diff --git a/docs/README.rst b/docs/README.rst index 56fc7787..d55820a6 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -18,7 +18,7 @@ rabbitmq-formula :scale: 100% :target: https://github.com/pre-commit/pre-commit -This formula installs and configures RabbitMQ server on GNU/Linux. +This formula installs and configures RabbitMQ Clusters on GNU/Linux. .. contents:: **Table of Contents** :depth: 1 diff --git a/pillar.example b/pillar.example index 7ed9d7b4..5c5bffe1 100644 --- a/pillar.example +++ b/pillar.example @@ -1,42 +1,93 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- -rabbitmq: - cluster: - rabbit@locahost: +values: + nodes: + default: + clustered: false user: rabbit # 'node' would make more sense here host: localhost # short hostname of node to join to, not fqdn - ram_node: None - runas: rabbitmq - erlang_cookie: - name: /var/lib/rabbitmq/.erlang.cookie - value: shared-value-for-all-cluster-members - pkg: - # https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.14 - use_upstream: repo # if available (i.e. packagecloud) - service: - enabled: true - running: true - config: - # see rabbitmq.conf.example from rabbitmq-server github docs - # see https://www.rabbitmq.com/configure.html - context: - listeners.tcp.1: 0.0.0.0:5672 - env: - locale_all: en_US.UTF-8 - context: - # https://www.rabbitmq.com/configure.html#supported-environment-variables - rabbitmq_mnesia_base: /var/lib/rabbitmq - RABBITMQ_BASE: /var/lib/rabbitmq - # RABBITMQ_USE_LONGNAME: true # not working in ci - # https://www.rabbitmq.com/configure.html#supported-environment-variables - RABBITMQ_LOG_BASE: /var/log/rabbitmq - dir: - base: /var/lib/rabbitmq + erlang_cookie: shared-value-for-all-cluster-members + config: + listeners.tcp.1: 0.0.0.0:5672 + # auth_backends.1: ldap + # auth_backends.2: internal + # auth_ldap.servers.1: ldap.eng.megacorp.local + # auth_ldap.servers.2: 192.168.0.100 + # auth_ldap.user_dn_pattern: cn=${username},ou=People,dc=example,dc=com + # auth_ldap.use_ssl: false + # auth_ldap.port: 389 + # auth_ldap.log: false + service: true + plugins: + - rabbitmq_management + - rabbitmq_federation + - rabbitmq_federation_management + # rabbitmq_auth_backend_ldap + vhosts: + - test_vhost + users: {} + policy: + rabbitmq_policy: + - name: HA + - pattern: '.*' + - definition: '{"ha-mode": "all"}' + queues: + my-new-queue: + ## note : dict format + user: saltstack + passwd: password + durable: true + auto_delete: false + vhost: test_vhost + arguments: + - x-message-ttl: 8640000 + - x-expires: 8640000 + - x-dead-letter-exchange: my-new-exchange + upstreams: + upstream_1: + - uri: amqp://saltstack:password@localhost + - trust_user_id: true + - ack_mode: on-confirm + - max_hops: 1 + users: + user1: + - password: password + - force: true + - tags: monitoring, user + - perms: + - '/': + - '.*' + - '.*' + - '.*' + - runas: root + user2: + - password: password + - force: true + - tags: monitoring, user + - perms: + - '/': + - '.*' + - '.*' + - '.*' + - runas: root + saltstack: + - password: password + - force: false + - tags: + - administrator + - perms: + - test_vhost: + - '.*' + - '.*' + - '.*' + - runas: root - vhost: - - test_vhost + environ: + # https://www.rabbitmq.com/configure.html#supported-environment-variables + rabbitmq_mnesia_dir: /var/lib/rabbitmq + ## todo: add support for ... binding: my-new-binding: - destination_type: queue @@ -48,19 +99,6 @@ rabbitmq: - arguments: - 'x-message-ttl': 8640000 - queue: - my-new-queue: - ## note : dict format - user: saltstack - passwd: password - durable: true - auto_delete: false - vhost: test_vhost - arguments: - - x-message-ttl: 8640000 - - x-expires: 8640000 - - x-dead-letter-exchange: my-new-exchange - exchange: my-new-exchange: - user: saltstack @@ -74,58 +112,6 @@ rabbitmq: - 'alternate-**exchange': 'amq.fanout' - 'test-header': 'testing' - plugin: - rabbitmq_management: - runas: root - rabbitmq_federation: - runas: root - - policy: - rabbitmq_policy: - - name: HA - - pattern: '.*' - - definition: '{"ha-mode": "all"}' - - upstream: - upstream_1: - - uri: amqp://saltstack:password@localhost - - trust_user_id: true - - ack_mode: on-confirm - - max_hops: 1 - - user: - user1: - - password: password - - force: true - - tags: monitoring, user - - perms: - - '/': - - '.*' - - '.*' - - '.*' - - runas: root - user2: - - password: password - - force: true - - tags: monitoring, user - - perms: - - '/': - - '.*' - - '.*' - - '.*' - - runas: root - saltstack: - - password: password - - force: false - - tags: - - administrator - - perms: - - test_vhost: - - '.*' - - '.*' - - '.*' - - runas: root - tofs: # The files_switch key serves as a selector for alternative # directories under the formula files directory. See TOFS pattern diff --git a/rabbitmq/config/clean.sls b/rabbitmq/config/clean.sls index 326b47b3..9c1bb8b1 100644 --- a/rabbitmq/config/clean.sls +++ b/rabbitmq/config/clean.sls @@ -1,20 +1,13 @@ # -*- coding: utf-8 -*- # vim: ft=sls ---- -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} include: - - .file.clean - - {%- if salt['cmd.run']('test -f {0}/bin/rabbitmqctl'.format(rabbitmq.dir.base)) %} - - - .policy.clean - - .plugin.clean - - .upstream.clean - - .queue.clean - - .vhost.clean - - .user.clean - - .file.clean - - {%- endif %} + - .users.clean + - .vhosts.clean + - .queues.clean + - .policies.clean + - .plugins.clean + - .params.clean + - .upstreams.clean + - .clusters.clean + - .files.clean diff --git a/rabbitmq/config/cluster/install.sls b/rabbitmq/config/cluster/install.sls deleted file mode 100644 index d2a5c24f..00000000 --- a/rabbitmq/config/cluster/install.sls +++ /dev/null @@ -1,41 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} -{%- set sls_config_user = tplroot ~ '.config.user.install' %} - -include: - - {{ sls_service_running }} - - {{ sls_config_user }} - - {%- for name, cluster in salt["pillar.get"]("rabbitmq:cluster", {}).items() %} - {%- if cluster.host and 'erlang_cookie' in cluster and cluster.erlang_cookie is mapping %} - -rabbitmq-config-cluster-{{ name }}-join-{{ cluster.host }}: - file.managed: - - name: {{ cluster.erlang_cookie.name }} - - contents: {{ cluster.erlang_cookie.value }} - - mode: 400 - - user: rabbitmq - - group: {{ rabbitmq.rootgroup }} - - makedirs: True - - watch_in: - - service: rabbitmq-service-running-service-running - - {%- if 'host' in grains and grains.host not in cluster.host %} - - rabbitmq_cluster.joined: - - user: {{ cluster.user }} - - host: {{ cluster.host }} - - ram_node: {{ cluster.ram_node }} - - runas: {{ cluster.runas }} - - require: - - file: rabbitmq-config-cluster-{{ name }}-join-{{ cluster.host }} - - sls: {{ sls_config_user }} - - service: rabbitmq-service-running-service-running - - {%- endif %} - {%- endif %} - {%- endfor %} diff --git a/rabbitmq/config/clusters/clean.sls b/rabbitmq/config/clusters/clean.sls new file mode 100644 index 00000000..3369c517 --- /dev/null +++ b/rabbitmq/config/clusters/clean.sls @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls + +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if node and 'clustered' in node and node.clustered %} + +rabbitmq-config-clusters-{{ name }}-leave-{{ node.join_node }}: + file.absent: + - name: {{ rabbitmq.dir.data }}/{{ name }}/.erlang.cookie + cmd.run: + - names: + - /usr/sbin/rabbitmqctl --node {{ name }} stop_app + - /usr/sbin/rabbitmqctl --node {{ name }} reset + - /usr/sbin/rabbitmqctl --node {{ name }} start_app + - runas: rabbitmq + - onlyif: test -x /usr/sbin/rabbitmqctl + + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/cluster/init.sls b/rabbitmq/config/clusters/init.sls similarity index 100% rename from rabbitmq/config/cluster/init.sls rename to rabbitmq/config/clusters/init.sls diff --git a/rabbitmq/config/clusters/install.sls b/rabbitmq/config/clusters/install.sls new file mode 100644 index 00000000..f7a045e5 --- /dev/null +++ b/rabbitmq/config/clusters/install.sls @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls + +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} +{%- set sls_config_user = tplroot ~ '.config.user.install' %} + +include: + - {{ sls_service_running }} + - {{ sls_config_user }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if node and 'clustered' in node and node.clustered %} + +rabbitmq-config-clusters-{{ name }}-join-{{ node.join_node }}: + file.managed: + - name: {{ rabbitmq.dir.data }}/{{ name }}/.erlang.cookie + - contents: {{ node.erlang_cookie }} + - mode: 400 + - user: rabbitmq + - group: {{ rabbitmq.rootgroup }} + - makedirs: True + - require: + - sls: {{ sls_service_running }} + cmd.run: + - name: /usr/sbin/rabbitmqctl --node {{ name }} join_cluster {{ items.join_node }} + - runas: rabbitmq + - onlyif: test -x /usr/sbin/rabbitmqctl + - require: + - file: rabbitmq-config-clusters-{{ name }}-join-{{ node.host }} + - sls: {{ sls_config_user }} + - sls: {{ sls_service_running }} + + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/file/install.sls b/rabbitmq/config/file/install.sls deleted file mode 100644 index f0307b09..00000000 --- a/rabbitmq/config/file/install.sls +++ /dev/null @@ -1,89 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} - -rabbitmq-config-file-file-managed: - - {%- if salt['pillar.get']('rabbitmq:config:context', None) %} - file.managed: - - name: {{ rabbitmq.config.name }} - - source: {{ files_switch(['config.tmpl'], - lookup='rabbitmq-config-file-file-managed' - ) - }} - - mode: 644 - - user: root - - group: {{ rabbitmq.rootgroup }} - - makedirs: True - - template: jinja - - context: - config: {{ rabbitmq.config.context | json }} - - {%- else %} - test.show_notification: - - name: Skipping config file management - - text: | - No configuration data provided in the pillar data - - {%- endif %} - {%- if salt['pillar.get']('rabbitmq:env:context', None) %} - -rabbitmq-config-env-file-managed: - file.managed: - - name: {{ rabbitmq.env.name }} - - source: {{ files_switch(['config.tmpl'], - lookup='rabbitmq-config-env-file-managed' - ) - }} - - mode: 644 - - user: root - - group: {{ rabbitmq.rootgroup }} - - makedirs: True - - template: