---
# rabbitmq settings
rabbitmq_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt"
rabbitmq_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"

# These should be in a vault, with a different value. Generated by:
# dd if=/dev/urandom bs=30 count=1 | base64
# rabbitmq_cookie: ...

# Admin passwords - these should be in a vault
# rabbitmq_admin_password: ...

# rabbitmq cluster list and information should be defined in hostvars to ensure
# that the configuration is idempotent.
# rabbitmq_cluster_name:
# rabbitmq_env:

# Federation / Public Queues
rabbitmq_enable_public: false
# pubsub_federation_pass:

# THIS IS DYNAMIC. IT'S ADVISED IT NOT BE STATIC.
# This should be changed depending on how inventory is managed. For example, if
# it's not possible to have "staging inventory" as opposed to a "production"
# inventory, you would likely have a different name than just "rabbitmq". It is
# also possible there will be more than one cluster, so these must be taken
# into account when setting this variable.
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
rabbitmq_ldap_servers: "{{ rocky_ipaserver_list }}"
rabbitmq_ldap_bind_dn: "uid=rabbitmq_binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org"
rabbitmq_ldap_bind_pw: "{{ rabbitmq_binder_password }}"
rabbitmq_ldap_basedn: "{{ rocky_ldap_account_basedn }}"

# Messaging queues are generally private
rabbitmq_private: true
ipa_getcert_requested_hostnames:
  - name: "{{ ansible_fqdn }}"
    owner: rabbitmq
    key_location: "{{ rabbitmq_tls_key }}"
    cert_location: "{{ rabbitmq_tls_cert }}"
    postcmd: "/bin/systemctl restart rabbitmq-server"
    cnames:
      - "rabbitmq-{{ rabbitmq_env }}.rockylinux.org"
...