mirror of
https://github.com/rocky-linux/ansible-role-rabbitmq.git
synced 2024-12-04 18:36:26 +00:00
RabbitMQ near completion
This commit is contained in:
nazunalika
parent
596a19aca9
commit
f1052e2e03
@ -17,6 +17,9 @@ rabbitmq_cluster_list:
|
|||||||
- rabbitmq02.rockylinux.org
|
- rabbitmq02.rockylinux.org
|
||||||
- rabbitmq03.rockylinux.org
|
- rabbitmq03.rockylinux.org
|
||||||
rabbitmq_env: "default"
|
rabbitmq_env: "default"
|
||||||
|
rabbitmq_ldap_servers:
|
||||||
|
- ipa001.rockylinux.org
|
||||||
|
- ipa002.rockylinux.org
|
||||||
|
|
||||||
# You can override this in your playbooks as well
|
# You can override this in your playbooks as well
|
||||||
rabbitmq_plugins:
|
rabbitmq_plugins:
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
run_once: true
|
run_once: true
|
||||||
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
|
||||||
community.rabbitmq.rabbitmq_user:
|
community.rabbitmq.rabbitmq_user:
|
||||||
user: "rockypublic"
|
user: rockypubsub
|
||||||
permissions:
|
permissions:
|
||||||
- vhost:
|
- vhost:
|
||||||
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
|
||||||
@ -40,7 +40,7 @@
|
|||||||
community.rabbitmq.rabbitmq_parameter:
|
community.rabbitmq.rabbitmq_parameter:
|
||||||
component: "federation-upstream"
|
component: "federation-upstream"
|
||||||
name: "pubsub-to-public_pubsub"
|
name: "pubsub-to-public_pubsub"
|
||||||
value: '{"uri": "amqps://pubsub_federation:@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub?cacertfile=%2Fetc%2Fipa%2Fca.crt&certfile=%2Fetc%2Frabbitmq%2Fpubsub_federation.pem&keyfile=%2Fetc%2Frabbitmq%2Fpubsub_federation.key&verify=verify_peer&fail_if_no_peer_cert=true&server_name_indication=disabled&auth_mechanism=external", "ack-mode": "on-confirm"}'
|
value: 'novalue'
|
||||||
state: present
|
state: present
|
||||||
vhost: /public_pubsub
|
vhost: /public_pubsub
|
||||||
when: rabbitmq_enable_public
|
when: rabbitmq_enable_public
|
||||||
|
|||||||
@ -8,6 +8,10 @@
|
|||||||
- name: Deploy RabbitMQ configuration
|
- name: Deploy RabbitMQ configuration
|
||||||
template:
|
template:
|
||||||
src: "etc/rabbitmq/{{ item }}.j2"
|
src: "etc/rabbitmq/{{ item }}.j2"
|
||||||
|
dest: "etc/rabbitmq/{{ item }}"
|
||||||
|
owner: rabbitmq
|
||||||
|
group: rabbitmq
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Deploy erlang cookie
|
- name: Deploy erlang cookie
|
||||||
copy:
|
copy:
|
||||||
@ -23,10 +27,16 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/systemd/system/rabbitmq-server.service.d
|
path: /etc/systemd/system/rabbitmq-server.service.d
|
||||||
state: directory
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
- name: Override nofile limit for RabbitMQ
|
- name: Override nofile limit for RabbitMQ
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/systemd/system/rabbitmq-server.service.d/99-override.conf
|
dest: /etc/systemd/system/rabbitmq-server.service.d/99-override.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
content: |
|
content: |
|
||||||
[Service]
|
[Service]
|
||||||
LimitNOFILE={{ rabbitmq_cluster_file_limit }}
|
LimitNOFILE={{ rabbitmq_cluster_file_limit }}
|
||||||
@ -36,6 +46,22 @@
|
|||||||
names: "{{ rabbitmq_plugins | join(',') }}"
|
names: "{{ rabbitmq_plugins | join(',') }}"
|
