Merge "Bind rabbitmq, epmd, and management plugin to internal IP"

deployment/puppet/nailgun/examples/rabbitmq-only.pp

@@ -17,6 +17,12 @@ $mco_password = $::fuel_settings['mcollective']['password']
 $mco_vhost = "mcollective"
 $stomp = false
 
+if $production == 'docker-build' {
+  $bind_ip = '127.0.0.1'
+} else {
+  $bind_ip = $::fuel_settings['ADMIN_NETWORK']['ipaddress']
+}
+
 $thread_pool_calc = min(100,max(12*$physicalprocessorcount,30))
 
 class {'docker::container': }
@@ -43,12 +49,15 @@ class { 'nailgun::rabbitmq':
   production      => $production,
   astute_user     => $rabbitmq_astute_user,
   astute_password => $rabbitmq_astute_password,
+  bind_ip         => $bind_ip,
   mco_user        => $mco_user,
   mco_password    => $mco_password,
   mco_vhost       => $mco_vhost,
   stomp           => $stomp,
   env_config      => {
     'RABBITMQ_SERVER_ERL_ARGS' => "+K true +A${thread_pool_calc} +P 1048576",
+    'ERL_EPMD_ADDRESS'         => $bind_ip,
     'NODENAME'                 => "rabbit@${::hostname}",
   },
 }
+

deployment/puppet/nailgun/manifests/rabbitmq.pp

@@ -2,13 +2,13 @@ class nailgun::rabbitmq (
   $production      = 'prod',
   $astute_password = 'astute',
   $astute_user     = 'astute',
+  $bind_ip         = '127.0.0.1',
   $mco_user        = 'mcollective',
   $mco_password    = 'marionette',
   $mco_vhost       = 'mcollective',
   $stomp           = false,
   $management_port = '15672',
   $stompport       = '61613',
-  $rabbitmq_host   = 'localhost',
   $env_config      = {},
 ) {
 
@@ -79,7 +79,7 @@ class nailgun::rabbitmq (
 
     command   => "curl -L -i -u ${mco_user}:${mco_password} -H   \"content-type:application/json\" -XPUT \
       -d'{\"type\":\"direct\",\"durable\":true}'\
-      http://localhost:${management_port}/api/exchanges/${actual_vhost}/mcollective_directed",
+      http://${bind_ip}:${management_port}/api/exchanges/${actual_vhost}/mcollective_directed",
     logoutput => true,
     require   => [
                  Service['rabbitmq-server'],
@@ -93,7 +93,7 @@ class nailgun::rabbitmq (
   exec { 'create-mcollective-broadcast-exchange':
     command   => "curl -L -i -u ${mco_user}:${mco_password} -H \"content-type:application/json\" -XPUT \
       -d'{\"type\":\"topic\",\"durable\":true}'\
-      http://localhost:${management_port}/api/exchanges/${actual_vhost}/mcollective_broadcast",
+      http://${bind_ip}:${management_port}/api/exchanges/${actual_vhost}/mcollective_broadcast",
     logoutput => true,
     require   => [Service['rabbitmq-server'],
   Rabbitmq_user_permissions["${mco_user}@${actual_vhost}"]],
@@ -114,6 +114,8 @@ class nailgun::rabbitmq (
       {keepalive, true}
     ]'
 
+  $rabbitmq_management_variables = {'listener' => "[{port, 15672}, {ip, \"${bind_ip}\"}]"}
+
   # NOTE(bogdando) requires rabbitmq module >=4.0
   class { '::rabbitmq':
     repos_ensure            => false,
@@ -127,7 +129,7 @@ class nailgun::rabbitmq (
     config_stomp            => true,
     stomp_port              => $stompport,
     ssl                     => false,
-    node_ip_address         => 'UNSET',
+    node_ip_address         => $bind_ip,
     config_kernel_variables => {
      'inet_dist_listen_min'         => '41055',
      'inet_dist_listen_max'         => '41055',
@@ -139,6 +141,8 @@ class nailgun::rabbitmq (
       'default_permissions'         => '[<<".*">>, <<".*">>, <<".*">>]',
       'tcp_listen_options'          => $rabbit_tcp_listen_options,
     },
+
+    config_rabbitmq_management_variables => $rabbitmq_management_variables,
   }
 
