mirror of
https://github.com/rocky-linux/ansible-role-rabbitmq.git
synced 2024-12-03 18:06:25 +00:00
RabbitMQ Ready for Testing
This commit is contained in:
parent
e36dc3642f
commit
d37d41ac18
108
tasks/commonapps.yml
Normal file
108
tasks/commonapps.yml
Normal file
@ -0,0 +1,108 @@
|
||||
---
|
||||
# Common App Queues
|
||||
# GitLab + Others like CI
|
||||
- name: Rocky Automation User
|
||||
run_once: true
|
||||
include_tasks: runners/mkuser.yml
|
||||
vars:
|
||||
username: rockyautomation
|
||||
tags:
|
||||
- ci
|
||||
|
||||
- name: Rocky Automation Queue
|
||||
run_once: true
|
||||
include_tasks: runners/mkqueue.yml
|
||||
vars:
|
||||
username: rockyautomation
|
||||
queue_name: rockyautomation-ci
|
||||
# 10 Days
|
||||
message_ttl: 864000000
|
||||
routing_keys:
|
||||
- "org.rockylinux.{{ rabbitmq_env }}.gitlab.#"
|
||||
# Testing only
|
||||
- "org.rockylinux.ci.#"
|
||||
tags:
|
||||
- ci
|
||||
|
||||
- name: OSCI
|
||||
run_once: true
|
||||
include_tasks: runners/mkqueue.yml
|
||||
vars:
|
||||
username: "osci-pipeline-{{ rabbitmq_env }}"
|
||||
queue_name: "{{ item }}-{{ rabbitmq_env }}"
|
||||
message_ttl: 432000000
|
||||
routing_keys:
|
||||
- "org.rockylinux.ci.#"
|
||||
loop:
|
||||
- osci-pipeline-queue-0
|
||||
- osci-pipeline-queue-1
|
||||
- osci-pipeline-queue-2
|
||||
- osci-pipeline-queue-3
|
||||
- osci-pipeline-queue-4
|
||||
- osci-pipeline-queue-5
|
||||
tags:
|
||||
- osci
|
||||
# End GitLab and CI
|
||||
|
||||
# Koji User
|
||||
- name: Rocky Koji User
|
||||
run_once: true
|
||||
include_tasks: runners/mkuser.yml
|
||||
vars:
|
||||
username: rockykoji
|
||||
# End Koji
|
||||
|
||||
# Potential ODCS
|
||||
- name: Create the rocky-odcs vhost
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_vhost:
|
||||
name: /rocky-odcs
|
||||
state: present
|
||||
tags:
|
||||
- odcs
|
||||
|
||||
- name: Configure the odcs HA Policy
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_policy:
|
||||
name: HA
|
||||
apply_to: queues
|
||||
pattern: ".*"
|
||||
tags:
|
||||
ha-mode: all
|
||||
ha-sync-mode: automatic
|
||||
ha-sync-batch-size: 10000
|
||||
vhost: /rocky-odcs
|
||||
tags:
|
||||
- odcs
|
||||
|
||||
- name: Add a policy to keep the odcs vhost swept
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_policy:
|
||||
name: pubsub_sweeper
|
||||
apply_to: queues
|
||||
state: present
|
||||
pattern: ".*"
|
||||
tags:
|
||||
expires: 111600000
|
||||
max-length-bytes: 1073741824
|
||||
vhost: /rocky-odcs
|
||||
tags:
|
||||
- odcs
|
||||
|
||||
# To consider: Separate ODCS Admin Account?
|
||||
- name: Grant the rockyadmin user access to the rocky-odcs vhost
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: rockyadmin
|
||||
vhost: /rocky-odcs
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
tags: administrator
|
||||
tags:
