projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
nagiosmaster -> hiera role; bind acls still not converted
[mirror/dsa-puppet.git]
/
modules
/
roles
/
manifests
/
pubsub.pp
diff --git
a/modules/roles/manifests/pubsub.pp
b/modules/roles/manifests/pubsub.pp
index
61a93bf
..
c69c4d0
100644
(file)
--- a/
modules/roles/manifests/pubsub.pp
+++ b/
modules/roles/manifests/pubsub.pp
@@
-1,72
+1,61
@@
class roles::pubsub {
include roles::pubsub::params
class roles::pubsub {
include roles::pubsub::params
+ include roles::pubsub::entities
- $cluster_cookie = $roles::pubsub::params::cluster_cookie
- $admin_password = $roles::pubsub::params::admin_password
- $cc_master = rainier
- $cc_secondary = rapoport
+ $cluster_cookie
= $roles::pubsub::params::cluster_cookie
+
+ $cc_master
= rainier
+ $cc_secondary
= rapoport
class { 'rabbitmq':
class { 'rabbitmq':
- c
luster
=> true,
- cluster
members
=> [
-
"rabbit@${cc_master}"
,
-
"rabbit@${cc_secondary}"
,
+ c
onfig_cluster
=> true,
+ cluster
_nodes
=> [
+
$cc_master
,
+
$cc_secondary
,
],
],
- clustercookie => '8r17so6o1s124ns49sr08n0o24342160',
+ cluster_node_type => 'disc',
+ erlang_cookie => '8r17so6o1s124ns49sr08n0o24342160',
delete_guest_user => true,
delete_guest_user => true,
- master => $cc_master,
- }
-
- rabbitmq_user { 'admin':
- admin => true,
- password => $admin_password,
- provider => 'rabbitmqctl',
- }
-
- rabbitmq_vhost { 'packages':
- ensure => present,
- provider => 'rabbitmqctl',
+ ssl => true,
+ ssl_cacert => '/etc/ssl/debian/certs/ca.crt',
+ ssl_cert => '/etc/ssl/debian/certs/thishost-server.crt',
+ ssl_key => '/etc/ssl/private/thishost-server.key',
+ ssl_port => 5671,
+ ssl_verify => 'verify_none',
+ repos_ensure => false,
}
}
- rabbitmq_user_permissions { 'admin@packages':
- configure_permission => '.*',
- read_permission => '.*',
- write_permission => '.*',
- provider => 'rabbitmqctl',
- require => [
- Rabbitmq_user['admin'],
- Rabbitmq_vhost['packages']
- ]
+ user { 'rabbitmq':
+ groups => 'ssl-cert'
}
}
- rabbitmq_user_permissions { 'admin@/':
- configure_permission => '.*',
- read_permission => '.*',
- write_permission => '.*',
- provider => 'rabbitmqctl',
- require => Rabbitmq_user['admin']
- }
-
- @ferm::rule { 'rabbitmq':
+ ferm::rule { 'rabbitmq':
description => 'rabbitmq connections',
description => 'rabbitmq connections',
- rule => '&SERVICE_RANGE(tcp, 567
2
, $HOST_DEBIAN_V4)'
+ rule => '&SERVICE_RANGE(tcp, 567
1
, $HOST_DEBIAN_V4)'
}
}
-
@
ferm::rule { 'rabbitmq-v6':
+ ferm::rule { 'rabbitmq-v6':
domain => 'ip6',
description => 'rabbitmq connections',
domain => 'ip6',
description => 'rabbitmq connections',
- rule => '&SERVICE_RANGE(tcp, 567
2
, $HOST_DEBIAN_V6)'
+ rule => '&SERVICE_RANGE(tcp, 567
1
, $HOST_DEBIAN_V6)'
}
if $::hostname == $cc_master {
}
if $::hostname == $cc_master {
- $you = $cc_secondary
+ $you = '5.153.231.15'
+ $you6 = '2001:41c8:1000:21::21:15'
} else {
} else {
- $you = $cc_master
+ $you = '5.153.231.16'
+ $you6 = '2001:41c8:1000:21::21:16'
}
}
-
@
ferm::rule { 'rabbitmq_cluster':
- domain => '
(ip ip6)
',
+ ferm::rule { 'rabbitmq_cluster':
+ domain => '
ip
',
description => 'rabbitmq cluster connections',
rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
}
description => 'rabbitmq cluster connections',
rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
}
+ ferm::rule { 'rabbitmq_cluster_v6':
+ domain => 'ip6',
+ description => 'rabbitmq cluster connections',
+ rule => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
+ }
}
}