46 lines
1.7 KiB
YAML
46 lines
1.7 KiB
YAML
---
|
|
# rabbitmq settings
|
|
rabbitmq_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt"
|
|
rabbitmq_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
|
|
rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
|
|
|
|
# These should be in a vault, with a different value. Generated by:
|
|
# dd if=/dev/urandom bs=30 count=1 | base64
|
|
# rabbitmq_cookie: ...
|
|
|
|
# Admin passwords - these should be in a vault
|
|
# rabbitmq_admin_password: ...
|
|
|
|
# rabbitmq cluster list and information should be defined in hostvars to ensure
|
|
# that the configuration is idempotent.
|
|
# rabbitmq_cluster_name:
|
|
# rabbitmq_env:
|
|
|
|
# Federation / Public Queues
|
|
rabbitmq_enable_public: false
|
|
# pubsub_federation_pass:
|
|
|
|
# THIS IS DYNAMIC. IT'S ADVISED IT NOT BE STATIC.
|
|
# This should be changed depending on how inventory is managed. For example, if
|
|
# it's not possible to have "staging inventory" as opposed to a "production"
|
|
# inventory, you would likely have a different name than just "rabbitmq". It is
|
|
# also possible there will be more than one cluster, so these must be taken
|
|
# into account when setting this variable.
|
|
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
|
|
rabbitmq_ldap_servers: "{{ rocky_ipaserver_list }}"
|
|
rabbitmq_ldap_bind_dn: "uid=rabbitmq_binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org"
|
|
rabbitmq_ldap_bind_pw: "{{ rabbitmq_binder_password }}"
|
|
rabbitmq_ldap_basedn: "{{ rocky_ldap_account_basedn }}"
|
|
|
|
# Messaging queues are generally private
|
|
rabbitmq_private: true
|
|
ipa_getcert_requested_hostnames:
|
|
- name: "{{ ansible_fqdn }}"
|
|
owner: rabbitmq
|
|
key_location: "{{ rabbitmq_tls_key }}"
|
|
cert_location: "{{ rabbitmq_tls_cert }}"
|
|
postcmd: "/bin/systemctl restart rabbitmq-server"
|
|
cnames:
|
|
- "rabbitmq-{{ rabbitmq_env }}.rockylinux.org"
|
|
...
|