88 lines
3.0 KiB
YAML
88 lines
3.0 KiB
YAML
---
|
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
|
# What: Creates RabbitMQ Users
|
|
# Required parameters:
|
|
# -> username: The username to create in RabbitMQ, which should match an LDAP
|
|
# name or the CN of a certificate. Note that if it's a hostname
|
|
# it must be the FQDN.
|
|
# -> queue_name: Name of the queue to create. This should be setup with a
|
|
# prefix_suffix name, where prefix is the username, and
|
|
# the suffix is a service name.
|
|
# -> routing_keys: A list to be used as routing keys.
|
|
# Optional:
|
|
# -> write_queues: A list of queues name prefixes that which the user will
|
|
# be allowed to publish.
|
|
# -> thresholds: A dictionary with two keys "warning" and "critical" - The
|
|
# values are numbers. In the event we have a monitoring system
|
|
# this can be a number of messages that could cause an alert.
|
|
# -> vhost: The vhost this queue will be part of. The default is /pubsub.
|
|
|
|
- name: Create a User
|
|
hosts: '{{ host }}'
|
|
become: false
|
|
gather_facts: false
|
|
vars_files:
|
|
- vars/rabbitmq.yml
|
|
|
|
tasks:
|
|
- name: "Checking for user variables"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- username != "admin"
|
|
- username != "guest"
|
|
- username != "mq-monitoring"
|
|
success_msg: "Required variables provided"
|
|
fail_msg: "Username is reserved"
|
|
tags:
|
|
- rabbitmq
|
|
|
|
- name: "Validate username queue name"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- "queue_name.startswith(username)"
|
|
tags:
|
|
- rabbitmq
|
|
|
|
- name: "Creating User Account"
|
|
community.rabbitmq.rabbitmq_user:
|
|
user: "{{ username }}"
|
|
vhost: "{{ vhost|default('/pubsub') }}"
|
|
read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$"
|
|
write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$"
|
|
configure_priv: "^$"
|
|
state: present
|
|
tags:
|
|
- rabbitmq
|
|
|
|
- name: "Create {{ queue_name }}"
|
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
|
community.rabbitmq.rabbitmq_queue:
|
|
name: "{{ queue_name }}"
|
|
vhost: "{{ vhost|default('/pubsub') }}"
|
|
auto_delete: false
|
|
durable: true
|
|
message_ttl: "{{ message_ttl|default('null') }}"
|
|
state: present
|
|
login_user: admin
|
|
login_password: "{{ rabbitmq_admin_password }}"
|
|
tags:
|
|
- rabbitmq
|
|
|
|
- name: "Bind {{ queue_name }} to amq.topic exchange"
|
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
|
community.rabbitmq.rabbitmq_binding:
|
|
name: "amq.topic"
|
|
destination: "{{ queue_name }}"
|
|
destination_type: queue
|
|
routing_key: "{{ routing_item }}"
|
|
vhost: "{{ vhost|default('/pubsub') }}"
|
|
state: present
|
|
login_user: admin
|
|
login_password: "{{ rabbitmq_admin_password }}"
|
|
loop: "{{ routing_keys }}"
|
|
loop_control:
|
|
loop_var: routing_item
|
|
tags:
|
|
- rabbitmq
|
|
...
|