WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 11:36:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0f79ff17ec6eb537eb03ffd4123f2ea4effcfd07
fedora-infra_ansible/roles/rabbit/queue/tasks/main.yml
Kevin Fenzi d703de535a iad2-move: disable nagios handler for rabbitmq for now until we have a iad2 nagios 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2020-06-08 07:51:54 -07:00

134 lines
4.5 KiB
YAML
Raw Blame History

---
# Ensure a user, queue, and bindings for that queue exist in RabbitMQ.
# This is intended to be something most applications can use, but if you need
# more flexibility, just use the rabbitmq_* modules directly.
#
# Required parameters:
#
# - username (str): the username to create in RabbitMQ, which should match the
# CN of the certificate.
# - queue_name (str): The name of the queue to create. This must be prefixed
# with your username. For example, with a username of
# "bodhi", your queue could be named "bodhi_masher".
# - routing_keys (list): A list of strings to use as routing keys.
#
# Optional parameters:
#
# - write_queues (list): A list of queue name prefixes to which the user will
# be allowed to publish.
# - thresholds (dict): A dictionary with two keys: "warning" and "critical".
# The values are numbers. Generate an alert in Nagios if
# the number of messages go above these values.
- name: Validate parameters
assert:
that:
- "queue_name.startswith(username)"
fail_msg: "Your queue name must be prefixed with your username"
tags:
- fedora-messaging
- rabbitmq_cluster
- name: Validate the user parameter
assert:
that:
- username != "admin"
- username != "guest"
- username != "nagios-monitoring"
fail_msg: "This user name is reserved"
tags:
- fedora-messaging
- rabbitmq_cluster
# See https://www.rabbitmq.com/access-control.html#permissions for details on
# the RabbitMQ permissions configuration.
- name: Create the {{ username }} user in RabbitMQ
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_user:
user: "{{ username }}"
vhost: "{{ vhost }}"
# Read from queues prefixed with their name and bind to the topic exchange
read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$"
# Write to queues prefixed with their name and any prefixes in
# write_queues, and publish to the topic exchange
write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$"
configure_priv: "^$" # No configuration permissions
state: present
tags:
- fedora-messaging
- rabbitmq_cluster
- name: Create the {{ queue_name }} queue in RabbitMQ
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_queue:
name: "{{ queue_name }}"
vhost: "{{ vhost }}"
auto_delete: no
durable: yes
message_ttl: "{{ message_ttl }}"
state: present
login_user: admin
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
tags:
- fedora-messaging
- rabbitmq_cluster
- name: Bind the {{ queue_name }} queue to the amq.topic exchange
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_binding:
name: "amq.topic"
destination: "{{ queue_name }}"
destination_type: queue
routing_key: "{{ item }}"
vhost: "{{ vhost }}"
state: present
login_user: admin
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
loop: "{{ routing_keys }}"
tags:
- fedora-messaging
- rabbitmq_cluster
# This can be removed when we're done with fedmsg and the bridges are retired.
- name: Bind the {{ queue_name }} queue to the zmq.topic exchange
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_binding:
name: "zmq.topic"
destination: "{{ queue_name }}"
destination_type: queue
routing_key: "{{ item }}"
vhost: "{{ vhost }}"
state: present
login_user: admin
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
loop: "{{ routing_keys }}"
tags:
- fedora-messaging
- rabbitmq_cluster
- name: Monitor the {{ queue_name }} queue in Nagios (NRPE)
when: thresholds and env == "production"
delegate_to: "{{ rabbitmq_server }}"
template:
src: nrpe.cfg.j2
dest: /etc/nrpe.d/check_rabbitmq_queue_{{ queue_name }}.cfg
owner: root
group: root
mode: 0644
notify: restart nrpe on rabbitmq
tags:
- fedora-messaging
- rabbitmq_cluster
- name: Monitor the {{ queue_name }} queue in Nagios
when: thresholds and env == "production"
delegate_to: "{{ nagios_server }}"
template:
src: nagios.cfg.j2
dest: /etc/nagios/services/rabbitmq-queue-{{ queue_name }}.cfg
# notify: restart nagios on noc
tags:
- fedora-messaging
- rabbitmq_cluster
Reference in New Issue View Git Blame Copy Permalink