jinja - - context: - env: {{ rabbitmq.env.context | json }} - - {%- endif %} - {%- for filename, info in salt["pillar.get"]("rabbitmq:config_files", {}).items() %} - {%- set source = info['source'] %} - -rabbitmq-config-{{ filename }}-file-managed: - # depreciated - file.managed: - name: /etc/rabbitmq/{{ filename }} - {%- if source.startswith('salt://') %} - - source: {{ source }} - {%- else %} - - source: salt://{{ tplroot }}/{{ source }} - {% endif %} - - template: jinja - - context: {{ info.get('context', {})|json }} - - {% endfor %} - {%- if grains.os_family == 'RedHat' %} - -rabbitmq-config-file-file-managed-limits: - file.managed: - - name: /etc/systemd/system/{{ rabbitmq.service.name }}.service.d/limits.conf - - user: root - - group: root - - makedirs: true - - contents: - - [Service] - - LimitNOFILE=infinity - - TimeoutSec=150 - - require_in: - - service: rabbitmq-service-running-service-running - - {%- if rabbitmq.env.locale_all %} - environ.setenv: - - name: LC_ALL - - value: {{ rabbitmq.env.locale_all }} - - update_minion: True - - require_in: - - service: rabbitmq-service-running-service-running - {%- endif %} - {%- endif %} diff --git a/rabbitmq/config/file/clean.sls b/rabbitmq/config/files/clean.sls similarity index 70% rename from rabbitmq/config/file/clean.sls rename to rabbitmq/config/files/clean.sls index 5db4d38b..8ade1e02 100644 --- a/rabbitmq/config/file/clean.sls +++ b/rabbitmq/config/files/clean.sls @@ -8,11 +8,8 @@ include: - {{ sls_package_clean }} -rabbitmq-config-files-file-absent: +rabbitmq-config-files-absent: file.absent: - - names: - - {{ rabbitmq.config.name }} - - {{ rabbitmq.env.name }} - - /etc/rabbitmq + - name: /etc/rabbitmq - require_in: - sls: {{ sls_package_clean }} diff --git a/rabbitmq/config/file/init.sls b/rabbitmq/config/files/init.sls similarity index 100% rename from rabbitmq/config/file/init.sls rename to rabbitmq/config/files/init.sls diff --git a/rabbitmq/config/files/install.sls b/rabbitmq/config/files/install.sls new file mode 100644 index 00000000..be09d48d --- /dev/null +++ b/rabbitmq/config/files/install.sls @@ -0,0 +1,59 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'config' in node and node.config is mapping %} + +rabbitmq-config-files-managed-{{ name }}: + file.managed: + - name: {{ rabbitmq.dir.config }}/{{ {{ rabbitmq.config.name }} + - source: {{ files_switch(['config.tmpl'], + lookup='rabbitmq-config-file-file-managed' + ) + }} + - mode: 644 + - user: root + - group: {{ rabbitmq.rootgroup }} + - makedirs: True + - template: jinja + - context: + config: {{ node.config | json }} + + {%- endif %} + {%- endfor %} + {%- if 'environ' in rabbitmq and rabbitmq.environ %} + +rabbitmq-config-files-environ-managed: + file.managed: + - name: {{ rabbitmq.dir.config }}/rabbitmq-env.conf + - source: {{ files_switch(['config.tmpl'], + lookup='rabbitmq-config-files-environ-managed' + ) + }} + - mode: 644 + - user: root + - group: {{ rabbitmq.rootgroup }} + - makedirs: True + - template: jinja + - context: + env: {{ rabbitmq.environ | json }} + + {%- endif %} + {%- if grains.os_family == 'RedHat' and rabbitmq.locale_all %} + +rabbitmq-config-files-environ-setenv: + environ.setenv: + - name: LC_ALL + - value: {{ rabbitmq.env.locale_all }} + - update_minion: True + + {%- endif %} + {%- endif %} + diff --git a/rabbitmq/config/init.sls b/rabbitmq/config/init.sls index 93320b7e..db12da7b 100644 --- a/rabbitmq/config/init.sls +++ b/rabbitmq/config/init.sls @@ -2,11 +2,12 @@ # vim: ft=sls include: - - .file - - .user - - .vhost - - .queue - - .policy - - .plugin - - .upstream - # .cluster should be run once, not always + - .files + - .clusters + - .users + - .vhosts + - .queues + - .policies + - .plugins + - .params + - .upstreams diff --git a/rabbitmq/config/params/clean.sls b/rabbitmq/config/params/clean.sls new file mode 100644 index 00000000..e69de29b diff --git a/rabbitmq/config/plugin/init.sls b/rabbitmq/config/params/init.sls similarity index 100% rename from rabbitmq/config/plugin/init.sls rename to rabbitmq/config/params/init.sls diff --git a/rabbitmq/config/params/install.sls b/rabbitmq/config/params/install.sls new file mode 100644 index 00000000..6cde8f7c --- /dev/null +++ b/rabbitmq/config/params/install.sls @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'params' in node and node.params is mapping %} + {%- for param, items in node.params.items() %} + +rabbitmq-config-params-present-{{ param }}: + cmd.run: + - name: /usr/sbin/rabbitmqctl --node {{ name }} {{ items.action }} {{ items.args|join(' ') }} + - onlyif: test -x /usr/sbin/rabbitmqctl + - require: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/plugin/clean.sls b/rabbitmq/config/plugin/clean.sls deleted file mode 100644 index 986891f9..00000000 --- a/rabbitmq/config/plugin/clean.sls +++ /dev/null @@ -1,16 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} - - {%- if 'plugin' in rabbitmq and rabbitmq.plugin is mapping %} - {%- for name in rabbitmq.plugin %} - -rabbitmq-config-plugin-disabled-{{ name }}: - rabbitmq_plugin.disabled: - - name: {{ name }} - - runas: {{ rabbitmq.plugin[name]['runas'] }} - - {%- endfor %} - {%- endif %} diff --git a/rabbitmq/config/plugin/install.sls b/rabbitmq/config/plugin/install.sls deleted file mode 100644 index 5dcf27cf..00000000 --- a/rabbitmq/config/plugin/install.sls +++ /dev/null @@ -1,26 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls ---- -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} - -include: - - {{ sls_service_running }} - - {%- if 'plugin' in rabbitmq and rabbitmq.plugin is mapping %} - {%- for name in rabbitmq.plugin %} - -rabbitmq-config-plugin-enabled-{{ name }}: - rabbitmq_plugin.enabled: - - name: {{ name }} - - runas: {{ rabbitmq.plugin[name]['runas'] }} - - watch_in: - - sls: {{ sls_service_running }} - cmd.run: - - name: locale - - onfail: - - rabbitmq_plugin: rabbitmq-config-plugin-enabled-{{ name }} - - {%- endfor %} - {%- endif %} diff --git a/rabbitmq/config/plugins/clean.sls b/rabbitmq/config/plugins/clean.sls new file mode 100644 index 00000000..f1030a3c --- /dev/null +++ b/rabbitmq/config/plugins/clean.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'plugins' in node and node.plugins is iterable and node.plugins is not string %} + {%- for plugin in node.plugins %} + +rabbitmq-config-plugins-disabled-{{ plugin }}: + cmd.run: + - name: /usr/sbin/rabbitmq-plugins --node {{ name }} disable {{ plugin }} + - onlyif: test -x /usr/sbin/rabbitmqctl + - runas: rabbitmq + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/policy/init.sls b/rabbitmq/config/plugins/init.sls similarity index 100% rename from rabbitmq/config/policy/init.sls rename to rabbitmq/config/plugins/init.sls diff --git a/rabbitmq/config/plugins/install.sls b/rabbitmq/config/plugins/install.sls new file mode 100644 index 00000000..56877801 --- /dev/null +++ b/rabbitmq/config/plugins/install.sls @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'plugins' in node and node.plugins is iterable and node.plugins is not string %} + {%- for plugin in node.plugins %} + +rabbitmq-config-plugins-enabled-{{ plugin }}: + cmd.run: + - name: /usr/sbin/rabbitmq-plugins --node {{ name }} enable {{ plugin }} + - runas: rabbitmq + - onlyif: test -x /usr/sbin/rabbitmqctl + - watch_in: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/policies/clean.sls b/rabbitmq/config/policies/clean.sls new file mode 100644 index 00000000..6b49136f --- /dev/null +++ b/rabbitmq/config/policies/clean.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'policies' in node and node.policies is mapping %} + {%- for policy, items in node.policies.items() %} + +rabbitmq-config-policies-absent-{{ policy }}: + cmd.run: + - name: /usr/sbin/rabbitmqctl --node {{ name }} clear_policy {{ policy }} {{ '' if 'args' not in items else items.args }} # noqa 204 + - runas: rabbitmq + - onlyif: test -x /usr/sbin/rabbitmqctl + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/queue/init.sls b/rabbitmq/config/policies/init.sls similarity index 100% rename from rabbitmq/config/queue/init.sls rename to rabbitmq/config/policies/init.sls diff --git a/rabbitmq/config/policies/install.sls b/rabbitmq/config/policies/install.sls new file mode 100644 index 00000000..936ebda9 --- /dev/null +++ b/rabbitmq/config/policies/install.sls @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'policies' in node and node.policies is mapping %} + {%- for policy, items in node.policies.items() %} + +rabbitmq-config-policies-present-{{ policy }}: + cmd.run: + - name: /usr/sbin/rabbitmqctl --node {{ name }} set_policy {{ policy }} "{{ items.pattern }}" '{{ items.definition }}' {{ '' if 'args' not in items else items.args }} # noqa 204 + - onlyif: test -x /usr/sbin/rabbitmqctl + - require: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/policy/clean.sls b/rabbitmq/config/policy/clean.sls deleted file mode 100644 index c052f0ed..00000000 --- a/rabbitmq/config/policy/clean.sls +++ /dev/null @@ -1,14 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} - - {% for name in rabbitmq.policy %} - -rabbitmq-config-policy-absent-{{ name }}: - rabbitmq_policy.absent: - - name: {{ name }} - - onlyif: test -x {{ rabbitmq.dir.base }}/bin/rabbitmq-env - - {% endfor %} diff --git a/rabbitmq/config/policy/install.sls b/rabbitmq/config/policy/install.sls deleted file mode 100644 index 4eaa67c8..00000000 --- a/rabbitmq/config/policy/install.sls +++ /dev/null @@ -1,21 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} - -include: - - {{ sls_service_running }} - - {% for name, policy in salt["pillar.get"]("rabbitmq:policy", {}).items() %} - -rabbitmq-config-policy-present-{{ name }}: - rabbitmq_policy.present: - {% for value in policy %} - - {{ value | json }} - {% endfor %} - - require: - - service: rabbitmq-service-running-service-running - - {% endfor %} diff --git a/rabbitmq/config/queue/clean.sls b/rabbitmq/config/queue/clean.sls deleted file mode 100644 index 99f65ce0..00000000 --- a/rabbitmq/config/queue/clean.sls +++ /dev/null @@ -1,13 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} - - {% for name, q