add rmq adjustments

role-rocky-kojid-staging.yml

@@ -79,7 +79,6 @@
         gpgcheck: true
         gpgkey: https://download.copr.fedorainfracloud.org/results/nalika/rockylinux-tools/pubkey.gpg
         enabled: true
-      when: ansible_distribution_major_version == '8'
 
   # Right now, we are not sure how or where we'll get our certificates. So we
   # are presenting a choice by setting a variable, koji_internal_ca. There is a

role-rocky-kojid.yml

@@ -79,7 +79,6 @@
         gpgcheck: true
         gpgkey: https://download.copr.fedorainfracloud.org/results/nalika/rockylinux-tools/pubkey.gpg
         enabled: true
-      when: ansible_distribution_major_version == '8'
 
   # Right now, we are not sure how or where we'll get our certificates. So we
   # are presenting a choice by setting a variable, koji_internal_ca. There is a

role-rocky-kojihub-staging.yml

@@ -4,10 +4,10 @@
   hosts: kojihub
   become: true
   vars_files:
-  - vars/vaults/encpass.yml
+    - vars/vaults/encpass.yml
-  - vars/common.yml
+    - vars/common.yml
-  - vars/staging/kojihub.yml
+    - vars/staging/kojihub.yml
-  - vars/staging/koji-common.yml
+    - vars/staging/koji-common.yml
 
   # This is to try to avoid the handler issue in pre/post tasks
   handlers:

role-rocky-kojihub.yml

@@ -4,10 +4,10 @@
   hosts: kojihub
   become: true
   vars_files:
-  - vars/vaults/encpass.yml
+    - vars/vaults/encpass.yml
-  - vars/common.yml
+    - vars/common.yml
-  - vars/production/kojihub.yml
+    - vars/production/kojihub.yml
-  - vars/production/koji-common.yml
+    - vars/production/koji-common.yml
 
   # This is to try to avoid the handler issue in pre/post tasks
   handlers:

role-rocky-rabbitmq.yml

@@ -79,7 +79,12 @@
     - name: Run rabbitmq users
       ansible.builtin.import_tasks: "tasks/rabbitmq/users.yml"
       tags:
-        - vhosts
+        - users
+
+    - name: Run rabbitmq topics
+      ansible.builtin.import_tasks: "tasks/rabbitmq/topics.yml"
+      tags:
+        - topics
 
   post_tasks:
     - name: Touching run file that ansible has ran here

vars/rabbitmq_users.yml

@@ -78,4 +78,32 @@ rabbitmq_users:
         read_priv: "^$"
         write_priv: "^$"
     tags: "monitoring"
+  - user: rockypubsub
+    state: present
+    permissions:
+      - vhost: public_pubsub
+        configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
+        write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
+        read_priv: ".*"
+  - user: pubsub_federation
+    state: present
+    permissions:
+      - vhost: pubsub
+        configure_priv: "^federation.*"
+        write_priv: "^federation.*"
+        read_priv: ".*"
+  - user: rockykoji
+    state: present
+    permissions:
+      - vhost: pubsub
+        configure_priv: "^$"
+        read_priv: "^$"
+        write_priv: "amq\\.topic"
+  - user: rockyautomation
+    state: present
+    permissions:
+      - vhost: pubsub
+        configure_priv: "^$"
+        read_priv: "^$"
+        write_priv: "amq\\.topic"
 ...

vars/rabbitmq_vhost.yml

@@ -1,3 +1,8 @@
+#    parameter:
+#      - name: "pubsub-to-public_pubsub"
+#        component: "federation-upstream"
+#        value: '{"uri": "amqps://pubsub_federation:{{ pubsub_federation_pass }}@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub", "ack-mode": "on-confirm"}'
+#        state: present
 ---
 rabbitmq_vhosts:
   - vhost: '/pubsub'
@@ -97,6 +102,12 @@ rabbitmq_vhosts:
         tags:
           expires: 3600000
           max-length-bytes: 52428800
+      - name: pubsub-to-public_pubsub
+        apply_to: exchanges
+        state: present
+        pattern: "^(amq|zmq)\\.topic$"
+        tags:
+          federation-upstream: "pubsub-to-public_pubsub"
   - vhost: '/mbs'
     state: present
     policy: