X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fpubsub%2Fentities.pp;h=3f2d3c936aa4e6adf7118a896039b8da116abbf4;hb=281a027d9d2bb22a59292a6b72229efe74c1a4d2;hp=d06832fa3cdedf35171bb715111e8891e2c230d8;hpb=62823a752e52be5f80185c80e2e0298cb6f75398;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/pubsub/entities.pp b/modules/roles/manifests/pubsub/entities.pp
index d06832fa3..3f2d3c936 100644
--- a/modules/roles/manifests/pubsub/entities.pp
+++ b/modules/roles/manifests/pubsub/entities.pp
@@ -1,10 +1,22 @@
+# = Class: roles::pubsub::entities
+#
+# MQ users, vhosts, policies, and permissions for pubsub hosts
+#
+# == Sample Usage:
+#
+#   include roles::pubsub::entities
+#
 class roles::pubsub::entities {
 	include roles::pubsub::params
 
-	$admin_password  = $roles::pubsub::params::admin_password
-	$ftp_password    = $roles::pubsub::params::ftp_password
-	$buildd_password = $roles::pubsub::params::buildd_password
-	$wbadm_password  = $roles::pubsub::params::wbadm_password
+	$admin_password   = $roles::pubsub::params::admin_password
+	$ftp_password     = $roles::pubsub::params::ftp_password
+	$buildd_password  = $roles::pubsub::params::buildd_password
+	$wbadm_password   = $roles::pubsub::params::wbadm_password
+	$mailadm_password = $roles::pubsub::params::mailadm_password
+	$mailly_password  = $roles::pubsub::params::mailly_password
+	$muffat_password  = $roles::pubsub::params::muffat_password
+	$pet_password     = $roles::pubsub::params::pet_password
 
 	rabbitmq_user { 'admin':
 		admin    => true,
@@ -13,23 +25,47 @@ class roles::pubsub::entities {
 	}
 
 	rabbitmq_user { 'ftpteam':
-		admin    => true,
+		admin    => false,
 		password => $ftp_password,
 		provider => 'rabbitmqctl',
 	}
 
 	rabbitmq_user { 'buildd':
-		admin    => true,
+		admin    => false,
 		password => $buildd_password,
 		provider => 'rabbitmqctl',
 	}
 
 	rabbitmq_user { 'wbadm':
-		admin    => true,
+		admin    => false,
 		password => $wbadm_password,
 		provider => 'rabbitmqctl',
 	}
 
+	rabbitmq_user { 'mailadm':
+		admin    => false,
+		password => $mailadm_password,
+		provider => 'rabbitmqctl',
+	}
+
+	rabbitmq_user { 'mailly':
+		admin    => false,
+		password => $mailly_password,
+		provider => 'rabbitmqctl',
+	}
+
+	rabbitmq_user { 'muffat':
+		admin    => false,
+		password => $muffat_password,
+		provider => 'rabbitmqctl',
+	}
+
+	rabbitmq_user { 'pet-devel':
+		admin    => false,
+		password => $pet_password,
+		provider => 'rabbitmqctl',
+	}
+
 	rabbitmq_vhost { 'packages':
 		ensure   => present,
 		provider => 'rabbitmqctl',
@@ -40,6 +76,16 @@ class roles::pubsub::entities {
 		provider => 'rabbitmqctl',
 	}
 
+	rabbitmq_vhost { 'dsa':
+		ensure   => present,
+		provider => 'rabbitmqctl',
+	}
+
+	rabbitmq_vhost { 'pet':
+		ensure   => present,
+		provider => 'rabbitmqctl',
+	}
+
 	rabbitmq_user_permissions { 'admin@/':
 		configure_permission => '.*',
 		read_permission      => '.*',
@@ -58,6 +104,18 @@ class roles::pubsub::entities {
 			Rabbitmq_vhost['buildd']
 		]
 	}
+
+	rabbitmq_user_permissions { 'admin@dsa':
+		configure_permission => '.*',
+		read_permission      => '.*',
+		write_permission     => '.*',
+		provider             => 'rabbitmqctl',
+		require              => [
+			Rabbitmq_user['admin'],
+			Rabbitmq_vhost['dsa']
+		]
+	}
+
 	rabbitmq_user_permissions { 'admin@packages':
 		configure_permission => '.*',
 		read_permission      => '.*',
@@ -69,6 +127,17 @@ class roles::pubsub::entities {
 		]
 	}
 
+	rabbitmq_user_permissions { 'admin@pet':
+		configure_permission => '.*',
+		read_permission      => '.*',
+		write_permission     => '.*',
+		provider             => 'rabbitmqctl',
+		require              => [
+			Rabbitmq_user['admin'],
+			Rabbitmq_vhost['pet']
+		]
+	}
+
 	rabbitmq_user_permissions { 'ftpteam@packages':
 		configure_permission => '.*',
 		read_permission      => '.*',
@@ -112,6 +181,57 @@ class roles::pubsub::entities {
 		]
 	}
 
+	rabbitmq_user_permissions { 'mailadm@dsa':
+		configure_permission => '.*',
+		read_permission      => '.*',
+		write_permission     => '.*',
+		provider             => 'rabbitmqctl',
+		require              => [
+			Rabbitmq_user['mailadm'],
+			Rabbitmq_vhost['dsa']
+		]
+	}
+
+	rabbitmq_user_permissions { 'mailly@dsa':
+		configure_permission => '.*',
+		read_permission      => '.*',
+		write_permission     => '.*',
+		provider             => 'rabbitmqctl',
+		require              => [
+			Rabbitmq_user['mailly'],
+			Rabbitmq_vhost['dsa']
+		]
+	}
+
+	rabbitmq_user_permissions { 'muffat@dsa':
+		configure_permission => '.*',
+		read_permission      => '.*',
+		write_permission     => '.*',
+		provider             => 'rabbitmqctl',
+		require              => [
+			Rabbitmq_user['muffat'],
+			Rabbitmq_vhost['dsa']
+		]
+	}
+
+	rabbitmq_user_permissions { 'pet-devel@pet':
+		configure_permission => '.*',
+		read_permission      => '.*',
+		write_permission     => '.*',
+		provider             => 'rabbitmqctl',
+		require              => [
+			Rabbitmq_user['pet-devel'],
+			Rabbitmq_vhost['pet']
+		]
+	}
+
+	rabbitmq_policy { 'mirror-dsa':
+		vhost   => 'dsa',
+		match   => '.*',
+		policy  => '{"ha-mode":"all"}',
+		require => Rabbitmq_vhost['dsa']
+	}
+
 	rabbitmq_policy { 'mirror-buildd':
 		vhost   => 'buildd',
 		match   => '.*',
@@ -126,6 +246,13 @@ class roles::pubsub::entities {
 		require => Rabbitmq_vhost['packages']
 	}
 
+	rabbitmq_policy { 'mirror_pet':
+		vhost   => 'pet',
+		match   => '.*',
+		policy  => '{"ha-mode":"all"}',
+		require => Rabbitmq_vhost['pet']
+	}
+
 	rabbitmq_plugin { 'rabbitmq_management':
 		ensure   => present,
 		provider => 'rabbitmqplugins',