WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
88cae583c67acdcfb48cc9890f81b231a9b888ce
fedora-infra_ansible/roles/rabbitmq_cluster/tasks/apps.yml
Kevin Fenzi 88cae583c6 rabbitmq / centos-odcs: specify correct vhost 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-01-07 15:56:22 -08:00

249 lines
6.0 KiB
YAML
Raw Blame History

#
# This playbook creates users and queues for specific applications
#
- name: CoreOS user
run_once: true
include_role:
name: rabbit/user
vars:
username: coreos{{ env_suffix }}
- name: CentOS CI
run_once: true
include_role:
name: rabbit/queue
vars:
username: centos-ci{{ env_suffix }}
queue_name: centos-ci{{ env_suffix }}
# TTL: 10 days (in miliseconds)
message_ttl: 864000000
routing_keys:
# This routing key is for testing purposes only
- "org.centos.ci.#"
- name: OSCI
run_once: true
include_role:
name: rabbit/queue
vars:
username: osci-pipelines{{ env_suffix }}
queue_name: "{{ osci_pipeline_queue }}{{ env_suffix }}"
# TTL: 5 days (in miliseconds)
message_ttl: 432000000
routing_keys:
# This routing key is for testing purposes only
- "org.centos.ci.#"
loop:
- osci-pipelines-queue-0
- osci-pipelines-queue-1
- osci-pipelines-queue-2
- osci-pipelines-queue-3
- osci-pipelines-queue-4
- osci-pipelines-queue-5
- osci-pipelines-queue-6
- osci-pipelines-queue-7
- osci-pipelines-queue-9
- osci-pipelines-queue-10
- osci-pipelines-queue-11
- osci-pipelines-queue-12
- osci-pipelines-queue-13
- osci-pipelines-queue-14
- osci-pipelines-queue-15
loop_control:
loop_var: osci_pipeline_queue
tags:
- osci-pipelines
- name: Fedora Build Checks
run_once: true
include_role:
name: rabbit/queue
vars:
username: fedora-build-checks{{ env_suffix }}
queue_name: fedora-build-checks{{ env_suffix }}
routing_keys:
- "org.centos.ci.#"
- name: copr
run_once: true
include_role:
name: rabbit/user
vars:
username: copr{{ env_suffix }}
- name: faf
run_once: true
include_role:
name: rabbit/user
vars:
username: faf{{ env_suffix }}
- name: CentOS Stream
run_once: true
include_role:
name: rabbit/queue
vars:
username: alt-src{{ env_suffix }}
queue_name: alt-src{{ env_suffix }}
# TTL: 10 days (in miliseconds)
message_ttl: 864000000
routing_keys:
# This routing key is for testing purposes only
- "org.centos.stream.#"
thresholds:
warning: 1000
critical: 10000
# CENTOS GITLAB BEGIN
- name: CentOS Gitlab User
run_once: true
include_role:
name: rabbit/user
vars:
username: gitlab-centos{{ env_suffix }}
- name: CentOS Gitlab Queue
run_once: true
include_role:
name: rabbit/queue
vars:
username: gitlab-centos{{ env_suffix }}
queue_name: gitlab-centos{{ env_suffix }}
# TTL: 10 days (in miliseconds)
message_ttl: 864000000
routing_keys:
- "org.centos.{{ env_short }}.gitlab.#"
# CENTOS GITLAB END
# CENTOS KOJI BEGIN
- name: CentOS Koji User
run_once: true
include_role:
name: rabbit/user
vars:
username: koji-centos{{ env_suffix }}
# CENTOS KOJI END
# CENTOS ODCS BEGIN
- name: Configure the centos-odcs virtual host
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_vhost:
name: /centos-odcs
state: present
tags:
- centos-odcs
- name: Configure the HA policy for the centos-odcs queues
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_policy:
name: HA
apply_to: queues
pattern: .*
tags:
ha-mode: all
ha-sync-mode: automatic # Auto sync queues to new cluster members
ha-sync-batch-size: 10000 # Larger is faster, but must finish in 1 net_ticktime
vhost: /centos-odcs
tags:
- centos-odcs
- name: Add a policy to limit queues to 1GB and remove after a month of no use
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_policy:
apply_to: queues
name: pubsub_sweeper
state: present
pattern: ".*"
tags:
# Unused queues are killed after 1000 * 60 * 60 * 31 milliseconds (~a month)
expires: 111600000
# Queues can use at most 1GB of storage
max-length-bytes: 1073741824
vhost: /centos-odcs
tags:
- centos-odcs
- name: Create the centos-odcs-admin user for the centos-odcs vhost (prod)
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_user:
user: centos-odcs-admin
password: "{{ (env == 'production')|ternary(rabbitmq_centos_odcs_admin_password_production, rabbitmq_centos_odcs_admin_password_staging) }}"
vhost: /centos-odcs
configure_priv: .*
read_priv: .*
write_priv: .*
tags:
- centos-odcs
- name: Dump the admin password in a file for administrative operations
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
copy:
dest: /root/.centos-odcs-rabbitmqpass
content: "{{ (env == 'production')|ternary(rabbitmq_centos_odcs_admin_password_production, rabbitmq_centos_odcs_admin_password_staging) }}"
mode: 0600
owner: root
group: root
tags:
- centos-odcs
- name: Grant the admin user access to the centos-odcs vhost
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_user:
user: admin
vhost: /centos-odcs
configure_priv: .*
read_priv: .*
write_priv: .*
tags: administrator
tags:
- centos-odcs
- name: Grant the nagios-monitoring user access to the centos-odcs vhost
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_user:
user: nagios-monitoring
vhost: /centos-odcs
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
tags: monitoring
tags:
- centos-odcs
- name: Create a user for centos-odcs access
run_once: true
delegate_to: "rabbitmq01.iad2.fedoraproject.org"
rabbitmq_user:
user: "centos-odcs-private-queue{{ env_suffix }}"
vhost: /centos-odcs
configure_priv: .*
write_priv: .*
read_priv: .*
state: present
tags:
- centos-odcs
- name: Create the user in RabbitMQ
delegate_to: "{{ rabbitmq_server }}"
rabbitmq_user:
user: centos-odcs
vhost: /centos-odcs
read_priv: "^$" # Publish only, no reading
write_priv: "amq\\.topic"
configure_priv: "^$" # No configuration permissions
state: present
tags:
- centos-odcs
# CENTOS ODCS END
Reference in New Issue View Git Blame Copy Permalink