   Anchor['nailgun::rabbitmq start'] ->
@@ -146,3 +150,4 @@ class nailgun::rabbitmq (
   Anchor['nailgun::rabbitmq end']
 
 }
+

deployment/puppet/osnailyfacter/modular/rabbitmq/rabbitmq.pp

@@ -46,6 +46,14 @@ if $queue_provider == 'rabbitmq' {
   $cluster_partition_handling   = hiera('rabbit_cluster_partition_handling', 'autoheal')
   $mnesia_table_loading_timeout = hiera('mnesia_table_loading_timeout', '10000')
   $rabbitmq_bind_ip_address     = pick(get_network_role_property('mgmt/messaging', 'ipaddr'), 'UNSET')
+  $management_bind_ip_address   = hiera('management_bind_ip_address', '127.0.0.1')
+
+  # NOTE(mattymo) UNSET is a puppet ref, but would break real configs
+  if $rabbitmq_bind_ip_address == 'UNSET' {
+    $epmd_bind_ip_address = '0.0.0.0'
+  } else {
+    $epmd_bind_ip_address = $rabbitmq_bind_ip_address
+  }
 
   # NOTE(bogdando) not a hash. Keep an indentation as is
   $rabbit_tcp_listen_options    = hiera('rabbit_tcp_listen_options',
@@ -81,7 +89,8 @@ if $queue_provider == 'rabbitmq' {
   )
   $config_rabbitmq_management_variables = hiera('rabbit_config_management_variables',
     {
-      'rates_mode' => 'none'
+      'rates_mode' => 'none',
+      'listener'   => "[{port, 15672}, {ip,\"${management_bind_ip_address}\"}]",
     }
   )
 
@@ -95,6 +104,7 @@ if $queue_provider == 'rabbitmq' {
   $environment_variables = hiera('rabbit_environment_variables',
     {
       'SERVER_ERL_ARGS'     => "\"+K true +A${thread_pool_calc} +P 1048576\"",
+      'ERL_EPMD_ADDRESS'    => $epmd_bind_ip_address,
       'PID_FILE'            => $rabbit_pid_file,
     }
   )
@@ -149,6 +159,7 @@ if $queue_provider == 'rabbitmq' {
         erlang_cookie   => $erlang_cookie,
         admin_user      => $rabbit_hash['user'],
         admin_pass      => $rabbit_hash['password'],
+        host_ip         => $rabbitmq_bind_ip_address,
         before          => Class['nova::rabbitmq'],
       }
     }

deployment/puppet/pacemaker_wrappers/manifests/rabbitmq.pp

@@ -20,6 +20,11 @@
 #   Integer. The port for rabbitmq to listen on.
 #   Defaults to $::rabbitmq::port
 #
+# [*host_ip*]
+#   String. A string used for OCF script to collect
+#   RabbitMQ statistics
+#   Defaults to '127.0.0.1'
+#
 # [*debug*]
 #   Boolean. Flag to enable or disable debug logging.
 #   Defaults to false;
@@ -49,6 +54,7 @@ class pacemaker_wrappers::rabbitmq (
   $primitive_type     = 'rabbitmq-server',
   $service_name       = $::rabbitmq::service_name,
   $port               = $::rabbitmq::port,
+  $host_ip            = '127.0.0.1',
   $debug              = false,
   $ocf_script_file    = 'cluster/ocf/rabbitmq',
   $command_timeout    = '',
@@ -57,7 +63,14 @@ class pacemaker_wrappers::rabbitmq (
   $admin_pass         = undef,
 ) inherits ::rabbitmq::service {
 
