diff --git a/manifests/aodh.pp b/manifests/aodh.pp index e6af0efe6..bd84e3fd2 100644 --- a/manifests/aodh.pp +++ b/manifests/aodh.pp @@ -3,26 +3,9 @@ class openstack_integration::aodh { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'aodh': - admin => true, + openstack_integration::mq_user { 'aodh': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'aodh@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'aodh': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['aodh::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/barbican.pp b/manifests/barbican.pp index 3f52baed3..51a89e5a7 100644 --- a/manifests/barbican.pp +++ b/manifests/barbican.pp @@ -3,27 +3,9 @@ class openstack_integration::barbican { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'barbican': - admin => true, + openstack_integration::mq_user { 'barbican': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'barbican@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - Rabbitmq_user_permissions['barbican@/'] -> Service<| tag == 'barbican-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'barbican': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['barbican::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/ceilometer.pp b/manifests/ceilometer.pp index 04d12b3fc..01d458c24 100644 --- a/manifests/ceilometer.pp +++ b/manifests/ceilometer.pp @@ -12,26 +12,9 @@ class openstack_integration::ceilometer ( include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'ceilometer': - admin => true, + openstack_integration::mq_user { 'ceilometer': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'ceilometer@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'ceilometer': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['ceilometer::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/cinder.pp b/manifests/cinder.pp index bf9c6b2a5..e028a341c 100644 --- a/manifests/cinder.pp +++ b/manifests/cinder.pp @@ -22,26 +22,9 @@ class openstack_integration::cinder ( include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'cinder': - admin => true, + openstack_integration::mq_user { 'cinder': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'cinder@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'cinder': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['cinder::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/designate.pp b/manifests/designate.pp index 595fd6e13..82aa914f1 100644 --- a/manifests/designate.pp +++ b/manifests/designate.pp @@ -7,21 +7,10 @@ class openstack_integration::designate { include ::openstack_integration::params include ::openstack_integration::bind - rabbitmq_user { 'designate': - admin => true, + openstack_integration::mq_user { 'designate': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], + before => Anchor['designate::service::begin'], } - rabbitmq_user_permissions { 'designate@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - Rabbitmq_user_permissions['designate@/'] -> Service<| tag == 'designate-service' |> class { '::designate::db::mysql': password => 'designate', diff --git a/manifests/glance.pp b/manifests/glance.pp index 90d5109bc..9772ddcbc 100644 --- a/manifests/glance.pp +++ b/manifests/glance.pp @@ -25,26 +25,9 @@ class openstack_integration::glance ( $crt_file = undef } - rabbitmq_user { 'glance': - admin => true, + openstack_integration::mq_user { 'glance': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'glance@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'glance': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['glance::service::begin'], } class { '::glance::db::mysql': diff --git a/manifests/heat.pp b/manifests/heat.pp index 758a66636..fe40977ef 100644 --- a/manifests/heat.pp +++ b/manifests/heat.pp @@ -3,27 +3,9 @@ class openstack_integration::heat { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'heat': - admin => true, + openstack_integration::mq_user { 'heat': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'heat@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - Rabbitmq_user_permissions['heat@/'] -> Service<| tag == 'heat-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'heat': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['heat::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/ironic.pp b/manifests/ironic.pp index f868f2f63..79c7e86e0 100644 --- a/manifests/ironic.pp +++ b/manifests/ironic.pp @@ -11,29 +11,9 @@ class openstack_integration::ironic { Exec['update-ca-certificates'] ~> Service['httpd'] } - rabbitmq_user { 'ironic': - admin => true, + openstack_integration::mq_user { 'ironic': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'ironic@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - # https://bugs.launchpad.net/ironic/+bug/1564075 - Rabbitmq_user_permissions['ironic@/'] -> Service<| tag == 'ironic-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'ironic': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['ironic::service::begin'], } class { '::ironic': diff --git a/manifests/keystone.pp b/manifests/keystone.pp index e0ea544df..6a99d896f 100644 --- a/manifests/keystone.pp +++ b/manifests/keystone.pp @@ -30,27 +30,9 @@ class openstack_integration::keystone ( include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'keystone': - admin => true, + openstack_integration::mq_user { 'keystone': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'keystone@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - Rabbitmq_user_permissions['keystone@/'] -> Service<| tag == 'keystone-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'keystone': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['keystone::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/mistral.pp