||||||
state: enabled
|
state: enabled
|
||||||
|
|
||||||
|
- name: Open applicable firewall rules
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: "{{ item }}"
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
immediate: true
|
||||||
|
loop:
|
||||||
|
- 1883/tcp
|
||||||
|
- 4369/tcp
|
||||||
|
- 5671/tcp
|
||||||
|
- 5672/tcp
|
||||||
|
- 8883/tcp
|
||||||
|
- 15672/tcp
|
||||||
|
- 25672/tcp
|
||||||
|
- 35672-35682/tcp
|
||||||
|
|
||||||
- name: Ensure RabbitMQ is running
|
- name: Ensure RabbitMQ is running
|
||||||
service:
|
service:
|
||||||
name: rabbitmq-server
|
name: rabbitmq-server
|
||||||
|
|||||||
@ -13,9 +13,9 @@
|
|||||||
user: rockyadmin
|
user: rockyadmin
|
||||||
password: "{{ rabbitmq_admin_password }}"
|
password: "{{ rabbitmq_admin_password }}"
|
||||||
vhost: "{{ item }}"
|
vhost: "{{ item }}"
|
||||||
configure_priv: .*
|
configure_priv: ".*"
|
||||||
read_priv: .*
|
read_priv: ".*"
|
||||||
write_priv: .*
|
write_priv: ".*"
|
||||||
tags: administrator
|
tags: administrator
|
||||||
when: inventory_hostname.startswith('rabbitmq01')
|
when: inventory_hostname.startswith('rabbitmq01')
|
||||||
with_items:
|
with_items:
|
||||||
|
|||||||
46
templates/etc/rabbitmq/rabbitmq.conf.j2
Normal file
46
templates/etc/rabbitmq/rabbitmq.conf.j2
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
listeners.ssl.default = 5671
|
||||||
|
listeners.tcp.default = 5672
|
||||||
|
|
||||||
|
num_acceptors.tcp = 10
|
||||||
|
num_acceptors.ssl = 10
|
||||||
|
|
||||||
|
reverse_dns_lookups = true
|
||||||
|
|
||||||
|
rabbitmq_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt"
|
||||||
|
rabbitmq_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
|
||||||
|
rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
|
||||||
|
|
||||||
|
ssl_options.verify = verify_peer
|
||||||
|
ssl_options.fail_if_no_peer_cert = false
|
||||||
|
ssl_options.cacertfile = {{ rabbitmq_tls_ca_cert }}
|
||||||
|
ssl_options.certfile = {{ rabbitmq_tls_cert }}
|
||||||
|
ssl_options.keyfile = {{ rabbitmq_tls_key }}
|
||||||
|
|
||||||
|
# Authentication Backends
|
||||||
|
auth_backends.1.authn = ldap
|
||||||
|
auth_backends.1.authz = internal
|
||||||
|
auth_backends.2 = internal
|
||||||
|
auth_mechanisms.1 = PLAIN
|
||||||
|
auth_mechanisms.2 = EXTERNAL
|
||||||
|
auth_mechanisms.3 = AMQPLAIN
|
||||||
|
|
||||||
|
ssl_cert_login_from = common_name
|
||||||
|
auth_ldap.dn_lookup_bind.user_dn = {{ rocky_ldap_bind_dn }}
|
||||||
|
auth_ldap.dn_lookup_bind.password = {{ rocky_ldap_bind_pw }}
|
||||||
|
auth_ldap.dn_lookup_attribute = uid
|
||||||
|
auth_ldap.dn_lookup_base = {{ rocky_ldap_account_basedn }}
|
||||||
|
auth_ldap.port = 389
|
||||||
|
{% for ldapsrv in rabbitmq_ldap_servers %}
|
||||||
|
auth_ldap.servers.{{ loop.index }} = {{ ldapsrv }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
cluster_name = {{ rabbitmq_cluster_name }}
|
||||||
|
password_hashing_module = rabbit_password_hashing_sha256
|
||||||
|
|
||||||
|
uster_partition_handling = autoheal
|
||||||
|
cluster_formation.node_type = disc
|
||||||
|
|
||||||
|
product.name = RockyMQ!
|
||||||
|
product.version = 0.0.1
|
||||||
|
|
||||||
|
disk_free_limit.relative = 2.0
|
||||||
Loading…
Reference in New Issue
Block a user