in salt["pillar.get"]("rabbitmq:queue", {}).items() %} - -rabbitmq-config-queue-absent-{{ name }}: - cmd.run: - - name: /usr/local/sbin/rabbitmqadmin delete queue --vhost={{ q.vhost }} --username={{ q.user }} --password={{ q.passwd }} name={{ name }} # noqa 204 - - {% endfor %} diff --git a/rabbitmq/config/queue/install.sls b/rabbitmq/config/queue/install.sls deleted file mode 100644 index 8e64bc5a..00000000 --- a/rabbitmq/config/queue/install.sls +++ /dev/null @@ -1,19 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} - -include: - - {{ sls_service_running }} - - {% for name, q in salt["pillar.get"]("rabbitmq:queue", {}).items() %} - -rabbitmq-config-queue-present-{{ name }}: - cmd.run: - - name: /usr/local/sbin/rabbitmqadmin declare queue --vhost={{ q.vhost }} --username={{ q.user }} --password={{ q.passwd }} name={{ name }} durable={{ q.durable|to_bool|lower }} auto_delete={{ q.auto_delete|to_bool|lower }} # noqa 204 - - require: - - service: rabbitmq-service-running-service-running - - {% endfor %} diff --git a/rabbitmq/config/queues/clean.sls b/rabbitmq/config/queues/clean.sls new file mode 100644 index 00000000..26e89d85 --- /dev/null +++ b/rabbitmq/config/queues/clean.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'queues' in node and node.queues is mapping %} + {%- for queue, q in node.queues.items() %} + +rabbitmq-config-queues-disabled-{{ queue }}: + cmd.run: + - name: /usr/local/sbin/rabbitmqadmin --node {{ name }} delete queue --vhost={{ q.vhost }} --username={{ q.user }} --password={{ q.passwd }} name={{ queue }} # noqa 204 + - onlyif: test -x /usr/sbin/rabbitmqctl + - runas: rabbitmq + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/upstream/init.sls b/rabbitmq/config/queues/init.sls similarity index 100% rename from rabbitmq/config/upstream/init.sls rename to rabbitmq/config/queues/init.sls diff --git a/rabbitmq/config/queues/install.sls b/rabbitmq/config/queues/install.sls new file mode 100644 index 00000000..9089fe42 --- /dev/null +++ b/rabbitmq/config/queues/install.sls @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'queues' in node and node.queues is mapping %} + {%- for queue, q in node.queues.items() %} + +rabbitmq-config-queues-enabled-{{ queue }}: + cmd.run: + - name: /usr/local/sbin/rabbitmqadmin --node {{ name }} declare queue --vhost={{ q.vhost }} --username={{ q.user }} --password={{ q.passwd }} name={{ queue }} durable={{ q.durable|to_bool|lower }} auto_delete={{ q.auto_delete|to_bool|lower }} # noqa 204 + - onlyif: test -x /usr/sbin/rabbitmqctl + - runas: rabbitmq + - require: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/upstream/clean.sls b/rabbitmq/config/upstream/clean.sls deleted file mode 100644 index 29cd68c6..00000000 --- a/rabbitmq/config/upstream/clean.sls +++ /dev/null @@ -1,13 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} - - {% for name in rabbitmq.upstream %} - -rabbitmq-config-upstream-absent-{{ name }}: - rabbitmq_upstream.absent: - - name: {{ name }} - - {% endfor %} diff --git a/rabbitmq/config/upstream/install.sls b/rabbitmq/config/upstream/install.sls deleted file mode 100644 index ac560b5b..00000000 --- a/rabbitmq/config/upstream/install.sls +++ /dev/null @@ -1,21 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} - -include: - - {{ sls_service_running }} - - {% for name, upstream in salt["pillar.get"]("rabbitmq:upstream", {}).items() %} - -rabbitmq-config-upstream-present-{{ name }}: - rabbitmq_upstream.present: - {% for value in upstream %} - - {{ value | json }} - {% endfor %} - - require: - - service: rabbitmq-service-running-service-running - - {% endfor %} diff --git a/rabbitmq/config/upstreams/clean.sls b/rabbitmq/config/upstreams/clean.sls new file mode 100644 index 00000000..4855a254 --- /dev/null +++ b/rabbitmq/config/upstreams/clean.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'upstreams' in node and node.upstreams is mapping %} + {%- for upstream, items in node.upstreams.items() %} + +rabbitmq-config-upstreams-absent-{{ upstream }}: + rabbitmq_upstream.absent: + {% for v in items %} + - {{ v | json }} + {% endfor %} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/user/init.sls b/rabbitmq/config/upstreams/init.sls similarity index 100% rename from rabbitmq/config/user/init.sls rename to rabbitmq/config/upstreams/init.sls diff --git a/rabbitmq/config/upstreams/install.sls b/rabbitmq/config/upstreams/install.sls new file mode 100644 index 00000000..02b01b7a --- /dev/null +++ b/rabbitmq/config/upstreams/install.sls @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'upstreams' in node and node.upstreams is mapping %} + {%- for upstream, items in node.upstreams.items() %} + +rabbitmq-config-upstreams-present-{{ upstream }}: + rabbitmq_upstream.present: + {% for v in items %} + - {{ v | json }} + {% endfor %} + - require: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/user/clean.sls b/rabbitmq/config/user/clean.sls deleted file mode 100644 index 7612d77a..00000000 --- a/rabbitmq/config/user/clean.sls +++ /dev/null @@ -1,14 