From c960f916ab54110341139741b2e4b3e7eb97218e Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sun, 26 Jan 2014 17:37:48 +0000
Subject: [PATCH] add some MQ notes

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 input/doc/mq.mdwn            | 63 ++++++++++++++++++++++++++++++++++++
 input/howto/decomission.mdwn |  2 ++
 2 files changed, 65 insertions(+)
 create mode 100644 input/doc/mq.mdwn

diff --git a/input/doc/mq.mdwn b/input/doc/mq.mdwn
new file mode 100644
index 0000000..589c46f
--- /dev/null
+++ b/input/doc/mq.mdwn
@@ -0,0 +1,63 @@
+MQ admin notes
+========================================
+
+The design is resilient
+* There are two hosts, rapoport and rainier.
+* The service will stay up if either is up.
+* Individual connections will break, but the clients know how to reconnect
+* All queues and exchanges configured to be created as durable by default
+
+The design is reasonably secure
+* All connections are over SSL, using the autoca host certs
+* The default guest account has been removed
+* All d.o machines have autogenerated passwords
+
+Admin tools
+* Web consoles
+  * https://rainier.debian.org:15672
+  * https://rapoport.debian.org:15672
+* CLI tool
+  * go to either
+    * https://rainier.debian.org:15672/cli/
+    * https://rapoport.debian.org:15672/cli/
+  * Download the rabbitmqadmin tool and put in ~/bin
+  * set up ~/.rabbitmqadmin.conf.  Passwords on handel
+[rainier]
+hostname = rainier.debian.org
+port = 15672
+username = admin
+password = XXX
+ssl = True
+
+[rapoport]
+hostname = rapoport.debian.org
+port = 15672
+username = admin
+password = XX
+ssl = True
+
+A word about terminology:
+pubsub messaging involves a sender and a receiver.
+
+The sender connects to an exchange, and publishes a message.  The sender
+may or may not create the exchange during the course of that action.
+During message sending, the sender declares a topic for the message.
+
+Topics are just '.' separated strings, eg dsa.git.mail,
+ftpteam.package.upload.clamav, etc.  They allow for two types of
+wildcards.  dsa.git.* matches any single git repo but not
+dsa.git.mail.commit.  #.clamav match anything ending in clamav, no
+matter how many separators.
+
+The receiver connects to a queue, binds it to an exchange with a topic
+binding for a specific topic, and waits for a message.  If a message
+submitted to the exchange matches the topic, it is routed to the
+receiver queue, and the receiver gets it.
+
+The tcp connection from a client to the MQ server is called a channel.
+The protocol layer on top of the TCP connection is called a connection
+(I know, good, right?).  The connection between a queue and an exchange
+is called a binding.
+
+---
+Sun, 26 Jan 2014 17:24:28 +0000
diff --git a/input/howto/decomission.mdwn b/input/howto/decomission.mdwn
index db66aa6..c4e5c58 100644
--- a/input/howto/decomission.mdwn
+++ b/input/howto/decomission.mdwn
@@ -18,6 +18,8 @@
  * Remove any references from puppet configuration
  * Remove references to the host from DNS files, including reverse DNS
  * Get rid of the HW (tell the hoster to get rid of it or other as appropriate)
+ * Remove MQ queues related to machine (see [[MQ]] for details)
+    for queue in $(rabbitmqadmin -N rainier list queues name | grep unger.debian.org | awk '{print $2}') ; do rabbitmqadmin -N rainier -V dsa delete queue name=$queue; done
 
 Three months after decomissioning:
 
-- 
2.20.1