X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fpubsub%2Fentities.pp;h=9ce30f49c3c35466377e23a50363ceca00bde1f3;hb=a52f9845b97672888a2ceba7b0b11a593f0872f1;hp=acbc1739d0f70a53d279a773298747e92eff9a54;hpb=d3cb659116b7c5d4ed4b24da4d1f95a2538db8fe;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/pubsub/entities.pp b/modules/roles/manifests/pubsub/entities.pp index acbc1739d..9ce30f49c 100644 --- a/modules/roles/manifests/pubsub/entities.pp +++ b/modules/roles/manifests/pubsub/entities.pp @@ -16,6 +16,7 @@ class roles::pubsub::entities { $mailadm_password = $roles::pubsub::params::mailadm_password $mailly_password = $roles::pubsub::params::mailly_password $muffat_password = $roles::pubsub::params::muffat_password + $pet_password = $roles::pubsub::params::pet_password rabbitmq_user { 'admin': admin => true, @@ -24,41 +25,51 @@ class roles::pubsub::entities { } rabbitmq_user { 'ftpteam': - admin => true, + admin => false, password => $ftp_password, provider => 'rabbitmqctl', } rabbitmq_user { 'buildd': - admin => true, + admin => false, password => $buildd_password, provider => 'rabbitmqctl', } rabbitmq_user { 'wbadm': - admin => true, + admin => false, password => $wbadm_password, provider => 'rabbitmqctl', } rabbitmq_user { 'mailadm': - admin => true, + admin => false, password => $mailadm_password, provider => 'rabbitmqctl', } rabbitmq_user { 'mailly': - admin => true, + admin => false, password => $mailly_password, provider => 'rabbitmqctl', } rabbitmq_user { 'muffat': - admin => true, + admin => false, password => $muffat_password, provider => 'rabbitmqctl', } + rabbitmq_user { 'pet-devel': + admin => false, + password => $pet_password, + provider => 'rabbitmqctl', + } + + do_hosts = keys($site::localinfo) + + rabbitmq::autouser { do_hosts: } + rabbitmq_vhost { 'packages': ensure => present, provider => 'rabbitmqctl', @@ -74,6 +85,11 @@ class roles::pubsub::entities { provider => 'rabbitmqctl', } + rabbitmq_vhost { 'pet': + ensure => present, + provider => 'rabbitmqctl', + } + rabbitmq_user_permissions { 'admin@/': configure_permission => '.*', read_permission => '.*', @@ -115,6 +131,17 @@ class roles::pubsub::entities { ] } + rabbitmq_user_permissions { 'admin@pet': + configure_permission => '.*', + read_permission => '.*', + write_permission => '.*', + provider => 'rabbitmqctl', + require => [ + Rabbitmq_user['admin'], + Rabbitmq_vhost['pet'] + ] + } + rabbitmq_user_permissions { 'ftpteam@packages': configure_permission => '.*', read_permission => '.*', @@ -170,9 +197,9 @@ class roles::pubsub::entities { } rabbitmq_user_permissions { 'mailly@dsa': - configure_permission => '*', - read_permission => '*', - write_permission => '*', + configure_permission => '.*', + read_permission => '.*', + write_permission => '.*', provider => 'rabbitmqctl', require => [ Rabbitmq_user['mailly'], @@ -181,9 +208,9 @@ class roles::pubsub::entities { } rabbitmq_user_permissions { 'muffat@dsa': - configure_permission => '*', - read_permission => '*', - write_permission => '*', + configure_permission => '.*', + read_permission => '.*', + write_permission => '.*', provider => 'rabbitmqctl', require => [ Rabbitmq_user['muffat'], @@ -191,6 +218,17 @@ class roles::pubsub::entities { ] } + rabbitmq_user_permissions { 'pet-devel@pet': + configure_permission => '.*', + read_permission => '.*', + write_permission => '.*', + provider => 'rabbitmqctl', + require => [ + Rabbitmq_user['pet-devel'], + Rabbitmq_vhost['pet'] + ] + } + rabbitmq_policy { 'mirror-dsa': vhost => 'dsa', match => '.*', @@ -212,6 +250,13 @@ class roles::pubsub::entities { require => Rabbitmq_vhost['packages'] } + rabbitmq_policy { 'mirror_pet': + vhost => 'pet', + match => '.*', + policy => '{"ha-mode":"all"}', + require => Rabbitmq_vhost['pet'] + } + rabbitmq_plugin { 'rabbitmq_management': ensure => present, provider => 'rabbitmqplugins',