From baccc3e81d39503ec163b4c873350ff750a9e231 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 13 Feb 2021 18:51:32 -0700 Subject: [PATCH] Changes Reducing rabbitmq space reqs, removing the '/' for vhosts as that appears to cause issues when forming URL's to connect to RabbitMQ. --- tasks/commonapps.yml | 8 ++++---- tasks/federation.yml | 8 ++++---- tasks/main.yml | 11 +++++++++++ tasks/topics.yml | 6 +++--- tasks/users.yml | 10 +++++----- tasks/vhosts.yml | 14 +++++++------- templates/etc/rabbitmq/rabbitmq.conf.j2 | 4 ++-- 7 files changed, 36 insertions(+), 25 deletions(-) diff --git a/tasks/commonapps.yml b/tasks/commonapps.yml index 3b8f26a..aad2e41 100644 --- a/tasks/commonapps.yml +++ b/tasks/commonapps.yml @@ -57,7 +57,7 @@ run_once: true delegate_to: "{{ rabbitmq_cluster_list[0] }}" community.rabbitmq.rabbitmq_vhost: - name: /rocky-odcs + name: rocky-odcs state: present tags: - odcs @@ -73,7 +73,7 @@ ha-mode: all ha-sync-mode: automatic ha-sync-batch-size: 10000 - vhost: /rocky-odcs + vhost: rocky-odcs tags: - odcs @@ -88,7 +88,7 @@ tags: expires: 111600000 max-length-bytes: 1073741824 - vhost: /rocky-odcs + vhost: rocky-odcs tags: - odcs @@ -98,7 +98,7 @@ delegate_to: "{{ rabbitmq_cluster_list[0] }}" community.rabbitmq.rabbitmq_user: user: rockyadmin - vhost: /rocky-odcs + vhost: rocky-odcs configure_priv: ".*" read_priv: ".*" write_priv: ".*" diff --git a/tasks/federation.yml b/tasks/federation.yml index d1c1c86..4930a2d 100644 --- a/tasks/federation.yml +++ b/tasks/federation.yml @@ -15,7 +15,7 @@ community.rabbitmq.rabbitmq_user: user: rockypubsub permissions: - - vhost: /public_pubsub + - vhost: public_pubsub configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$" write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$" read_priv: ".*" @@ -29,7 +29,7 @@ community.rabbitmq.rabbitmq_user: user: pubsub_federation permissions: - - vhost: /pubsub + - vhost: pubsub configure_priv: "^federation.*" write_priv: "^federation.*" read_priv: ".*" @@ -45,7 +45,7 @@ name: "pubsub-to-public_pubsub" value: '{"uri": "amqps://pubsub_federation:{{ pubsub_federation_pass }}@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub", "ack-mode": "on-confirm"}' state: present - vhost: /public_pubsub + vhost: public_pubsub when: - rabbitmq_enable_public - pubsub_federation_pass is defined @@ -60,7 +60,7 @@ pattern: "^(amq|zmq)\\.topic$" tags: federation-upstream: "pubsub-to-public_pubsub" - vhost: /public_pubsub + vhost: public_pubsub when: - rabbitmq_enable_public - pubsub_federation_pass is defined diff --git a/tasks/main.yml b/tasks/main.yml index 07ba8a0..251bb42 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -65,6 +65,17 @@ mode: '0644' state: file +- name: Ensure file ownership for certificate + file: + path: "{{ item }}" + owner: rabbitmq + group: rabbitmq + mode: '0600' + state: file + loop: + - "{{ rabbitmq_tls_cert }}" + - "{{ rabbitmq_tls_key }}" + - name: Open applicable firewall rules ansible.posix.firewalld: port: "{{ item }}" diff --git a/tasks/topics.yml b/tasks/topics.yml index 270e955..fdfc057 100644 --- a/tasks/topics.yml +++ b/tasks/topics.yml @@ -6,7 +6,7 @@ community.rabbitmq.rabbitmq_exchange: name: "zmq.topic" exchange_type: "topic" - vhost: "/pubsub" + vhost: "pubsub" login_user: rockyadmin login_password: "{{ rabbitmq_admin_password }}" tags: @@ -18,7 +18,7 @@ community.rabbitmq.rabbitmq_exchange: name: "zmq.topic" exchange_type: "topic" - vhost: "/public_pubsub" + vhost: "public_pubsub" login_user: rockyadmin login_password: "{{ rabbitmq_admin_password }}" tags: @@ -32,7 +32,7 @@ name: zmq.topic dest: amq.topic routing_key: "#" - vhost: "/public_pubsub" + vhost: "public_pubsub" login_user: rockyadmin login_password: "{{ rabbitmq_admin_password }}" tags: diff --git a/tasks/users.yml b/tasks/users.yml index 085ef9e..8ba42f4 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -20,8 +20,8 @@ when: "'rabbitmq001' in inventory_hostname" with_items: - / - - /pubsub - - /public_pubsub + - pubsub + - public_pubsub tags: - rabbitmq_cluster @@ -46,11 +46,11 @@ configure_priv: "^$" read_priv: "^$" write_priv: "^$" - - vhost: /pubsub + - vhost: pubsub configure_priv: "^$" read_priv: "^$" write_priv: "^$" - - vhost: /public_pubsub + - vhost: public_pubsub configure_priv: "^$" read_priv: "^$" write_priv: "^$" @@ -66,7 +66,7 @@ user: "mbs" password: "{{ rabbitmq_mbs_password }}" update_password: always - vhost: /mbs + vhost: mbs configure_priv: "^$" read_priv: "^$" write_priv: "^$" diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 69b5f8c..ead0fe0 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -2,7 +2,7 @@ # Create vhosts - name: Configure pubsub virtual host community.rabbitmq.rabbitmq_vhost: - name: /pubsub + name: pubsub state: present tags: - rabbitmq_cluster @@ -11,7 +11,7 @@ run_once: true delegate_to: "{{ rabbitmq_cluster_list[0] }}" community.rabbitmq.rabbitmq_vhost: - name: /public_pubsub + name: public_pubsub state: present tags: - rabbitmq_cluster @@ -25,7 +25,7 @@ ha-mode: all ha-sync-mode: automatic ha-sync-batch-size: 10000 - vhost: /pubsub + vhost: pubsub tags: - rabbitmq_cluster @@ -40,7 +40,7 @@ tags: expires: 111600000 max-length-bytes: 1073741824 - vhost: /pubsub + vhost: pubsub tags: - rabbitmq_cluster @@ -55,7 +55,7 @@ tags: expires: 3600000 max-length-bytes: 52428800 - vhost: /public_pubsub + vhost: public_pubsub tags: - rabbitmq_cluster @@ -63,7 +63,7 @@ run_once: true delegate_to: "{{ rabbitmq_cluster_list[0] }}" community.rabbitmq.rabbitmq_vhost: - name: /mbs + name: mbs state: present tags: - rabbitmq_cluster @@ -79,6 +79,6 @@ ha-mode: all ha-sync-mode: automatic ha-sync-batch-size: 10000 - vhost: /mbs + vhost: mbs tags: - rabbitmq_cluster diff --git a/templates/etc/rabbitmq/rabbitmq.conf.j2 b/templates/etc/rabbitmq/rabbitmq.conf.j2 index 55442da..471701c 100644 --- a/templates/etc/rabbitmq/rabbitmq.conf.j2 +++ b/templates/etc/rabbitmq/rabbitmq.conf.j2 @@ -17,8 +17,8 @@ auth_backends.1.authn = ldap auth_backends.1.authz = internal auth_backends.2 = internal auth_mechanisms.1 = PLAIN +auth_mechanisms.1 = EXTERNAL auth_mechanisms.2 = EXTERNAL -auth_mechanisms.3 = AMQPLAIN ssl_cert_login_from = common_name auth_ldap.dn_lookup_bind.user_dn = {{ rabbitmq_ldap_bind_dn }} @@ -43,7 +43,7 @@ product.name = RockyMQ! product.version = 0.0.1 #disk_free_limit.relative = 2.0 -disk_free_limit.absolute = 10GB +disk_free_limit.absolute = 2GB # Cluster Nodes {% for mqsrv in rabbitmq_cluster_list %}