Page MenuHomeDevCentral

D2353.diff
No OneTemporary

D2353.diff

diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -8,6 +8,7 @@
docker_aliases:
- &ipv4_docker001 51.255.124.9
+ - &ipv4_docker001_restricted 51.255.124.9
# -------------------------------------------------------------
# Images
@@ -25,7 +26,6 @@
dwellers:
# Core services
- nasqueron/mysql:5.7
- - nasqueron/rabbitmq
# Infrastructure and development services
- nasqueron/notifications
@@ -36,6 +36,7 @@
- library/redis:3.2-alpine
- library/registry
- nasqueron/mysql
+ - nasqueron/rabbitmq
# ACME DNS server
- joohoi/acme-dns
@@ -203,6 +204,12 @@
sentry_db:
credential: nasqueron.sentry.postgresql
+ rabbitmq:
+ white-rabbit:
+ ip: *ipv4_docker001_restricted
+ host: white-rabbit.nasqueron.org
+ app_port: 15672
+
redis:
sentry_redis: {}
pixelfed_redis: {}
@@ -454,9 +461,26 @@
realm: nasqueron
# -------------------------------------------------------------
- # Ports listened by XMPP
+ # Ports listened by known applications
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+rabbitmq_ports:
+ - 4369 # epmd, Erlang peer discovery service used by RabbitMQ and CLI tools
+ - 5671 # AMQP with TLS (AMQPS)
+ - 5672 # AMQP
+ - 15672 # Management UI, HTTP API, rabbitmqadmin (management plugin port)
+ - 25672 # Erlang distribution server port - Federation, rabbitmqctl
+
+ # Not implemented ports, as we don't use those protocols:
+ #
+ # - 1883 # MQTT
+ # - 8883 # MQTT with TLS
+ # - 15674 # STOMP over a WebSocket connection (rabbitmq_web_stomp plugin port)
+ # - 15675 # MQTT over a WebSocket connection (rabbitmq_web_mqtt plugin port)
+ # - 15692 # Prometheus metrics (rabbitmq_prometheus plugin port)
+ # - 61613 # STOMP
+ # - 61614 # STOMP with TLS
+
xmpp_ports:
- 3478
- 5222 # Client to server
diff --git a/roles/paas-docker/containers/rabbitmq.sls b/roles/paas-docker/containers/rabbitmq.sls
new file mode 100755
--- /dev/null
+++ b/roles/paas-docker/containers/rabbitmq.sls
@@ -0,0 +1,53 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-30
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['rabbitmq'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/rabbitmq/{{ instance }}/lib:
+ file.directory:
+ - user: 999
+ - group: 999
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_rabbitmq_data_{{ instance }}:
+ selinux.fcontext_policy_present:
+ - name: /srv/rabbitmq/{{ instance }}/lib
+ - sel_type: container_file_t
+
+selinux_context_rabbitmq_data_applied_{{ instance }}:
+ selinux.fcontext_policy_applied:
+ - name: /srv/rabbitmq/{{ instance }}/lib
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: nasqueron/rabbitmq
+ - binds:
+ - /srv/rabbitmq/{{ instance }}/lib:/var/lib/rabbitmq
+ - hostname: {{ container['host'] }}
+ - ports: {{ pillar['rabbitmq_ports'] }}
+ - port_bindings:
+{% for port in pillar['rabbitmq_ports'] %}
+ - {{ container['ip'] }}:{{ port }}:{{ port }}
+{% endfor %}
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf b/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf
new file mode 100755
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf
@@ -0,0 +1,47 @@
+# -------------------------------------------------------------
+# Configuration for Docker PaaS front-end nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2020-09-30
+# Source file: roles/paas-docker/nginx/files/vhosts/rabbitmq.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Application - {{ fqdn }}
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ fqdn }};
+
+ include includes/letsencrypt;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name {{ fqdn }};
+
+ include includes/tls;
+ ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+ ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+ include includes/letsencrypt;
+
+ location / {
+ proxy_pass http://{{ args['ip'] }}:{{ app_port }};
+ include includes/proxy_params;
+ }
+
+ root /var/wwwroot-502/_default;
+ error_page 502 /502.html;
+ location /502.html {}
+}

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 16:47 (18 h, 37 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2257079
Default Alt Text
D2353.diff (5 KB)

Event Timeline