|
||||
- odcs
|
||||
# ODCS End
|
@ -1,5 +1,13 @@
|
||||
---
|
||||
# Create necessary federation pieces
|
||||
|
||||
# You will need to address the certificates yourself. Right now we are trying
|
||||
# to figure out how to deal with SNI using FreeIPA. So instead we're using a
|
||||
# service account in IPA instead using a password. This isn't ideal and we're
|
||||
# looking into finding a way to address this in an easier manner.
|
||||
# /etc/rabbitmq/pubsub_federation.pem
|
||||
# /etc/rabbitmq/pubsub_federation.key
|
||||
|
||||
# This public user can write UUID objects and read anything else
|
||||
- name: Create a public access user
|
||||
run_once: true
|
||||
@ -7,7 +15,7 @@
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: rockypubsub
|
||||
permissions:
|
||||
- vhost:
|
||||
- vhost: /public_pubsub
|
||||
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
||||
write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
||||
read_priv: ".*"
|
||||
@ -15,11 +23,6 @@
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
||||
# You will need to address the certificates yourself. Right now we are trying
|
||||
# to figure out how to deal with SNI using FreeIPA.
|
||||
# /etc/rabbitmq/pubsub_federation.pem
|
||||
# /etc/rabbitmq/pubsub_federation.key
|
||||
|
||||
- name: Create a federation user
|
||||
run_once: true
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
|
@ -79,3 +79,6 @@
|
||||
|
||||
- name: Federation Tasks
|
||||
include_tasks: federation.yml
|
||||
|
||||
- name: Common Apps
|
||||
include_tasks: commonapps.yml
|
||||
|
41
tasks/runners/mkqueue.yml
Normal file
41
tasks/runners/mkqueue.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# Creates a user account and queue in RabbitMQ
|
||||
# This is used as a template for repeated tasks in the role
|
||||
- name: "Creating User Account"
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: "{{ username }}"
|
||||
vhost: "{{ vhost|default('/pubsub') }}"
|
||||
read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$"
|
||||
write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$"
|
||||
configure_priv: "^$"
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq
|
||||
|
||||
- name: "Create {{ queue_name }}"
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_queue:
|
||||
name: "{{ queue_name }}"
|
||||
vhost: "{{ vhost|default('/pubsub') }}"
|
||||
auto_delete: false
|
||||
durable: true
|
||||
message_ttl: "{{ message_ttl|default('null') }}"
|
||||
state: present
|
||||
login_user: rockyadmin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq
|
||||
|
||||
- name: "Bind {{ queue_name }} to amq.topic exchange"
|
||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||
community.rabbitmq.rabbitmq_binding:
|
||||
name: "amq.topic"
|
||||
destination: "{{ queue_name }}"
|
||||
destination_type: queue
|
||||
routing_key: "{{ item }}"
|
||||
vhost: "{{ vhost|default('/pubsub') }}"
|
||||
state: present
|
||||
login_user: rockyadmin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq
|
13
tasks/runners/mkuser.yml
Normal file
13
tasks/runners/mkuser.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
# Creates a user account in RabbitMQ
|
||||
# This is used as a template for repeated tasks in the role
|
||||
- name: "Creating User Account {{ username }}"
|
||||
community.rabbitmq.rabbitmq_user:
|
||||
user: "{{ username }}"
|
||||
vhost: "{{ vhost|default('/pubsub') }}"
|
||||
read_priv: "^$"
|
||||
write_priv: "amq\\.topic"
|
||||
configure_priv: "^$"
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq
|
@ -7,7 +7,7 @@
|
||||
name: "zmq.topic"
|
||||
exchange_type: "topic"
|
||||
vhost: "/pubsub"
|
||||
login_user: admin
|
||||
login_user: rockyadmin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
@ -19,7 +19,7 @@
|
||||
name: "zmq.topic"
|
||||
exchange_type: "topic"
|
||||
vhost: "/public_pubsub"
|
||||
login_user: admin
|
||||
login_user: rockyadmin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
@ -33,7 +33,7 @@
|
||||
dest: amq.topic
|
||||
routing_key: "#"
|
||||
vhost: "/public_pubsub"
|
||||
login_user: admin
|
||||
login_user: rockyadmin
|
||||
login_password: "{{ rabbitmq_admin_password }}"
|
||||
tags:
|
||||
- rabbitmq_cluster
|
||||
|
Loading…
Reference in New Issue
Block a user