Refactor usage of RabbitMQ resources

This patch refactors all creation of RabbitMQ resources such
as users and ACLs to a define called openstack_integration::mq_user.

This will make sure RabbitMQ is automatically installed as well,
as there are times where dependencies to RabbitMQ are added to things
like Keystone which break Beaker tests in other repos (but we don't
know they're broken until the change merges).

In addition, instead of setting up dependencies on the tagged services,
we use the anchors provided which should hopefully test against them
as well.

Change-Id: Ib122ddd105529de5e12389cc9db2e4e09ec4ad54

manifests/aodh.pp

@@ -3,26 +3,9 @@ class openstack_integration::aodh {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'aodh':
+  openstack_integration::mq_user { 'aodh':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['aodh::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'aodh@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'aodh':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/barbican.pp

@@ -3,27 +3,9 @@ class openstack_integration::barbican {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'barbican':
+  openstack_integration::mq_user { 'barbican':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['barbican::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'barbican@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-  Rabbitmq_user_permissions['barbican@/'] -> Service<| tag == 'barbican-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'barbican':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/ceilometer.pp

@@ -12,26 +12,9 @@ class openstack_integration::ceilometer (
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'ceilometer':
+  openstack_integration::mq_user { 'ceilometer':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['ceilometer::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'ceilometer@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'ceilometer':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/cinder.pp

@@ -22,26 +22,9 @@ class openstack_integration::cinder (
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'cinder':
+  openstack_integration::mq_user { 'cinder':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['cinder::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'cinder@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'cinder':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/designate.pp

@@ -7,21 +7,10 @@ class openstack_integration::designate {
   include ::openstack_integration::params
   include ::openstack_integration::bind
 
-  rabbitmq_user { 'designate':
+  openstack_integration::mq_user { 'designate':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['designate::service::begin'],
-    require  => Class['::rabbitmq'],
   }
-  rabbitmq_user_permissions { 'designate@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  Rabbitmq_user_permissions['designate@/'] -> Service<| tag == 'designate-service' |>
 
   class { '::designate::db::mysql':
     password => 'designate',

manifests/glance.pp

@@ -25,26 +25,9 @@ class openstack_integration::glance (
     $crt_file  = undef
   }
 
-  rabbitmq_user { 'glance':
+  openstack_integration::mq_user { 'glance':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['glance::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'glance@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'glance':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   class { '::glance::db::mysql':

manifests/heat.pp

@@ -3,27 +3,9 @@ class openstack_integration::heat {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'heat':
+  openstack_integration::mq_user { 'heat':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['heat::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'heat@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-  Rabbitmq_user_permissions['heat@/'] -> Service<| tag == 'heat-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'heat':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/ironic.pp

@@ -11,29 +11,9 @@ class openstack_integration::ironic {
     Exec['update-ca-certificates'] ~> Service['httpd']
   }
 
-  rabbitmq_user { 'ironic':
+  openstack_integration::mq_user { 'ironic':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['ironic::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'ironic@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  # https://bugs.launchpad.net/ironic/+bug/1564075
-  Rabbitmq_user_permissions['ironic@/'] -> Service<| tag == 'ironic-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'ironic':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   class { '::ironic':

manifests/keystone.pp

@@ -30,27 +30,9 @@ class openstack_integration::keystone (
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'keystone':
+  openstack_integration::mq_user { 'keystone':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['keystone::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'keystone@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-  Rabbitmq_user_permissions['keystone@/'] -> Service<| tag == 'keystone-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'keystone':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/mistral.pp

