# config and ssl.
class rabbitmq::config {
- $admin_enable = $rabbitmq::admin_enable
- $cluster_node_type = $rabbitmq::cluster_node_type
- $cluster_nodes = $rabbitmq::cluster_nodes
- $config = $rabbitmq::config
- $config_cluster = $rabbitmq::config_cluster
- $config_path = $rabbitmq::config_path
- $config_stomp = $rabbitmq::config_stomp
- $default_user = $rabbitmq::default_user
- $default_pass = $rabbitmq::default_pass
- $env_config = $rabbitmq::env_config
- $env_config_path = $rabbitmq::env_config_path
- $erlang_cookie = $rabbitmq::erlang_cookie
- $interface = $rabbitmq::interface
- $management_port = $rabbitmq::management_port
- $node_ip_address = $rabbitmq::node_ip_address
- $plugin_dir = $rabbitmq::plugin_dir
- $rabbitmq_user = $rabbitmq::rabbitmq_user
- $rabbitmq_group = $rabbitmq::rabbitmq_group
- $rabbitmq_home = $rabbitmq::rabbitmq_home
- $port = $rabbitmq::port
- $tcp_keepalive = $rabbitmq::tcp_keepalive
- $service_name = $rabbitmq::service_name
- $ssl = $rabbitmq::ssl
- $ssl_only = $rabbitmq::ssl_only
- $ssl_cacert = $rabbitmq::ssl_cacert
- $ssl_cert = $rabbitmq::ssl_cert
- $ssl_key = $rabbitmq::ssl_key
- $ssl_port = $rabbitmq::ssl_port
- $ssl_interface = $rabbitmq::ssl_interface
- $ssl_management_port = $rabbitmq::ssl_management_port
- $ssl_stomp_port = $rabbitmq::ssl_stomp_port
- $ssl_verify = $rabbitmq::ssl_verify
- $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert
- $ssl_versions = $rabbitmq::ssl_versions
- $ssl_ciphers = $rabbitmq::ssl_ciphers
- $stomp_port = $rabbitmq::stomp_port
- $ldap_auth = $rabbitmq::ldap_auth
- $ldap_server = $rabbitmq::ldap_server
- $ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern
- $ldap_other_bind = $rabbitmq::ldap_other_bind
- $ldap_use_ssl = $rabbitmq::ldap_use_ssl
- $ldap_port = $rabbitmq::ldap_port
- $ldap_log = $rabbitmq::ldap_log
- $ldap_config_variables = $rabbitmq::ldap_config_variables
- $wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change
- $config_variables = $rabbitmq::config_variables
- $config_kernel_variables = $rabbitmq::config_kernel_variables
- $cluster_partition_handling = $rabbitmq::cluster_partition_handling
- $file_limit = $rabbitmq::file_limit
- $default_env_variables = {
- 'NODE_PORT' => $port,
- 'NODE_IP_ADDRESS' => $node_ip_address
+ $admin_enable = $rabbitmq::admin_enable
+ $cluster_node_type = $rabbitmq::cluster_node_type
+ $cluster_nodes = $rabbitmq::cluster_nodes
+ $config = $rabbitmq::config
+ $config_cluster = $rabbitmq::config_cluster
+ $config_path = $rabbitmq::config_path
+ $config_ranch = $rabbitmq::config_ranch
+ $config_stomp = $rabbitmq::config_stomp
+ $config_shovel = $rabbitmq::config_shovel
+ $config_shovel_statics = $rabbitmq::config_shovel_statics
+ $default_user = $rabbitmq::default_user
+ $default_pass = $rabbitmq::default_pass
+ $env_config = $rabbitmq::env_config
+ $env_config_path = $rabbitmq::env_config_path
+ $erlang_cookie = $rabbitmq::erlang_cookie
+ $interface = $rabbitmq::interface
+ $management_port = $rabbitmq::management_port
+ $management_ssl = $rabbitmq::management_ssl
+ $management_hostname = $rabbitmq::management_hostname
+ $node_ip_address = $rabbitmq::node_ip_address
+ $rabbitmq_user = $rabbitmq::rabbitmq_user
+ $rabbitmq_group = $rabbitmq::rabbitmq_group
+ $rabbitmq_home = $rabbitmq::rabbitmq_home
+ $port = $rabbitmq::port
+ $tcp_keepalive = $rabbitmq::tcp_keepalive
+ $tcp_backlog = $rabbitmq::tcp_backlog
+ $tcp_sndbuf = $rabbitmq::tcp_sndbuf
