From baccc3e81d39503ec163b4c873350ff750a9e231 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Sat, 13 Feb 2021 18:51:32 -0700
Subject: [PATCH] Changes

Reducing rabbitmq space reqs, removing the '/' for vhosts as that
appears to cause issues when forming URL's to connect to RabbitMQ.
---
 tasks/commonapps.yml                    |  8 ++++----
 tasks/federation.yml                    |  8 ++++----
 tasks/main.yml                          | 11 +++++++++++
 tasks/topics.yml                        |  6 +++---
 tasks/users.yml                         | 10 +++++-----
 tasks/vhosts.yml                        | 14 +++++++-------
 templates/etc/rabbitmq/rabbitmq.conf.j2 |  4 ++--
 7 files changed, 36 insertions(+), 25 deletions(-)

diff --git a/tasks/commonapps.yml b/tasks/commonapps.yml
index 3b8f26a..aad2e41 100644
--- a/tasks/commonapps.yml
+++ b/tasks/commonapps.yml
@@ -57,7 +57,7 @@
   run_once: true
   delegate_to: "{{ rabbitmq_cluster_list[0] }}"
   community.rabbitmq.rabbitmq_vhost:
-    name: /rocky-odcs
+    name: rocky-odcs
     state: present
   tags:
     - odcs
@@ -73,7 +73,7 @@
       ha-mode: all
       ha-sync-mode: automatic
       ha-sync-batch-size: 10000
-    vhost: /rocky-odcs
+    vhost: rocky-odcs
   tags:
     - odcs
 
@@ -88,7 +88,7 @@
     tags:
       expires: 111600000
       max-length-bytes: 1073741824
-    vhost: /rocky-odcs
+    vhost: rocky-odcs
   tags:
     - odcs
 
@@ -98,7 +98,7 @@
   delegate_to: "{{ rabbitmq_cluster_list[0] }}"
   community.rabbitmq.rabbitmq_user:
     user: rockyadmin
-    vhost: /rocky-odcs
+    vhost: rocky-odcs
     configure_priv: ".*"
     read_priv: ".*"
     write_priv: ".*"
diff --git a/tasks/federation.yml b/tasks/federation.yml
index d1c1c86..4930a2d 100644
--- a/tasks/federation.yml
+++ b/tasks/federation.yml
@@ -15,7 +15,7 @@
   community.rabbitmq.rabbitmq_user:
     user: rockypubsub
     permissions:
-      - vhost: /public_pubsub
+      - vhost: public_pubsub
         configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
         write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
         read_priv: ".*"
@@ -29,7 +29,7 @@
   community.rabbitmq.rabbitmq_user:
     user: pubsub_federation
     permissions:
-      - vhost: /pubsub
+      - vhost: pubsub
         configure_priv: "^federation.*"
         write_priv: "^federation.*"
         read_priv: ".*"
@@ -45,7 +45,7 @@
     name: "pubsub-to-public_pubsub"
     value: '{"uri": "amqps://pubsub_federation:{{ pubsub_federation_pass }}@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub", "ack-mode": "on-confirm"}'
     state: present
-    vhost: /public_pubsub
+    vhost: public_pubsub
   when:
     - rabbitmq_enable_public
     - pubsub_federation_pass is defined
@@ -60,7 +60,7 @@
     pattern: "^(amq|zmq)\\.topic$"
     tags:
       federation-upstream: "pubsub-to-public_pubsub"
-    vhost: /public_pubsub
+    vhost: public_pubsub
   when:
     - rabbitmq_enable_public
     - pubsub_federation_pass is defined
diff --git a/tasks/main.yml b/tasks/main.yml
index 07ba8a0..251bb42 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -65,6 +65,17 @@
     mode: '0644'
     state: file
 
+- name: Ensure file ownership for certificate
+  file:
+    path: "{{ item }}"
+    owner: rabbitmq
+    group: rabbitmq
+    mode: '0600'
+    state: file
+  loop:
+    - "{{ rabbitmq_tls_cert }}"
+    - "{{ rabbitmq_tls_key }}"
+
 - name: Open applicable firewall rules
   ansible.posix.firewalld:
     port: "{{ item }}"
diff --git a/tasks/topics.yml b/tasks/topics.yml
index 270e955..fdfc057 100644
--- a/tasks/topics.yml
+++ b/tasks/topics.yml
@@ -6,7 +6,7 @@
   community.rabbitmq.rabbitmq_exchange:
     name: "zmq.topic"
     exchange_type: "topic"
-    vhost: "/pubsub"
+    vhost: "pubsub"
     login_user: rockyadmin
     login_password: "{{ rabbitmq_admin_password }}"
   tags:
@@ -18,7 +18,7 @@
   community.rabbitmq.rabbitmq_exchange:
     name: "zmq.topic"
     exchange_type: "topic"
-    vhost: "/public_pubsub"
+    vhost: "public_pubsub"
     login_user: rockyadmin
     login_password: "{{ rabbitmq_admin_password }}"
   tags:
@@ -32,7 +32,7 @@
     name: zmq.topic
     dest: amq.topic
     routing_key: "#"
-    vhost: "/public_pubsub"
+    vhost: "public_pubsub"
     login_user: rockyadmin
     login_password: "{{ rabbitmq_admin_password }}"
   tags:
diff --git a/tasks/users.yml b/tasks/users.yml
index 085ef9e..8ba42f4 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -20,8 +20,8 @@
   when: "'rabbitmq001' in inventory_hostname"
   with_items:
     - /
-    - /pubsub
-    - /public_pubsub
+    - pubsub
+    - public_pubsub
   tags:
     - rabbitmq_cluster
 
