- name: Configure the mbs-private-queue virtual host
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_vhost:
    name: /mbs-private-queue
    state: present
  tags:
  - mbs-private-queue

- name: Configure the HA policy for the mbs-private-queue queues
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    name: HA
    apply_to: queues
    pattern: .*
    tags:
      ha-mode: all
      ha-sync-mode: automatic  # Auto sync queues to new cluster members
      ha-sync-batch-size: 10000  # Larger is faster, but must finish in 1 net_ticktime
    vhost: /mbs-private-queue
  tags:
  - mbs-private-queue

- name: Add a policy to limit queues to 1GB and remove after a month of no use
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    apply_to: queues
    name: pubsub_sweeper
    state: present
    pattern: ".*"
    tags:
      # Unused queues are killed after 1000 * 60 * 60 * 31 milliseconds (~a month)
      expires: 111600000
      # Queues can use at most 1GB of storage
      max-length-bytes: 1073741824
    vhost: /mbs-private-queue
  tags:
  - mbs-private-queue

- name: Create the mbs-private-queue user for the mbs-private-queue vhost (prod)
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: mbs-private-queue
    password: "{{ (env == 'production')|ternary(rabbitmq_mbs_private_queue_admin_password_production, rabbitmq_mbs_private_queue_admin_password_staging) }}"
    vhost: /mbs-private-queue
    configure_priv: .*
    read_priv: .*
    write_priv: .*
  tags:
  - mbs-private-queue

- name: Dump the admin password in a file for administrative operations
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  copy:
    dest: /root/.mbs-private-queue-rabbitmqpass
    content: "{{ (env == 'production')|ternary(rabbitmq_mbs_private_queue_admin_password_production, rabbitmq_mbs_private_queue_admin_password_staging) }}"
    mode: 0600
    owner: root
    group: root
  tags:
  - mbs-private-queue

- name: Grant the admin user access to the mbs-private-queue vhost
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: admin
    vhost: /mbs-private-queue
    configure_priv: .*
    read_priv: .*
    write_priv: .*
    tags: administrator
  tags:
  - mbs-private-queue

- name: Create a user for mbs-private-queue access
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: "mbs-private-queue{{ env_suffix }}"
    vhost: /mbs-private-queue
    configure_priv: .*
    write_priv: .*
    read_priv: .*
    state: present
  tags:
  - mbs-private-queue