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} - - {% for name, user in salt["pillar.get"]("rabbitmq:user", {}).items() %} - -rabbitmq-config-user-absent-{{ name }}: - rabbitmq_user.absent: - - name: {{ name }} - - onlyif: test -x {{ rabbitmq.dir.base }}/bin/rabbitmq-env - - {% endfor %} diff --git a/rabbitmq/config/user/install.sls b/rabbitmq/config/user/install.sls deleted file mode 100644 index c37ac658..00000000 --- a/rabbitmq/config/user/install.sls +++ /dev/null @@ -1,32 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} -{%- set sls_config_vhost = tplroot ~ '.config.vhost.install' %} - -include: - - {{ sls_service_running }} - - {{ sls_config_vhost }} - - {% for name, user in salt["pillar.get"]("rabbitmq:user", {}).items() %} - -rabbitmq-config-user-present-{{ name }}: - rabbitmq_user.present: - - name: {{ name }} - {%- for item in user %} - - {{ item|json }} - {%- endfor %} - - require: - - sls: {{ sls_service_running }} - - sls: {{ sls_config_vhost }} - - {% endfor %} - {% if salt['pillar.get']('rabbitmq:remove_guest_user', True) %} - -rabbitmq-config-user-guest-absent: - rabbitmq_user.absent: - - name: guest - - {% endif %} diff --git a/rabbitmq/config/users/clean.sls b/rabbitmq/config/users/clean.sls new file mode 100644 index 00000000..f1426f16 --- /dev/null +++ b/rabbitmq/config/users/clean.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'users' in node and node.users is mapping %} + {%- for user, items in node.users.items() %} + +rabbitmq-config-users-deleted-{{ user }}: + cmd.run: + - name: /usr/sbin/rabbitmq --node {{ name }} delete_user {{ items.user }} |true + - onlyif: test -x /usr/sbin/rabbitmqctl + - runas: rabbitmq + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/vhost/init.sls b/rabbitmq/config/users/init.sls similarity index 100% rename from rabbitmq/config/vhost/init.sls rename to rabbitmq/config/users/init.sls diff --git a/rabbitmq/config/users/install.sls b/rabbitmq/config/users/install.sls new file mode 100644 index 00000000..bb98a703 --- /dev/null +++ b/rabbitmq/config/users/install.sls @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} +{%- set cmd = '/usr/sbin/rabbitmqctl' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'users' in node and node.users is mapping %} + {%- for user, items in node.users.items() %} + +rabbitmq-config-users-added-{{ user }}: + cmd.run: + - names: + - {{ cmd }} --node {{ name }} add_user {{ items.user }} {{ items.passwd }} |true + {%- if 'force' in items and items.force %} + - {{ cmd }} --node {{ name }} change_password {{ items.user }} {{ items.passwd }} + {%- endif %} + {%- if 'tags' in items and items.tags %} + - {{ cmd }} --node {{ name }} set_user_tags {{ items.user }} {{ items.tags|join(' ') }} # noqa 204 + {%- endif %} + {%- if 'perms' in items and items.perms %} + {%- for vhost, perms in items.perms.items() %} + - {{ cmd }} --node {{ name }} set_permissions -p {{ vhost }} {{ items.user }} {{ perms|join(' ') }} # noqa 204 + {%- endfor %} + {%- endif %} + - onlyif: test -x {{ cmd }} + - runas: rabbitmq + - require: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} + + {% if salt['pillar.get']('rabbitmq:remove_guest_user', True) %} + +rabbitmq-config-users-guest-absent: + rabbitmq_user.absent: + - name: guest + + {% endif %} diff --git a/rabbitmq/config/vhost/clean.sls b/rabbitmq/config/vhost/clean.sls deleted file mode 100644 index f4eb47b9..00000000 --- a/rabbitmq/config/vhost/clean.sls +++ /dev/null @@ -1,14 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} - - {% for name in rabbitmq.vhost %} - -rabbitmq-config-vhost-absent-{{ name }}: - rabbitmq_vhost.absent: - - name: {{ name }} - - onlyif: test -x {{ rabbitmq.dir.base }}/bin/rabbitmq-env - - {% endfor %} diff --git a/rabbitmq/config/vhost/install.sls b/rabbitmq/config/vhost/install.sls deleted file mode 100644 index 66b2d507..00000000 --- a/rabbitmq/config/vhost/install.sls +++ /dev/null @@ -1,19 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls - -{%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_service_running = tplroot ~ '.service.running' %} - -include: - - {{ sls_service_running }} - - {% for name in rabbitmq.vhost %} - -rabbitmq-config-vhost-present-{{ name }}: - rabbitmq_vhost.present: - - name: {{ name }} - - require: - - service: rabbitmq-service-running-service-running - - {% endfor %} diff --git a/rabbitmq/config/vhosts/clean.sls b/rabbitmq/config/vhosts/clean.sls new file mode 100644 index 00000000..288012d1 --- /dev/null +++ b/rabbitmq/config/vhosts/clean.