@@ -3,28 +3,9 @@ class openstack_integration::mistral {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'mistral':
+  openstack_integration::mq_user { 'mistral':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['mistral::service::begin'],
-    require  => Class['rabbitmq'],
-  }
-
-  rabbitmq_user_permissions { 'mistral@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['rabbitmq'],
-  }
-  Rabbitmq_user_permissions['mistral@/'] -> Service<| tag == 'mistral-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'mistral':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::osfamily == 'RedHat' {

manifests/mq_user.pp

@@ -0,0 +1,46 @@
+# Create a message queue user for a service
+#
+# [*password*]
+#   The password for the message queue account
+#
+# [*admin*]
+#   (optional) If the acconut is an admin account
+#   Defaults to true
+#
+# [*vhost*]
+#   The virtual host assigned to the user
+#   Defaults to /
+#
+define openstack_integration::mq_user (
+  $password,
+  $admin = true,
+  $vhost = '/',
+) {
+  include ::openstack_integration::config
+  include ::openstack_integration::rabbitmq
+
+  rabbitmq_user { $name:
+    admin    => $admin,
+    password => $password,
+    provider => 'rabbitmqctl',
+    require  => Class['::rabbitmq'],
+  }
+
+  rabbitmq_user_permissions { "${name}@${vhost}":
+    configure_permission => '.*',
+    write_permission     => '.*',
+    read_permission      => '.*',
+    provider             => 'rabbitmqctl',
+    require              => Class['::rabbitmq'],
+  }
+
+  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
+    include ::openstack_integration::qdr
+
+    qdr_user { $name:
+      password => $password,
+      provider => 'sasl',
+      require  => Class['::qdr'],
+    }
+  }
+}

manifests/neutron.pp

@@ -31,27 +31,9 @@ class openstack_integration::neutron (
     Exec['update-ca-certificates'] ~> Service['neutron-server']
   }
 
-  rabbitmq_user { 'neutron':
+  openstack_integration::mq_user { 'neutron':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['neutron::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'neutron@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-  Rabbitmq_user_permissions['neutron@/'] -> Service<| tag == 'neutron-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'neutron':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   case $driver {

manifests/nova.pp

@@ -52,27 +52,9 @@ class openstack_integration::nova (
     'password'  => 'an_even_bigger_secret',
   })
 
-  rabbitmq_user { 'nova':
+  openstack_integration::mq_user { 'nova':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['nova::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'nova@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-  Rabbitmq_user_permissions['nova@/'] -> Service<| tag == 'nova-service' |>
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'nova':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   class { '::nova::db::mysql':

manifests/sahara.pp

@@ -3,26 +3,9 @@ class openstack_integration::sahara {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'sahara':
+  openstack_integration::mq_user { 'sahara':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['sahara::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'sahara@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'sahara':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   class { '::sahara::db::mysql':

manifests/trove.pp

@@ -3,26 +3,9 @@ class openstack_integration::trove {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'trove':
+  openstack_integration::mq_user { 'trove':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['trove::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'trove@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'trove':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/vitrage.pp

@@ -3,26 +3,9 @@ class openstack_integration::vitrage {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'vitrage':
+  openstack_integration::mq_user { 'vitrage':
-    admin    => true,
     password => 'an_even_bigger_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['vitrage::service::begin'],
-    require  => Class['::rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'vitrage@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['::rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'vitrage':
-      password => 'an_even_bigger_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {

manifests/watcher.pp

@@ -3,26 +3,9 @@ class openstack_integration::watcher {
   include ::openstack_integration::config
   include ::openstack_integration::params
 
-  rabbitmq_user { 'watcher':
+  openstack_integration::mq_user { 'watcher':
-    admin    => true,
     password => 'my_secret',
-    provider => 'rabbitmqctl',
+    before   => Anchor['watcher::service::begin'],
-    require  => Class['rabbitmq'],
-  }
-  rabbitmq_user_permissions { 'watcher@/':
-    configure_permission => '.*',
-    write_permission     => '.*',
-    read_permission      => '.*',
-    provider             => 'rabbitmqctl',
-    require              => Class['rabbitmq'],
-  }
-
-  if $::openstack_integration::config::messaging_default_proto == 'amqp' {
-    qdr_user { 'watcher':
-      password => 'my_secret',
-      provider => 'sasl',
-      require  => Class['::qdr'],
-    }
   }
 
   if $::openstack_integration::config::ssl {