2020-12-27 03:52:59 +00:00
|
|
|
---
|
2020-12-30 00:07:26 +00:00
|
|
|
# Create necessary federation pieces
|
2020-12-31 04:14:11 +00:00
|
|
|
|
|
|
|
# You will need to address the certificates yourself. Right now we are trying
|
|
|
|
# to figure out how to deal with SNI using FreeIPA. So instead we're using a
|
|
|
|
# service account in IPA instead using a password. This isn't ideal and we're
|
|
|
|
# looking into finding a way to address this in an easier manner.
|
|
|
|
# /etc/rabbitmq/pubsub_federation.pem
|
|
|
|
# /etc/rabbitmq/pubsub_federation.key
|
|
|
|
|
2020-12-30 00:07:26 +00:00
|
|
|
# This public user can write UUID objects and read anything else
|
|
|
|
- name: Create a public access user
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
|
|
|
community.rabbitmq.rabbitmq_user:
|
2020-12-30 02:40:15 +00:00
|
|
|
user: rockypubsub
|
2020-12-30 00:07:26 +00:00
|
|
|
permissions:
|
2020-12-31 04:14:11 +00:00
|
|
|
- vhost: /public_pubsub
|
2020-12-30 00:07:26 +00:00
|
|
|
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
|
|
|
write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
|
|
|
read_priv: ".*"
|
|
|
|
state: present
|
|
|
|
tags:
|
|
|
|
- rabbitmq_cluster
|
|
|
|
|
|
|
|
- name: Create a federation user
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
|
|
|
community.rabbitmq.rabbitmq_user:
|
|
|
|
user: pubsub_federation
|
|
|
|
permissions:
|
|
|
|
- vhost: /pubsub
|
|
|
|
configure_priv: "^federation.*"
|
|
|
|
write_priv: "^federation.*"
|
|
|
|
read_priv: ".*"
|
|
|
|
state: present
|
|
|
|
tags:
|
|
|
|
- rabbitmq_cluster
|
|
|
|
|
|
|
|
- name: Configure Federation Upstream from pubsub to public
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
|
|
|
community.rabbitmq.rabbitmq_parameter:
|
|
|
|
component: "federation-upstream"
|
|
|
|
name: "pubsub-to-public_pubsub"
|
2020-12-30 04:17:39 +00:00
|
|
|
value: '{"uri": "amqps://pubsub_federation:{{ pubsub_federation_pass }}@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub", "ack-mode": "on-confirm"}'
|
2020-12-30 00:07:26 +00:00
|
|
|
state: present
|
|
|
|
vhost: /public_pubsub
|
2020-12-30 04:17:39 +00:00
|
|
|
when:
|
|
|
|
- rabbitmq_enable_public
|
2021-01-27 09:51:14 +00:00
|
|
|
- pubsub_federation_pass is defined
|
2020-12-30 00:07:26 +00:00
|
|
|
|
|
|
|
- name: Configure a policy to federate the topic exchange to public
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
|
|
|
community.rabbitmq.rabbitmq_policy:
|
|
|
|
apply_to: exchanges
|
|
|
|
name: pubsub-to-public_pubsub
|
|
|
|
state: present
|
|
|
|
pattern: "^(amq|zmq)\\.topic$"
|
|
|
|
tags:
|
|
|
|
federation-upstream: "pubsub-to-public_pubsub"
|
|
|
|
vhost: /public_pubsub
|
2020-12-30 04:17:39 +00:00
|
|
|
when:
|
|
|
|
- rabbitmq_enable_public
|
2021-01-27 09:51:14 +00:00
|
|
|
- pubsub_federation_pass is defined
|