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'vhosts' in node and node.vhosts is iterable and node.vhosts is not string %} + {%- for vhost in node.vhosts %} + +rabbitmq-config-vhosts-delete-{{ vhost }}: + cmd.run: + - name: /usr/sbin/rabbitmqctl --node {{ name }} delete_vhost {{ vhost }} + - onlyif: test -x /usr/sbin/rabbitmqctl + - runas: rabbitmq + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/config/vhosts/init.sls b/rabbitmq/config/vhosts/init.sls new file mode 100644 index 00000000..d3e55181 --- /dev/null +++ b/rabbitmq/config/vhosts/init.sls @@ -0,0 +1,5 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls + +include: + - .install diff --git a/rabbitmq/config/vhosts/install.sls b/rabbitmq/config/vhosts/install.sls new file mode 100644 index 00000000..42b23975 --- /dev/null +++ b/rabbitmq/config/vhosts/install.sls @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- set sls_service_running = tplroot ~ '.service.running' %} + +include: + - {{ sls_service_running }} + + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'vhosts' in node and node.vhosts is iterable and node.vhosts is not string %} + {%- for vhost in node.vhosts %} + +rabbitmq-config-vhosts-add-{{ vhost }}: + cmd.run: + - name: /usr/sbin/rabbitmqctl --node {{ name }} add_vhost {{ vhost }} + - onlyif: test -x /usr/sbin/rabbitmqctl + - runas: rabbitmq + - watch_in: + - sls: {{ sls_service_running }} + + {%- endfor %} + {%- endif %} + {%- endfor %} diff --git a/rabbitmq/files/default/systemd.ini.jinja b/rabbitmq/files/default/systemd.ini.jinja new file mode 100644 index 00000000..4958c154 --- /dev/null +++ b/rabbitmq/files/default/systemd.ini.jinja @@ -0,0 +1,50 @@ +######################################################### +# File managed by Salt. Changes risk being overwritten. +######################################################### +[Unit] +Description=RabbitMQ Broker {{ '' if name is not defined else name }} +Wants=network-online.target +After=syslog.target network.target + +[Service] +Type=notify +User=rabbitmq +Group=rabbitmq +UMask=0027 +NotifyAccess=all +TimeoutStartSec=600 +Environment="RABBITMQ_NODENAME={{ 'rabbit' if nodename is not defined else nodename }}" +Environment="RABBITMQ_NODE_PORT={{ '5672' if nodeport is not defined else nodeport }}" +Environment="RABBITMQ_SERVER_START_ARGS="{{ '' if start_args is not defined else start_args }}" +Environment="RABBITMQ_DIST_PORT={{ '25672' if distport is not defined else distport }}" +Environment="RABBITMQ_MNESIA_DIR={{ '/var/lib/rabbitmq' if mnesia_dir is not defined else mnesia_dir }}" + +# To override LimitNOFILE, create the following file: +# +# /etc/systemd/system/rabbitmq-server.service.d/limits.conf +# +# with the following content: +# +# [Service] +# LimitNOFILE=65536 + +LimitNOFILE=32768 + +# Note: systemd on CentOS 7 complains about in-line comments, +# so only append them here +# +# Restart: +# The following setting will automatically restart RabbitMQ +# in the event of a failure. systemd service restarts are not a +# replacement for service monitoring. Please see +# https://www.rabbitmq.com/monitoring.html +Restart=on-failure +RestartSec=10 +WorkingDirectory={{ '/var/lib/rabbitmq' if workdir is not defined else workdir }} +ExecStart=/usr/sbin/rabbitmq-server +ExecStop=/usr/sbin/rabbitmqctl shutdown +# See rabbitmq/rabbitmq-server-release#51 +SuccessExitStatus=69 + +[Install] +WantedBy=multi-user.target diff --git a/rabbitmq/parameters/defaults.yaml b/rabbitmq/parameters/defaults.yaml index 3b0bc70f..66e978dc 100644 --- a/rabbitmq/parameters/defaults.yaml +++ b/rabbitmq/parameters/defaults.yaml @@ -4,61 +4,60 @@ # Set default values. --- values: - cluster: - rabbit@locahost: + nodes: + default: + clustered: false user: rabbit # 'node' would make more sense here host: localhost # short hostname of node to join to, not fqdn - ram_node: None runas: rabbitmq - erlang_cookie: - name: /var/lib/rabbitmq/.erlang.cookie - value: shared-value-for-all-cluster-members + erlang_cookie: null + config: {} + # https://www.rabbitmq.com/ldap.html + # auth_backends.1: ldap + # auth_backends.2: internal + # auth_ldap.servers.1: ldap.eng.megacorp.local + # auth_ldap.servers.2: 192.168.0.100 + # auth_ldap.user_dn_pattern: cn=${username},ou=People,dc=example,dc=com + # auth_ldap.use_ssl: false + # auth_ldap.port: 389 + # auth_ldap.log: false + service: true + plugins: + - rabbitmq_management + - rabbitmq_federation + - rabbitmq_federation_management + # rabbitmq_auth_backend_ldap + vhosts: + - '/virtual/host' + users: {} + remove_guest_user: true + policy: + rabbitmq_policy: + - name: HA + - pattern: '.*' + - definition: '{"ha-mode": "all"}' + queues: {} + + environ: {} + pkg: name: rabbitmq-server # https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.14 use_upstream: repo # use upstream repo (if applicable) - deps: [] + deps: + - erlang-eldap + dir: base: /usr/lib/rabbitmq data: /var/lib/rabbitmq + config: /etc/rabbitmq cleanlist: - /usr/local/bin/rabbitmq-env - /usr/local/bin/rabbitmq-plugins - /var/run/rabbitmq - env: - name: /etc/rabbitmq/rabbitmq-env.conf - locale_all: null - context: - rabbitmq_mnesia_base: /var/lib/rabbitmq - RABBITMQ_BASE: /var/lib/rabbitmq - config: - context: {} - name: /etc/rabbitmq/rabbitmq.conf - # see rabbitmq.conf.example from rabbitmq-server github docs - service: - name: rabbitmq-server - enabled: true - running: true - plugin: - # http-based API for management, monitoring, browser ui, rabbitmqadm cli - # required by binding, exchange, and queue states - rabbitmq_management: - runas: root - rabbitmq_federation: - runas: root - policy: - rabbitmq_policy: - - name: HA - - pattern: '.