infrastructure
/
ansible-role-rabbitmq
mirror of https://github.com/rocky-linux/ansible-role-rabbitmq.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ansible-role-rabbitmq/tasks/federation.yml

67 lines
2.1 KiB
YAML
Raw Permalink Blame History

---
# Create necessary federation pieces
# You will need to address the certificates yourself. Right now we are trying
# to figure out how to deal with SNI using FreeIPA. So instead we're using a
# service account in IPA instead using a password. This isn't ideal and we're
# looking into finding a way to address this in an easier manner.
# /etc/rabbitmq/pubsub_federation.pem
# /etc/rabbitmq/pubsub_federation.key
# This public user can write UUID objects and read anything else
- name: Create a public access user
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_user:
user: rockypubsub
permissions:
- vhost: public_pubsub
configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
read_priv: ".*"
state: present
tags:
- rabbitmq_cluster
- name: Create a federation user
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_user:
user: pubsub_federation
permissions:
- vhost: pubsub
configure_priv: "^federation.*"
write_priv: "^federation.*"
read_priv: ".*"
state: present
tags:
- rabbitmq_cluster
- name: Configure Federation Upstream from pubsub to public
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_parameter:
component: "federation-upstream"
name: "pubsub-to-public_pubsub"
value: '{"uri": "amqps://pubsub_federation:{{ pubsub_federation_pass }}@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub", "ack-mode": "on-confirm"}'
state: present
vhost: public_pubsub
when:
- rabbitmq_enable_public
- pubsub_federation_pass is defined
- name: Configure a policy to federate the topic exchange to public
run_once: true
delegate_to: "{{ rabbitmq_cluster_list[0] }}"
community.rabbitmq.rabbitmq_policy:
apply_to: exchanges
name: pubsub-to-public_pubsub
state: present
pattern: "^(amq|zmq)\\.topic$"
tags:
federation-upstream: "pubsub-to-public_pubsub"
vhost: public_pubsub
when:
- rabbitmq_enable_public
- pubsub_federation_pass is defined
Reference in New Issue View Git Blame Copy Permalink