@@ -46,11 +46,11 @@
         configure_priv: "^$"
         read_priv: "^$"
         write_priv: "^$"
-      - vhost: /pubsub
+      - vhost: pubsub
         configure_priv: "^$"
         read_priv: "^$"
         write_priv: "^$"
-      - vhost: /public_pubsub
+      - vhost: public_pubsub
         configure_priv: "^$"
         read_priv: "^$"
         write_priv: "^$"
@@ -66,7 +66,7 @@
     user: "mbs"
     password: "{{ rabbitmq_mbs_password }}"
     update_password: always
-    vhost: /mbs
+    vhost: mbs
     configure_priv: "^$"
     read_priv: "^$"
     write_priv: "^$"
diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml
index 69b5f8c..ead0fe0 100644
--- a/tasks/vhosts.yml
+++ b/tasks/vhosts.yml
@@ -2,7 +2,7 @@
 # Create vhosts
 - name: Configure pubsub virtual host
   community.rabbitmq.rabbitmq_vhost:
-    name: /pubsub
+    name: pubsub
     state: present
   tags:
     - rabbitmq_cluster
@@ -11,7 +11,7 @@
   run_once: true
   delegate_to: "{{ rabbitmq_cluster_list[0] }}"
   community.rabbitmq.rabbitmq_vhost:
-    name: /public_pubsub
+    name: public_pubsub
     state: present
   tags:
     - rabbitmq_cluster
@@ -25,7 +25,7 @@
       ha-mode: all
       ha-sync-mode: automatic
       ha-sync-batch-size: 10000
-    vhost: /pubsub
+    vhost: pubsub
   tags:
     - rabbitmq_cluster
 
@@ -40,7 +40,7 @@
     tags:
       expires: 111600000
       max-length-bytes: 1073741824
-    vhost: /pubsub
+    vhost: pubsub
   tags:
     - rabbitmq_cluster
 
@@ -55,7 +55,7 @@
     tags:
       expires: 3600000
       max-length-bytes: 52428800
-    vhost: /public_pubsub
+    vhost: public_pubsub
   tags:
     - rabbitmq_cluster
 
@@ -63,7 +63,7 @@
   run_once: true
   delegate_to: "{{ rabbitmq_cluster_list[0]  }}"
   community.rabbitmq.rabbitmq_vhost:
-    name: /mbs
+    name: mbs
     state: present
   tags:
     - rabbitmq_cluster
@@ -79,6 +79,6 @@
       ha-mode: all
       ha-sync-mode: automatic
       ha-sync-batch-size: 10000
-    vhost: /mbs
+    vhost: mbs
   tags:
     - rabbitmq_cluster
diff --git a/templates/etc/rabbitmq/rabbitmq.conf.j2 b/templates/etc/rabbitmq/rabbitmq.conf.j2
index 55442da..471701c 100644
--- a/templates/etc/rabbitmq/rabbitmq.conf.j2
+++ b/templates/etc/rabbitmq/rabbitmq.conf.j2
@@ -17,8 +17,8 @@ auth_backends.1.authn = ldap
 auth_backends.1.authz = internal
 auth_backends.2       = internal
 auth_mechanisms.1     = PLAIN
+auth_mechanisms.1     = EXTERNAL
 auth_mechanisms.2     = EXTERNAL
-auth_mechanisms.3     = AMQPLAIN
 
 ssl_cert_login_from   = common_name
 auth_ldap.dn_lookup_bind.user_dn  = {{ rabbitmq_ldap_bind_dn }}
@@ -43,7 +43,7 @@ product.name    = RockyMQ!
 product.version = 0.0.1
 
 #disk_free_limit.relative = 2.0
-disk_free_limit.absolute = 10GB
+disk_free_limit.absolute = 2GB
 
 # Cluster Nodes
 {% for mqsrv in rabbitmq_cluster_list %}