*' - - definition: '{"ha-mode": "all"}' - vhost: - - '/virtual/host' rootgroup: root - # default guest user will be removed unless this is set to false - remove_guest_user: true - user: {} - + locale_all: null retry_option: # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states attempts: 0 diff --git a/rabbitmq/parameters/os_family/Debian.yaml b/rabbitmq/parameters/os_family/Debian.yaml index c05bc2da..28d9caf6 100644 --- a/rabbitmq/parameters/os_family/Debian.yaml +++ b/rabbitmq/parameters/os_family/Debian.yaml @@ -15,4 +15,5 @@ values: pkg: deps: - libtinfo5 + - erlang-eldap ... diff --git a/rabbitmq/parameters/osfinger/CentOS-6.yaml b/rabbitmq/parameters/osfinger/CentOS-7.yaml similarity index 91% rename from rabbitmq/parameters/osfinger/CentOS-6.yaml rename to rabbitmq/parameters/osfinger/CentOS-7.yaml index 808b8282..8ebe5d2f 100644 --- a/rabbitmq/parameters/osfinger/CentOS-6.yaml +++ b/rabbitmq/parameters/osfinger/CentOS-7.yaml @@ -11,5 +11,6 @@ # you can remove this file or provide at least an empty dict, e.g. # values: {} --- -values: {} +values: + locale_all: en_US.UTF-8 ... diff --git a/rabbitmq/service/clean.sls b/rabbitmq/service/clean.sls index 96188465..e2bf4124 100644 --- a/rabbitmq/service/clean.sls +++ b/rabbitmq/service/clean.sls @@ -1,17 +1,26 @@ # -*- coding: utf-8 -*- # vim: ft=sls - +--- {%- set tplroot = tpldir.split('/')[0] %} {%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} -{%- set sls_package_clean = tplroot ~ '.package.clean' %} -include: - - {{ sls_package_clean }} + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'service' in node and node.service %} -rabbitmq-service-clean-service-dead: +rabbitmq-service-dead-service-{{ name }}: service.dead: - - name: {{ rabbitmq.service.name }} + - name: rabbitmq-server-{{ name }} - enable: False - - sig: 'rabbit boot' - - require_in: - - sls: {{ sls_package_clean }} + file.absent: + - names: + - {{ rabbitmq.dir.service }}/rabbitmq-server-{{ name }}.service + - /etc/systemd/system/rabbitmq-server-{{ name }}.service.d/limits.conf + - watch_in: + - cmd: rabbitmq-service-dead-daemon-reload + + {%- endif %} + {%- endfor %} + +rabbitmq-service-dead-daemon-reload: + cmd.run: + - name: systemctl daemon-reload diff --git a/rabbitmq/service/running.sls b/rabbitmq/service/running.sls index 4d5e597f..88528396 100644 --- a/rabbitmq/service/running.sls +++ b/rabbitmq/service/running.sls @@ -3,25 +3,83 @@ --- {%- set tplroot = tpldir.split('/')[0] %} {%- set sls_config_file = tplroot ~ '.config.file.install' %} +{%- set sls_config_user = tplroot ~ '.config.user.install' %} {%- from tplroot ~ "/map.jinja" import mapdata as rabbitmq with context %} +{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} include: - {{ sls_config_file }} + - {{ sls_config_user }} -rabbitmq-service-running-service-running: + {%- for name, node in salt["pillar.get"]("rabbitmq:nodes", {}).items() %} + {%- if 'service' in node and node.service %} + +rabbitmq-service-running-directory-{{ name }}: file.directory: - - name: {{ rabbitmq.dir.data }} + - name: {{ rabbitmq.dir.data }}/{{ name }} - user: rabbitmq - group: rabbitmq + - makedirs: true - dir_mode: '0755' + +rabbitmq-service-running-managed-{{ name }}: + file.managed: + - name: {{ rabbitmq.dir.service }}/rabbitmq-server-{{ name }}.service + - source: {{ files_switch(['systemd.ini.jinja'], + lookup='rabbitmq-service-running-managed-' ~ name + ) + }} + - mode: '0644' + - user: rabbitmq + - group: {{ rabbitmq.rootgroup }} + - makedirs: True + - template: jinja + - context: + name: {{ name }} + workdir: {{ rabbitmq.dir.data }}/{{ name }} + nodeport: {{ null if 'nodeport' not in node else node.nodeport }} + distport: {{ null if 'distport' not in node else node.distport }} + nodename: {{ node.user }} + mnesia_dir: {{ rabbitmq.dir.data }}/{{ name }} + - watch_in: + - cmd: rabbitmq-service-running-daemon-reload + + {%- if grains.os_family == 'RedHat' %} + +rabbitmq-service-running-managed-{{ name }}-limits: + file.managed: + - name: /etc/systemd/system/rabbitmq-server-{{ name }}.service.d/limits.conf + - user: root + - group: root + - makedirs: true + - contents: + - [Service] + - LimitNOFILE=infinity + - TimeoutSec=150 + - require_in: + - service: rabbitmq-service-running-service-running-{{ name }} + + {%- endif %} + +rabbitmq-service-running-service-running-{{ name }}: service.running: - - name: {{ rabbitmq.service.name }} + - name: rabbitmq-server-{{ name }} - retry: {{ rabbitmq.retry_option|json }} - enable: True - watch: - sls: {{ sls_config_file }} - onfail_in: - - cmd: rabbitmq-service-running-service-running + - cmd: rabbitmq-service-running-service-running-{{ name }} + - require: + - file: rabbitmq-service-running-directory-{{ name }} + - file: rabbitmq-service-running-managed-{{ name }} cmd.run: - names: - journalctl -xe -u {{ rabbitmq.service.name }} || true + + {%- endif %} + {%- endfor %} + +rabbitmq-service-running-daemon-reload: + cmd.run: + - name: systemctl daemon-reload