[manual] puppet: Make RabbitMQ and epmd only listen on localhost

To apply this change, we must not only do a puppet apply, but also restart rabbitmq and epmd. Rabbitmq is easy to restart, but epmd is a little more annoying. epmd is run as a side effect of starting up rabbitmq-server, but is not stopped when rabbitmq-server is stopped. Therefore, the correct procedure is to stop rabbitmq-server, kill epmd (by running `epmd -kill`), and then start rabbitmq-server again. (imported from commit a651e5363a8b9a04b713c31baef379c566d5dbfc)
2013-10-23 17:17:12 -04:00 · 2013-10-23 17:17:12 -04:00 · c97278ee8f
parent 196706cc64
commit c97278ee8f
3 changed files with 33 additions and 0 deletions
--- a/servers/puppet/modules/zulip/files/rabbitmq/rabbitmq-server
+++ b/servers/puppet/modules/zulip/files/rabbitmq/rabbitmq-server
@ -0,0 +1,11 @@
+# This file is sourced by /etc/init.d/rabbitmq-server. Its primary
+# reason for existing is to allow adjustment of system limits for the
+# rabbitmq-server process.
+#
+# Maximum number of open file handles. This will need to be increased
+# to handle many simultaneous connections. Refer to the system
+# documentation for ulimit (in man bash) for more information.
+#
+#ulimit -n 1024
+
+export ERL_EPMD_ADDRESS=127.0.0.1
--- a/servers/puppet/modules/zulip/files/rabbitmq/rabbitmq.config
+++ b/servers/puppet/modules/zulip/files/rabbitmq/rabbitmq.config
@ -0,0 +1,4 @@
+[{kernel, [{inet_dist_use_interface, {127,0,0,1}}]},
+ {rabbit, [{tcp_listeners, [{"127.0.0.1", 5672}]}]},
+ {rabbitmq_mochiweb, [{listeners, [{mgmt, [{ip, "127.0.0.1"},
+                                           {port, 55672}]}]}]}].
--- a/servers/puppet/modules/zulip/manifests/rabbit.pp
+++ b/servers/puppet/modules/zulip/manifests/rabbit.pp
@ -19,5 +19,23 @@ class zulip::rabbit {
    source => "puppet:///modules/zulip/cron.d/rabbitmq-numconsumers",
  }

+  file { "/etc/default/rabbitmq-server":
+    require => Package[rabbitmq-server],
+    ensure => file,
+    owner  => "root",
+    group  => "root",
+    mode => 644,
+    source => "puppet:///modules/zulip/rabbitmq/rabbitmq-server",
+  } 
+
+  file { "/etc/rabbitmq/rabbitmq.config":
+    require => Package[rabbitmq-server],
+    ensure => file,
+    owner  => "root",
+    group  => "root",
+    mode => 644,
+    source => "puppet:///modules/zulip/rabbitmq/rabbitmq.config",
+  }
+
  # TODO: Should also call exactly once "servers/configure-rabbitmq"
 }