+ $tcp_recbuf = $rabbitmq::tcp_recbuf
+ $heartbeat = $rabbitmq::heartbeat
+ $service_name = $rabbitmq::service_name
+ $ssl = $rabbitmq::ssl
+ $ssl_only = $rabbitmq::ssl_only
+ $ssl_cacert = $rabbitmq::ssl_cacert
+ $ssl_cert = $rabbitmq::ssl_cert
+ $ssl_key = $rabbitmq::ssl_key
+ $ssl_depth = $rabbitmq::ssl_depth
+ $ssl_cert_password = $rabbitmq::ssl_cert_password
+ $ssl_port = $rabbitmq::ssl_port
+ $ssl_interface = $rabbitmq::ssl_interface
+ $ssl_management_port = $rabbitmq::ssl_management_port
+ $ssl_management_verify = $rabbitmq::ssl_management_verify
+ $ssl_management_fail_if_no_peer_cert = $rabbitmq::ssl_management_fail_if_no_peer_cert
+ $ssl_stomp_port = $rabbitmq::ssl_stomp_port
+ $ssl_verify = $rabbitmq::ssl_verify
+ $ssl_fail_if_no_peer_cert = $rabbitmq::ssl_fail_if_no_peer_cert
+ $ssl_secure_renegotiate = $rabbitmq::ssl_secure_renegotiate
+ $ssl_reuse_sessions = $rabbitmq::ssl_reuse_sessions
+ $ssl_honor_cipher_order = $rabbitmq::ssl_honor_cipher_order
+ $ssl_dhfile = $rabbitmq::ssl_dhfile
+ $ssl_versions = $rabbitmq::ssl_versions
+ $ssl_ciphers = $rabbitmq::ssl_ciphers
+ $stomp_port = $rabbitmq::stomp_port
+ $stomp_ssl_only = $rabbitmq::stomp_ssl_only
+ $ldap_auth = $rabbitmq::ldap_auth
+ $ldap_server = $rabbitmq::ldap_server
+ $ldap_user_dn_pattern = $rabbitmq::ldap_user_dn_pattern
+ $ldap_other_bind = $rabbitmq::ldap_other_bind
+ $ldap_use_ssl = $rabbitmq::ldap_use_ssl
+ $ldap_port = $rabbitmq::ldap_port
+ $ldap_log = $rabbitmq::ldap_log
+ $ldap_config_variables = $rabbitmq::ldap_config_variables
+ $wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change
+ $config_variables = $rabbitmq::config_variables
+ $config_kernel_variables = $rabbitmq::config_kernel_variables
+ $config_management_variables = $rabbitmq::config_management_variables
+ $config_additional_variables = $rabbitmq::config_additional_variables
+ $auth_backends = $rabbitmq::auth_backends
+ $cluster_partition_handling = $rabbitmq::cluster_partition_handling
+ $file_limit = $rabbitmq::file_limit
+ $collect_statistics_interval = $rabbitmq::collect_statistics_interval
+ $ipv6 = $rabbitmq::ipv6
+ $inetrc_config = $rabbitmq::inetrc_config
+ $inetrc_config_path = $rabbitmq::inetrc_config_path
+ $ssl_erl_dist = $rabbitmq::ssl_erl_dist
+ $loopback_users = $rabbitmq::loopback_users
+
+ if $ssl_only {
+ $default_ssl_env_variables = {}
+ } else {
+ $default_ssl_env_variables = {
+ 'NODE_PORT' => $port,
+ 'NODE_IP_ADDRESS' => $node_ip_address,
+ }
+ }
+
+ # This seems like a sensible default, and I think we have to assign it here
+ # to be safe. Use $node_ip_address (which can also be undef) if
+ # $management_ip_address is not set.
+ if $rabbitmq::management_ip_address {
+ $management_ip_address = $rabbitmq::management_ip_address
+ } else {
+ $management_ip_address = $rabbitmq::node_ip_address
}
+ $inetrc_env = {'export ERL_INETRC' => $inetrc_config_path}
+
# Handle env variables.
- $environment_variables = merge($default_env_variables, $rabbitmq::environment_variables)
+ $_environment_variables = $default_ssl_env_variables + $inetrc_env + $rabbitmq::environment_variables
+
+ if $ipv6 or $ssl_erl_dist {
+ # must append "-proto_dist inet6_tcp" to any provided ERL_ARGS for
+ # both the server and rabbitmqctl, being careful not to mess up
+ # quoting. If both IPv6 and TLS are enabled, we must use "inet6_tls".
+ # Finally, if only TLS is enabled (no IPv6), the -proto_dist value to use
+ # is "inet_tls".
