infrastructure/ansible-role-rabbitmq
7
0
Fork 0
mirror of https://github.com/rocky-linux/ansible-role-rabbitmq.git synced 2024-12-04 18:36:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

RabbitMQ Ready for Testing

Browse Source
This commit is contained in:
nazunalika 2020-12-30 21:14:11 -07:00
parent e36dc3642f
commit d37d41ac18
6 changed files with 177 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
tasks/commonapps.yml Normal file
View File

@ -0,0 +1,108 @@
---
# Common App Queues
# GitLab + Others like CI
- name: Rocky Automation User
run_once: true
include_tasks: runners/mkuser.yml
vars:
username: rockyautomation
tags:
- ci
- name: Rocky Automation Queue
run_once: true
include_tasks: runners/mkqueue.yml
vars:
username: rockyautomation
queue_name: rockyautomation-ci
# 10 Days
message_ttl: 864000000
routing_keys:
- "org.rockylinux.{{ rabbitmq_env }}.gitlab.#"
# Testing only
- "org.rockylinux.ci.#"
tags:
- ci
- name: OSCI
run_once: true
include_tasks: runners/mkqueue.yml
vars:
username: "osci-pipeline-{{ rabbitmq_env }}"
queue_name: "{{ item }}-{{ rabbitmq_env }}"
message_ttl: 432000000
routing_keys:
- "org.rockylinux.ci.#"
loop:
- osci-pipeline-queue-0
- osci-pipeline-queue-1
- osci-pipeline-queue-2
- osci-pipeline-queue-3
- osci-pipeline-queue-4
- osci-pipeline-queue-5
tags:
- osci
# End GitLab and CI
# Koji User
- name: Rocky Koji User
run_once: true
include_tasks: runners/mkuser.yml
vars:
username: rockykoji
# End Koji
# Potential ODCS
- name: Create the rocky-odcs vhost
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_vhost:
name: /rocky-odcs
state: present
tags:
- odcs
- name: Configure the odcs HA Policy
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_policy:
name: HA
apply_to: queues
pattern: ".*"
tags:
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 10000
vhost: /rocky-odcs
tags:
- odcs
- name: Add a policy to keep the odcs vhost swept
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_policy:
name: pubsub_sweeper
apply_to: queues
state: present
pattern: ".*"
tags:
expires: 111600000
max-length-bytes: 1073741824
vhost: /rocky-odcs
tags:
- odcs
# To consider: Separate ODCS Admin Account?
- name: Grant the rockyadmin user access to the rocky-odcs vhost
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_user:
user: rockyadmin
vhost: /rocky-odcs
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
tags: administrator
tags:
- odcs
# ODCS End

15
tasks/federation.yml
View File

@ -1,5 +1,13 @@
--- ---
# Create necessary federation pieces # Create necessary federation pieces
# You will need to address the certificates yourself. Right now we are trying
# to figure out how to deal with SNI using FreeIPA. So instead we're using a
# service account in IPA instead using a password. This isn't ideal and we're
# looking into finding a way to address this in an easier manner.
# /etc/rabbitmq/pubsub_federation.pem
# /etc/rabbitmq/pubsub_federation.key
# This public user can write UUID objects and read anything else # This public user can write UUID objects and read anything else
- name: Create a public access user - name: Create a public access user
run_once: true run_once: true
@ -7,7 +15,7 @@
community.rabbitmq.rabbitmq_user: community.rabbitmq.rabbitmq_user:
user: rockypubsub user: rockypubsub
permissions: permissions:
- vhost: - vhost: /public_pubsub
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$" configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$" write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
read_priv: ".*" read_priv: ".*"
@ -15,11 +23,6 @@
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster
# You will need to address the certificates yourself. Right now we are trying
# to figure out how to deal with SNI using FreeIPA.
# /etc/rabbitmq/pubsub_federation.pem
# /etc/rabbitmq/pubsub_federation.key
- name: Create a federation user - name: Create a federation user
run_once: true run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}" delegate_to: "{{ rabbitmq_cluster_list[0] }}"

3
tasks/main.yml
View File

@ -79,3 +79,6 @@
- name: Federation Tasks - name: Federation Tasks
include_tasks: federation.yml include_tasks: federation.yml
- name: Common Apps
include_tasks: commonapps.yml

41
tasks/runners/mkqueue.yml Normal file
View File

@ -0,0 +1,41 @@
---
# Creates a user account and queue in RabbitMQ
# This is used as a template for repeated tasks in the role
- name: "Creating User Account"
community.rabbitmq.rabbitmq_user:
user: "{{ username }}"
vhost: "{{ vhost|default('/pubsub') }}"
read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$"
write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$"
configure_priv: "^$"
state: present
tags:
- rabbitmq
- name: "Create {{ queue_name }}"
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_queue:
name: "{{ queue_name }}"
vhost: "{{ vhost|default('/pubsub') }}"
auto_delete: false
durable: true
message_ttl: "{{ message_ttl|default('null') }}"
state: present
login_user: rockyadmin
login_password: "{{ rabbitmq_admin_password }}"
tags:
- rabbitmq
- name: "Bind {{ queue_name }} to amq.topic exchange"
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_binding:
name: "amq.topic"
destination: "{{ queue_name }}"
destination_type: queue
routing_key: "{{ item }}"
vhost: "{{ vhost|default('/pubsub') }}"
state: present
login_user: rockyadmin
login_password: "{{ rabbitmq_admin_password }}"
tags:
- rabbitmq

13
tasks/runners/mkuser.yml Normal file
View File

@ -0,0 +1,13 @@
---
# Creates a user account in RabbitMQ
# This is used as a template for repeated tasks in the role
- name: "Creating User Account {{ username }}"
community.rabbitmq.rabbitmq_user:
user: "{{ username }}"
vhost: "{{ vhost|default('/pubsub') }}"
read_priv: "^$"
write_priv: "amq\\.topic"
configure_priv: "^$"
state: present
tags:
- rabbitmq

6
tasks/topics.yml
View File

@ -7,7 +7,7 @@
name: "zmq.topic" name: "zmq.topic"
exchange_type: "topic" exchange_type: "topic"
vhost: "/pubsub" vhost: "/pubsub"
login_user: admin login_user: rockyadmin
login_password: "{{ rabbitmq_admin_password }}" login_password: "{{ rabbitmq_admin_password }}"
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster
@ -19,7 +19,7 @@
name: "zmq.topic" name: "zmq.topic"
exchange_type: "topic" exchange_type: "topic"
vhost: "/public_pubsub" vhost: "/public_pubsub"
login_user: admin login_user: rockyadmin
login_password: "{{ rabbitmq_admin_password }}" login_password: "{{ rabbitmq_admin_password }}"
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster
@ -33,7 +33,7 @@
dest: amq.topic dest: amq.topic
routing_key: "#" routing_key: "#"
vhost: "/public_pubsub" vhost: "/public_pubsub"
login_user: admin login_user: rockyadmin
login_password: "{{ rabbitmq_admin_password }}" login_password: "{{ rabbitmq_admin_password }}"
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster