--- /dev/null
+# MQ admin notes
+
+## The design is resilient
+* There are two hosts, rapoport and rainier.
+* The service will stay up if either is up.
+* Individual connections will break, but the clients know how to reconnect
+* All queues and exchanges configured to be created as durable by default
+
+## The design is reasonably secure
+* All connections are over SSL, using the autoca host certs
+* The default guest account has been removed
+* All d.o machines have autogenerated passwords
+
+## Admin tools
+* Web consoles
+ * https://rainier.debian.org:15672
+ * https://rapoport.debian.org:15672
+* CLI tool
+ * go to either
+ * https://rainier.debian.org:15672/cli/
+ * https://rapoport.debian.org:15672/cli/
+ * Download the rabbitmqadmin tool and put in ~/bin
+ * set up ~/.rabbitmqadmin.conf. Passwords on handel
+
+Sample `.rabbitmqadmin.conf`:
+
+ [rainier]
+ hostname = rainier.debian.org
+ port = 15672
+ username = admin
+ password = XXX
+ ssl = True
+
+ [rapoport]
+ hostname = rapoport.debian.org
+ port = 15672
+ username = admin
+ password = XX
+ ssl = True
+
+## A word about terminology:
+pubsub messaging involves a sender and a receiver.
+
+The sender connects to an exchange, and publishes a message. The sender
+may or may not create the exchange during the course of that action.
+During message sending, the sender declares a topic for the message.
+
+Topics are just '.' separated strings, eg dsa.git.mail,
+ftpteam.package.upload.clamav, etc. They allow for two types of
+wildcards. dsa.git.* matches any single git repo but not
+dsa.git.mail.commit. #.clamav match anything ending in clamav, no
+matter how many separators.
+
+The receiver connects to a queue, binds it to an exchange with a topic
+binding for a specific topic, and waits for a message. If a message
+submitted to the exchange matches the topic, it is routed to the
+receiver queue, and the receiver gets it.
+
+The tcp connection from a client to the MQ server is called a channel.
+The protocol layer on top of the TCP connection is called a connection
+(I know, good, right?). The connection between a queue and an exchange
+is called a binding.
+
+---
+Sun, 26 Jan 2014 17:24:28 +0000
# Tying it all together
-
+
Figure 1: The Debian DNS Rube Goldberg Machine.
also prevent it from getting expired by issuing timly updates of the
keys metadata.
-# Relevant Git repositories:
+# Relevant Git repositories
* [domains]
* [auto-dns]
* [mini-nag]
* [dns-helpers]
* [puppet]
+* [nagioschecks]
[^ldap]: `ldapsearch -h db.debian.org -x -ZZ -b dc=debian,dc=org -LLL 'host=master'`
[mini-nag]: http://anonscm.debian.org/gitweb/?p=mirror/dsa-mini-nag.git;a=tree
[dns-helpers]: http://anonscm.debian.org/gitweb/?p=mirror/dns-helpers.git;a=tree
[static]: http://anonscm.debian.org/gitweb/?p=mirror/dsa-auto-dns.git;a=blob;f=services/static.debian.org.service;hb=HEAD
+[nagioschecks]: http://anonscm.debian.org/gitweb/?p=mirror/dsa-nagios.git;a=tree;f=dsa-nagios-checks/checks;hb=HEAD
-- Peter Palfrader
* Remove any references from puppet configuration
* Remove references to the host from DNS files, including reverse DNS
* Get rid of the HW (tell the hoster to get rid of it or other as appropriate)
+ * Remove MQ queues related to machine (see [[doc/mq]] for details)
+
+ for queue in $(rabbitmqadmin -N rainier list queues name | \
+ grep unger.debian.org | \
+ awk '{print $2}') ; do
+ rabbitmqadmin -N rainier -V dsa delete queue name=$queue
+ done
Three months after decomissioning:
projects / mirror / dsa-wiki.git / commitdiff