+ if $ipv6 and $ssl_erl_dist {
+ $proto_dist = 'inet6_tls'
+ $ssl_path = " -pa ${::erl_ssl_path} "
+ } elsif $ssl_erl_dist {
+ $proto_dist = 'inet_tls'
+ $ssl_path = " -pa ${::erl_ssl_path} "
+ } else {
+ $proto_dist = 'inet6_tcp'
+ $ssl_path = ''
+ }
+ $ipv6_or_tls_env = ['SERVER', 'CTL'].reduce({}) |$memo, $item| {
+ $orig = $_environment_variables["RABBITMQ_${item}_ERL_ARGS"]
+ $munged = $orig ? {
+ # already quoted, keep quoting
+ /^([\'\"])(.*)\1/ => "${1}${2}${ssl_path} -proto_dist ${proto_dist}${1}",
+ # unset, add our own quoted value
+ undef => "\"${ssl_path}-proto_dist ${proto_dist}\"",
+ # previously unquoted value, add quoting
+ default => "\"${orig}${ssl_path} -proto_dist ${proto_dist}\"",
+ }
+
+ merge($memo, {"RABBITMQ_${item}_ERL_ARGS" => $munged})
+ }
+
+ $environment_variables = $_environment_variables + $ipv6_or_tls_env
+ } else {
+ $environment_variables = $_environment_variables
+ }
file { '/etc/rabbitmq':
ensure => directory,
owner => '0',
group => '0',
- mode => '0644',
+ mode => '0755',
}
file { '/etc/rabbitmq/ssl':
ensure => directory,
owner => '0',
group => '0',
- mode => '0644',
+ mode => '0755',
}
file { 'rabbitmq.config':
path => $config_path,
content => template($config),
owner => '0',
- group => '0',
- mode => '0644',
- notify => Class['rabbitmq::service'],
+ group => $rabbitmq_group,
+ mode => '0640',
}
file { 'rabbitmq-env.config':
path => $env_config_path,
content => template($env_config),
owner => '0',
- group => '0',
- mode => '0644',
- notify => Class['rabbitmq::service'],
+ group => $rabbitmq_group,
+ mode => '0640',
+ }
+
+ file { 'rabbitmq-inetrc':
+ ensure => file,
+ path => $inetrc_config_path,
+ content => template($inetrc_config),
+ owner => '0',
+ group => $rabbitmq_group,
+ mode => '0640',
}
if $admin_enable {
path => '/etc/rabbitmq/rabbitmqadmin.conf',
content => template('rabbitmq/rabbitmqadmin.conf.erb'),
owner => '0',
- group => '0',
- mode => '0644',
+ group => $rabbitmq_group,
+ mode => '0640',
require => File['/etc/rabbitmq'],
}
}
- case $::osfamily {
+ case $facts['os']['family'] {
'Debian': {
file { '/etc/default/rabbitmq-server':
ensure => file,
mode => '0644',
owner => '0',
group => '0',
- notify => Class['rabbitmq::service'],
}
}
'RedHat': {
- if versioncmp($::operatingsystemmajrelease, '7') >= 0 {
- file { '/etc/systemd/system/rabbitmq-server.service.d':
- ensure => directory,
- owner => '0',
- group => '0',
- mode => '0755',
- selinux_ignore_defaults => true,
- } ->
- file { '/etc/systemd/system/rabbitmq-server.service.d/limits.conf':
- content => template('rabbitmq/rabbitmq-server.service.d/limits.conf'),
- owner => '0',
- group => '0',
- mode => '0644',
- notify => Exec['rabbitmq-systemd-reload'],
- }
- exec { 'rabbitmq-systemd-reload':
- command => '/usr/bin/systemctl daemon-reload',
- notify => Class['Rabbitmq::Service'],
- refreshonly => true,
- }
- } else {
- file { '/etc/security/limits.d/rabbitmq-server.conf':
- content => template('rabbitmq/limits.conf'),
- owner => '0',
- group => '0',
- mode => '0644',
- notify => Class['Rabbitmq::Service'],
- }
+ file { '/etc/security/limits.d/rabbitmq-server.conf':
+ content => template('rabbitmq/limits.conf'),
+ owner => '0',
+ group => '0',
+ mode => '0644',
}
}
- default: {
- }
+ default: { }
}
- if $config_cluster {
+ if $facts['systemd'] { # systemd fact provided by systemd module
+ systemd::service_limits { "${service_name}.service":
+ limits => {'LimitNOFILE' => $file_limit},
+ # The service will be notified when config changes
+ restart_service => false,
+ }
+ }
- if $erlang_cookie == undef {
- fail('You must set the $erlang_cookie value in order to configure clustering.')
- } else {
- rabbitmq_erlang_cookie { "${rabbitmq_home}/.erlang.cookie":
- content => $erlang_cookie,
- force => $wipe_db_on_cookie_change,
- rabbitmq_user => $rabbitmq_user,
- rabbitmq_group => $rabbitmq_group,
- rabbitmq_home => $rabbitmq_home,
- service_name => $service_name,
- before => File['rabbitmq.config'],
- notify => Class['rabbitmq::service'],
- }
+ if $erlang_cookie == undef and $config_cluster {
+ fail('You must set the $erlang_cookie value in order to configure clustering.')
+ } elsif $erlang_cookie != undef {
+ rabbitmq_erlang_cookie { "${rabbitmq_home}/.erlang.cookie":
+ content => $erlang_cookie,
+ force => $wipe_db_on_cookie_change,
+ rabbitmq_user => $rabbitmq_user,
+ rabbitmq_group => $rabbitmq_group,
+ rabbitmq_home => $rabbitmq_home,
+ service_name => $service_name,
+ before => File['rabbitmq.config'],
}
}
}
projects / mirror / dsa-puppet.git / blobdiff