mirror of
https://github.com/rocky-linux/ansible-role-rabbitmq.git
synced 2024-12-03 18:06:25 +00:00
RabbitMQ Almost Finished
This commit is contained in:
parent
0d162810f4
commit
596a19aca9
@ -27,3 +27,10 @@ rabbitmq_plugins:
|
||||
- rabbitmq_mqtt
|
||||
- rabbitmq_federation
|
||||
- rabbitmq_federation_management
|
||||
|
||||
# If you want monitoring, set these in your playbooks
|
||||
#rabbitmq_monitoring_username: mq-monitoring
|
||||
#rabbitmq_monitoring_password: NotASafePassword
|
||||
|
||||
# Enable the public pubsub or not
|
||||
rabbitmq_enable_public: false
|
||||
|
@ -1 +1,59 @@
|
||||
---
|
||||
# Create necessary federation pieces
|
||||
# This public user can write UUID objects and read anything else
|
||||
- name: Create a public access user
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: "rockypublic"
|
||||
permissions:
|
||||
- vhost:
|
||||
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
||||
write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
||||
read_priv: ".*"
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
# You will need to address the certificates yourself. Right now we are trying
|
||||
# to figure out how to deal with SNI using FreeIPA.
|
||||
# /etc/rabbitmq/pubsub_federation.pem
|
||||
# /etc/rabbitmq/pubsub_federation.key
|
||||
|
||||
- name: Create a federation user
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: pubsub_federation
|
||||
permissions:
|
||||
- vhost: /pubsub
|
||||
configure_priv: "^federation.*"
|
||||
write_priv: "^federation.*"
|
||||
read_priv: ".*"
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Configure Federation Upstream from pubsub to public
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_parameter:
|
||||
component: "federation-upstream"
|
||||
name: "pubsub-to-public_pubsub"
|
||||
value: '{"uri": "amqps://pubsub_federation:@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub?cacertfile=%2Fetc%2Fipa%2Fca.crt&certfile=%2Fetc%2Frabbitmq%2Fpubsub_federation.pem&keyfile=%2Fetc%2Frabbitmq%2Fpubsub_federation.key&verify=verify_peer&fail_if_no_peer_cert=true&server_name_indication=disabled&auth_mechanism=external", "ack-mode": "on-confirm"}'
|
||||
state: present
|
||||
vhost: /public_pubsub
|
||||
when: rabbitmq_enable_public
|
||||
|
||||
- name: Configure a policy to federate the topic exchange to public
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_policy:
|
||||
apply_to: exchanges
|
||||
name: pubsub-to-public_pubsub
|
||||
state: present
|
||||
pattern: "^(amq|zmq)\\.topic$"
|
||||
tags:
|
||||
federation-upstream: "pubsub-to-public_pubsub"
|
||||
vhost: /public_pubsub
|
||||
when: rabbitmq_enable_public
|
||||
|
@ -36,12 +36,18 @@
|
||||
names: "{{ rabbitmq_plugins | join(',') }}"
|
||||
state: enabled
|
||||
|
||||
- name: Users Tasks
|
||||
include_tasks: users.yml
|
||||
- name: Ensure RabbitMQ is running
|
||||
service:
|
||||
name: rabbitmq-server
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Vhost tasks
|
||||
include_tasks: vhosts.yml
|
||||
|
||||
- name: Users Tasks
|
||||
include_tasks: users.yml
|
||||
|
||||
- name: Topic Tasks
|
||||
include_tasks: topics.yml
|
||||
|
||||
|
@ -1 +1,39 @@
|
||||
---
|
||||
# Create our topics
|
||||
- name: Create the zmq.topic exchange in the pubsub vhost
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_exchange:
|
||||
name: "zmq.topic"
|
||||
exchange_type: "topic"
|
||||
vhost: "/pubsub"
|
||||
login_user: admin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Create the zmq.topic exchange in the public pubsub vhost
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_exchange:
|
||||
name: "zmq.topic"
|
||||
exchange_type: "topic"
|
||||
vhost: "/public_pubsub"
|
||||
login_user: admin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Forward all zmq.topic and amq.topic in public_pubsub
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_binding:
|
||||
destination_type: exchange
|
||||
name: zmq.topic
|
||||
dest: amq.topic
|
||||
routing_key: "#"
|
||||
vhost: "/public_pubsub"
|
||||
login_user: admin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
@ -1 +1,61 @@
|
||||
---
|
||||
# No guest users
|
||||
- name: Remove guest user
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: guest
|
||||
state: absent
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
# Add the admin user
|
||||
- name: Create the admin user for our vhosts
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: rockyadmin
|
||||
password: "{{ rabbitmq_admin_password }}"
|
||||
vhost: "{{ item }}"
|
||||
configure_priv: .*
|
||||
read_priv: .*
|
||||
write_priv: .*
|
||||
tags: administrator
|
||||
when: inventory_hostname.startswith('rabbitmq01')
|
||||
with_items:
|
||||
- /
|
||||
- /pubsub
|
||||
- /public_pubsub
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Drop the admin password in a file for admin operations
|
||||
copy:
|
||||
dest: /root/.rabbitmqpass
|
||||
content: "{{ rabbitmq_admin_password }}"
|
||||
mode: '0600'
|
||||
owner: root
|
||||
group: root
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
# Create a monitoring user as long as the vars are set
|
||||
- name: Create monitoring user
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: "{{ rabbitmq_monitoring_username }}"
|
||||
password: "{{ rabbitmq_monitoring_password }}"
|
||||
update_password: always
|
||||
permissions:
|
||||
- vhost: /
|
||||
configure_priv: "^$"
|
||||
read_priv: "^$"
|
||||
write_priv: "^$"
|
||||
- vhost: /pubsub
|
||||
configure_priv: "^$"
|
||||
read_priv: "^$"
|
||||
write_priv: "^$"
|
||||
- vhost: /public_pubsub
|
||||
configure_priv: "^$"
|
||||
read_priv: "^$"
|
||||
write_priv: "^$"
|
||||
tags: monitoring
|
||||
when:
|
||||
- inventory_hostname.startswith('rabbitmq01')
|
||||
- rabbitmq_monitoring_username
|
||||
- rabbitmq_monitoring_password
|
||||
|
@ -1 +1,60 @@
|
||||
---
|
||||
# Create vhosts
|
||||
- name: Configure pubsub virtual host
|
||||
community.rabbitmq.rabbitmq_vhost:
|
||||
name: /pubsub
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Configure publicly accessible vhost
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_vhost:
|
||||
name: /public_pubsub
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Configure the HA policy for pubsub
|
||||
community.rabbitmq.rabbitmq_policy:
|
||||
name: HA
|
||||
apply_to: queues
|
||||
pattern: ".*"
|
||||
tags:
|
||||
ha-mode: all
|
||||
ha-sync-mode: automatic
|
||||
ha-sync-batch-size: 10000
|
||||
vhost: /pubsub
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Add a policy to limit queues to 1GB and sweep after a month
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_policy:
|
||||
apply_to: queues
|
||||
name: pubsub_sweeper
|
||||
state: present
|
||||
pattern: ".*"
|
||||
tags:
|
||||
expires: 111600000
|
||||
max-length-bytes: 1073741824
|
||||
vhost: /pubsub
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
- name: Add a policy to keep the public vhost swept
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_policy:
|
||||
apply_to: queues
|
||||
name: sweeper
|
||||
state: present
|
||||
pattern: ".*"
|
||||
tags:
|
||||
expires: 3600000
|
||||
max-length-bytes: 52428800
|
||||
vhost: /public_pubsub
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
Loading…
Reference in New Issue
Block a user