diff --git a/ansible/inventories/production/group_vars/rabbitmq/main.yml b/ansible/inventories/production/group_vars/rabbitmq/main.yml new file mode 100644 index 0000000..15ef793 --- /dev/null +++ b/ansible/inventories/production/group_vars/rabbitmq/main.yml @@ -0,0 +1,5 @@ +--- +# RabbitMQ Staging Vars +rabbitmq_cluster_name: "rabbitprod" +rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" +rabbitmq_env: "production" diff --git a/ansible/inventories/staging/group_vars/rabbitmq/main.yml b/ansible/inventories/staging/group_vars/rabbitmq/main.yml new file mode 100644 index 0000000..035c0fa --- /dev/null +++ b/ansible/inventories/staging/group_vars/rabbitmq/main.yml @@ -0,0 +1,5 @@ +--- +# RabbitMQ Staging Vars +rabbitmq_cluster_name: "rabbitstage" +rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" +rabbitmq_env: "staging" diff --git a/ansible/playbooks/role-rocky-rabbitmq.yml b/ansible/playbooks/role-rocky-rabbitmq.yml new file mode 100644 index 0000000..3458c49 --- /dev/null +++ b/ansible/playbooks/role-rocky-rabbitmq.yml @@ -0,0 +1,74 @@ +--- +# Stands up a RabbitMQ Cluster +- name: Configure RabbitMQ + hosts: rabbitmq + become: true + vars_files: + - vars/encpass.yml + - vars/rabbitmq.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + msg: "/etc/no-ansible exists - skipping run on this node" + + # We have separate passwords per rabbitmq env + - name: Import rabbitmq passwords + include_vars: + file: "vars/rabbitmq_{{ rabbitmq_env }}.yml" + + # EPEL and PowerTools are required for ipsilon to function + # I also couldn't find an ansible built-in to do this + - name: Enable the PowerTools repository + ini_file: + dest: /etc/yum.repos.d/CentOS-Linux-PowerTools.repo + section: powertools + option: enabled + value: 1 + owner: root + group: root + mode: '0644' + + # The CentOS extras repos has epel-release provided + - name: Enable the EPEL repository + yum: + name: epel-release + state: present + tags: + - packages + + # This will change eventually to a rocky-release-messaging repo or to a + # rocky-release-rabbitmq repo + - name: Install centos rabbitmq + yum: + name: centos-release-rabbitmq + state: present + tags: + - packages + + roles: + - role: rockylinux.ipagetcert + state: present + + - role: rockylinux.rabbitmq + state: present + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root diff --git a/ansible/playbooks/tasks/rabbitmq-reconfigure.yml b/ansible/playbooks/tasks/rabbitmq-reconfigure.yml new file mode 100644 index 0000000..d8480c8 --- /dev/null +++ b/ansible/playbooks/tasks/rabbitmq-reconfigure.yml @@ -0,0 +1,2 @@ +--- +# RabbitMQ Additional Changes diff --git a/ansible/playbooks/vars/rabbitmq.yml b/ansible/playbooks/vars/rabbitmq.yml new file mode 100644 index 0000000..2522f0b --- /dev/null +++ b/ansible/playbooks/vars/rabbitmq.yml @@ -0,0 +1,17 @@ +--- +# rabbitmq settings +rabbitmq_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt" +rabbitmq_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt" +rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" + +# These should be in a vault, with a different value. Generated by: +# dd if=/dev/urandom bs=30 count=1 | base64 +#rabbitmq_cookie: ... + +# Admin passwords - these should be in a vault +#rabbitmq_admin_password: ... + +# rabbitmq cluster list and information should be defined in hostvars to ensure +# that the configuration is idempotent. +#rabbitmq_cluster_staging_list: +#rabbitmq_cluster_staging_name: diff --git a/ansible/playbooks/vars/rabbitmq_production.yml b/ansible/playbooks/vars/rabbitmq_production.yml new file mode 100644 index 0000000..f59fec4 --- /dev/null +++ b/ansible/playbooks/vars/rabbitmq_production.yml @@ -0,0 +1,4 @@ +--- +# This will need to be vaulted +rabbitmq_admin_password: ThisIsNotThePassword! +rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+" diff --git a/ansible/playbooks/vars/rabbitmq_staging.yml b/ansible/playbooks/vars/rabbitmq_staging.yml new file mode 100644 index 0000000..f59fec4 --- /dev/null +++ b/ansible/playbooks/vars/rabbitmq_staging.yml @@ -0,0 +1,4 @@ +--- +# This will need to be vaulted +rabbitmq_admin_password: ThisIsNotThePassword! +rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+"