b/manifests/mistral.pp index cf6bdcf82..eb7046854 100644 --- a/manifests/mistral.pp +++ b/manifests/mistral.pp @@ -3,28 +3,9 @@ class openstack_integration::mistral { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'mistral': - admin => true, + openstack_integration::mq_user { 'mistral': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['rabbitmq'], - } - - rabbitmq_user_permissions { 'mistral@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['rabbitmq'], - } - Rabbitmq_user_permissions['mistral@/'] -> Service<| tag == 'mistral-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'mistral': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['mistral::service::begin'], } if $::osfamily == 'RedHat' { diff --git a/manifests/mq_user.pp b/manifests/mq_user.pp new file mode 100644 index 000000000..0064cfe4d --- /dev/null +++ b/manifests/mq_user.pp @@ -0,0 +1,46 @@ +# Create a message queue user for a service +# +# [*password*] +# The password for the message queue account +# +# [*admin*] +# (optional) If the acconut is an admin account +# Defaults to true +# +# [*vhost*] +# The virtual host assigned to the user +# Defaults to / +# +define openstack_integration::mq_user ( + $password, + $admin = true, + $vhost = '/', +) { + include ::openstack_integration::config + include ::openstack_integration::rabbitmq + + rabbitmq_user { $name: + admin => $admin, + password => $password, + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + rabbitmq_user_permissions { "${name}@${vhost}": + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + include ::openstack_integration::qdr + + qdr_user { $name: + password => $password, + provider => 'sasl', + require => Class['::qdr'], + } + } +} \ No newline at end of file diff --git a/manifests/neutron.pp b/manifests/neutron.pp index 9fee7fadc..cf1817c6c 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -31,27 +31,9 @@ class openstack_integration::neutron ( Exec['update-ca-certificates'] ~> Service['neutron-server'] } - rabbitmq_user { 'neutron': - admin => true, + openstack_integration::mq_user { 'neutron': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'neutron@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - Rabbitmq_user_permissions['neutron@/'] -> Service<| tag == 'neutron-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'neutron': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['neutron::service::begin'], } case $driver { diff --git a/manifests/nova.pp b/manifests/nova.pp index bbfcccd5b..8583b004c 100644 --- a/manifests/nova.pp +++ b/manifests/nova.pp @@ -52,27 +52,9 @@ class openstack_integration::nova ( 'password' => 'an_even_bigger_secret', }) - rabbitmq_user { 'nova': - admin => true, + openstack_integration::mq_user { 'nova': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'nova@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - Rabbitmq_user_permissions['nova@/'] -> Service<| tag == 'nova-service' |> - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'nova': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['nova::service::begin'], } class { '::nova::db::mysql': diff --git a/manifests/sahara.pp b/manifests/sahara.pp index d15e18ffc..c17d37527 100644 --- a/manifests/sahara.pp +++ b/manifests/sahara.pp @@ -3,26 +3,9 @@ class openstack_integration::sahara { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'sahara': - admin => true, + openstack_integration::mq_user { 'sahara': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'sahara@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'sahara': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['sahara::service::begin'], } class { '::sahara::db::mysql': diff --git a/manifests/trove.pp b/manifests/trove.pp index 62752f51c..34704568e 100644 --- a/manifests/trove.pp +++ b/manifests/trove.pp @@ -3,26 +3,9 @@ class openstack_integration::trove { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'trove': - admin => true, + openstack_integration::mq_user { 'trove': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'trove@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'trove': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['trove::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/vitrage.pp b/manifests/vitrage.pp index 6cd8687a7..640e83084 100644 --- a/manifests/vitrage.pp +++ b/manifests/vitrage.pp @@ -3,26 +3,9 @@ class openstack_integration::vitrage { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'vitrage': - admin => true, + openstack_integration::mq_user { 'vitrage': password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - rabbitmq_user_permissions { 'vitrage@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'vitrage': - password => 'an_even_bigger_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['vitrage::service::begin'], } if $::openstack_integration::config::ssl { diff --git a/manifests/watcher.pp b/manifests/watcher.pp index 2c803e10f..d0dab34c1 100644 --- a/manifests/watcher.pp +++ b/manifests/watcher.pp @@ -3,26 +3,9 @@ class openstack_integration::watcher { include ::openstack_integration::config include ::openstack_integration::params - rabbitmq_user { 'watcher': - admin => true, + openstack_integration::mq_user { 'watcher': password => 'my_secret', - provider => 'rabbitmqctl', - require => Class['rabbitmq'], - } - rabbitmq_user_permissions { 'watcher@/': - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['rabbitmq'], - } - - if $::openstack_integration::config::messaging_default_proto == 'amqp' { - qdr_user { 'watcher': - password => 'my_secret', - provider => 'sasl', - require => Class['::qdr'], - } + before => Anchor['watcher::service::begin'], } if $::openstack_integration::config::ssl {