+  if $host_ip == 'UNSET' or $host_ip == '0.0.0.0' {
+    $real_host_ip = '127.0.0.1'
+  } else {
+    $real_host_ip = $host_ip
+  }
+
   $parameters      = {
+    'host_ip'         => $real_host_ip,
     'node_port'       => $port,
     'debug'           => $debug,
     'command_timeout' => $command_timeout,

files/fuel-ha-utils/ocf/rabbitmq

@@ -36,6 +36,7 @@ OCF_RESKEY_definitions_dump_file_default="/etc/rabbitmq/definitions"
 OCF_RESKEY_pid_file_default="/var/run/rabbitmq/pid"
 OCF_RESKEY_log_dir_default="/var/log/rabbitmq"
 OCF_RESKEY_mnesia_base_default="/var/lib/rabbitmq/mnesia"
+OCF_RESKEY_host_ip_default="127.0.0.1"
 OCF_RESKEY_node_port_default=5672
 OCF_RESKEY_erlang_cookie_default=false
 OCF_RESKEY_erlang_cookie_file_default="/var/lib/rabbitmq/.erlang.cookie"
@@ -217,6 +218,14 @@ Base directory for storing Mnesia files
 <content type="boolean" default="${OCF_RESKEY_mnesia_base_default}" />
 </parameter>
 
+<parameter name="host_ip" unique="0" required="0">
+<longdesc lang="en">
+${OCF_RESKEY_binary} should listen on this IP address
+</longdesc>
+<shortdesc lang="en">${OCF_RESKEY_binary} should listen on this IP address</shortdesc>
+<content type="boolean" default="${OCF_RESKEY_host_ip_default}" />
+</parameter>
+
 <parameter name="node_port" unique="0" required="0">
 <longdesc lang="en">
 ${OCF_RESKEY_binary} should listen on this port
@@ -1606,7 +1615,7 @@ action_notify() {
                     ocf_log info "${LH} post-start end."
                     if [ -s "${OCF_RESKEY_definitions_dump_file}" ] ; then
                         ocf_log info "File ${OCF_RESKEY_definitions_dump_file} exists"
-                        ocf_run  curl -X POST -u $OCF_RESKEY_admin_user:$OCF_RESKEY_admin_password 127.0.0.1:15672/api/definitions --header "Content-Type:application/json" -d @$OCF_RESKEY_definitions_dump_file
+                        ocf_run  curl -X POST -u $OCF_RESKEY_admin_user:$OCF_RESKEY_admin_password $OCF_RESKEY_host_ip:15672/api/definitions --header "Content-Type:application/json" -d @$OCF_RESKEY_definitions_dump_file
                         rc=$?
                         if [ $rc -eq $OCF_SUCCESS ] ; then
                             ocf_log info "RMQ definitions have imported succesfully."

tests/noop/spec/hosts/rabbitmq/rabbitmq_spec.rb

@@ -10,6 +10,12 @@ describe manifest do
       expect(environment_variables['SERVER_ERL_ARGS']).to eq '"+K true +A48 +P 1048576"'
     end
 
+    it 'has correct ERL_EPMD_ADDRESS in environment_variables' do
+      environment_variables = Noop.resource_parameter_value self, 'class', 'rabbitmq', 'environment_variables'
+      node_ip_address = Noop.puppet_function 'get_network_role_property', 'mgmt/messaging', 'ipaddr'
+      expect(environment_variables['ERL_EPMD_ADDRESS']).to eq node_ip_address
+    end
+
     # LP#1477595
     it "should contain rabbitmq correct log levels" do
       debug = Noop.hiera('debug', false)
@@ -28,8 +34,11 @@ describe manifest do
       debug = Noop.hiera('debug', false)
       collect_statistics_interval = '[{collect_statistics_interval,30000}]'
       rates_mode = '[{rates_mode, none}]'
+      node_ip_address = Noop.puppet_function 'get_network_role_property', 'mgmt/messaging', 'ipaddr'
+      listener = "[{port, 15672}, {ip,\"#{node_ip_address}\"}]"
       should contain_class('rabbitmq').with_config_variables(/#{collect_statistics_interval}/)
       should contain_class('rabbitmq').with_config_rabbitmq_management_variables(/#{rates_mode}/)
+      should contain_class('rabbitmq').with_config_rabbitmq_management_variables(/#{listener}/)
     end
 
     # Partial LP#1493520