+ write_permission => '
.
*',
provider => 'rabbitmqctl',
require => [
Rabbitmq_user['muffat'],
provider => 'rabbitmqctl',
require => [
Rabbitmq_user['muffat'],
@@
-183,6
+218,17
@@
class roles::pubsub::entities {
]
}
]
}
+ rabbitmq_user_permissions { 'pet-devel@pet':
+ configure_permission => '.*',
+ read_permission => '.*',
+ write_permission => '.*',
+ provider => 'rabbitmqctl',
+ require => [
+ Rabbitmq_user['pet-devel'],
+ Rabbitmq_vhost['pet']
+ ]
+ }
+
rabbitmq_policy { 'mirror-dsa':
vhost => 'dsa',
match => '.*',
rabbitmq_policy { 'mirror-dsa':
vhost => 'dsa',
match => '.*',
@@
-204,6
+250,13
@@
class roles::pubsub::entities {
require => Rabbitmq_vhost['packages']
}
require => Rabbitmq_vhost['packages']
}
+ rabbitmq_policy { 'mirror_pet':
+ vhost => 'pet',
+ match => '.*',
+ policy => '{"ha-mode":"all"}',
+ require => Rabbitmq_vhost['pet']
+ }
+
rabbitmq_plugin { 'rabbitmq_management':
ensure => present,
provider => 'rabbitmqplugins',
rabbitmq_plugin { 'rabbitmq_management':
ensure => present,
provider => 'rabbitmqplugins',