---
- name: Install RabbitMQ
  ansible.builtin.dnf:
    name: rabbitmq-server
    state: present

- name: Enable SELinux boolean
  ansible.posix.seboolean:
    name: nis_enabled
    persistent: true
    state: true

- name: Deploy RabbitMQ configuration
  ansible.builtin.template:
    src: "etc/rabbitmq/{{ item }}.j2"
    dest: "/etc/rabbitmq/{{ item }}"
    owner: rabbitmq
    group: rabbitmq
    mode: '0644'
  loop:
    - rabbitmq.conf
    - rabbitmq-env.conf
  notify:
    - restart_rabbitmq

- name: Deploy erlang cookie
  ansible.builtin.copy:
    owner: rabbitmq
    group: rabbitmq
    mode: '0600'
    content: "{{ rabbitmq_cookie }}"
    dest: "/var/lib/rabbitmq/.erlang.cookie"
  notify:
    - restart_rabbitmq

- name: Create systemd override for RabbitMQ
  ansible.builtin.file:
    path: /etc/systemd/system/rabbitmq-server.service.d
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: Override nofile limit for RabbitMQ
  ansible.builtin.copy:
    dest: /etc/systemd/system/rabbitmq-server.service.d/99-override.conf
    owner: root
    group: root
    mode: '0644'
    content: |
      [Service]
      LimitNOFILE={{ rabbitmq_file_limit }}
  notify:
    - restart_rabbitmq

# We are doing it the command line way
- name: Enable RabbitMQ Plugins
  ansible.builtin.command: "rabbitmq-plugins enable {{ rabbitmq_plugins | join(' ') }}"
  changed_when: "1 != 1"

- name: Ensure file ownership for plugins
  ansible.builtin.file:
    path: /etc/rabbitmq/enabled_plugins
    owner: rabbitmq
    group: rabbitmq
    mode: '0644'
    state: file

- name: Ensure file ownership for certificate
  ansible.builtin.file:
    path: "{{ item }}"
    owner: rabbitmq
    group: rabbitmq
    mode: '0600'
    state: file
  loop:
    - "{{ rabbitmq_tls_cert }}"
    - "{{ rabbitmq_tls_key }}"

- name: Open applicable firewall rules
  ansible.posix.firewalld:
    port: "{{ item }}"
    permanent: true
    state: enabled
    immediate: true
  loop: "{{ rabbitmq_ports }}"

- name: Ensure RabbitMQ is running
  ansible.builtin.systemd:
    name: rabbitmq-server
    state: started
    enabled: true
    daemon_reload: true

- name: Non-master nodes should wait for 001 to be up first
  ansible.builtin.wait_for:
    host: "{{ rabbitmq_cluster_list[0] }}"
    port: '5672'
    delay: '15'
    connect_timeout: '10'
    state: started
  when: rabbitmq_cluster_list[0] not in inventory_hostname

- name: Drop the admin password in a file if available
  ansible.builtin.copy:
    dest: /root/.rabbitmqpass
    content: "{{ rabbitmq_admin_password }}"
    mode: '0600'
    owner: root
    group: root
  when: rabbitmq_admin_password is defined
  tags:
    - rabbitmq_cluster
...