mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-31 01:11:36 +08:00
dbd763816b
The osci queue's have changed since this playbook last completed. The ttl changed and the routing keys have changed. The ansible rabbitmq module can't change these things on already created queues because the api doesn't allow it. This makes this playbook fail with: "RabbitMQ RESTAPI doesn't support attribute changes for existing queues" So, for now, set the ttl to what it already is, and don't change the routing keys at all. Hopefully this will get it to complete and osci can manage at least routing keys themseleves wherever they do that. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
136 lines
4.5 KiB
YAML
136 lines
4.5 KiB
YAML
---
|
|
|
|
# Ensure a user, queue, and bindings for that queue exist in RabbitMQ.
|
|
# This is intended to be something most applications can use, but if you need
|
|
# more flexibility, just use the rabbitmq_* modules directly.
|
|
#
|
|
# Required parameters:
|
|
#
|
|
# - username (str): the username to create in RabbitMQ, which should match the
|
|
# CN of the certificate.
|
|
# - queue_name (str): The name of the queue to create. This must be prefixed
|
|
# with your username. For example, with a username of
|
|
# "bodhi", your queue could be named "bodhi_masher".
|
|
# - routing_keys (list): A list of strings to use as routing keys.
|
|
#
|
|
# Optional parameters:
|
|
#
|
|
# - write_queues (list): A list of queue name prefixes to which the user will
|
|
# be allowed to publish.
|
|
# - thresholds (dict): A dictionary with two keys: "warning" and "critical".
|
|
# The values are numbers. Generate an alert in Nagios if
|
|
# the number of messages go above these values.
|
|
|
|
- name: Validate parameters
|
|
assert:
|
|
that:
|
|
- "queue_name.startswith(username)"
|
|
fail_msg: "Your queue name must be prefixed with your username"
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- name: Validate the user parameter
|
|
assert:
|
|
that:
|
|
- username != "admin"
|
|
- username != "guest"
|
|
- username != "nagios-monitoring"
|
|
fail_msg: "This user name is reserved"
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
# See https://www.rabbitmq.com/access-control.html#permissions for details on
|
|
# the RabbitMQ permissions configuration.
|
|
- name: Create the {{ username }} user in RabbitMQ
|
|
delegate_to: "{{ rabbitmq_server }}"
|
|
rabbitmq_user:
|
|
user: "{{ username }}"
|
|
vhost: "{{ vhost }}"
|
|
# Read from queues prefixed with their name and bind to the topic exchange
|
|
read_priv: "^(zmq\\.topic)|^(amq\\.topic)|({{ username }}.*)$"
|
|
# Write to queues prefixed with their name and any prefixes in
|
|
# write_queues, and publish to the topic exchange
|
|
write_priv: "^(amq\\.topic)|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}$"
|
|
configure_priv: "^$" # No configuration permissions
|
|
state: present
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- name: Create the {{ queue_name }} queue in RabbitMQ
|
|
delegate_to: "{{ rabbitmq_server }}"
|
|
rabbitmq_queue:
|
|
name: "{{ queue_name }}"
|
|
vhost: "{{ vhost }}"
|
|
auto_delete: no
|
|
durable: yes
|
|
message_ttl: "{{ message_ttl }}"
|
|
state: present
|
|
login_user: admin
|
|
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- name: Bind the {{ queue_name }} queue to the amq.topic exchange
|
|
delegate_to: "{{ rabbitmq_server }}"
|
|
rabbitmq_binding:
|
|
name: "amq.topic"
|
|
destination: "{{ queue_name }}"
|
|
destination_type: queue
|
|
routing_key: "{{ item }}"
|
|
vhost: "{{ vhost }}"
|
|
state: present
|
|
login_user: admin
|
|
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
|
|
loop: "{{ routing_keys }}"
|
|
when: routing_keys is defined
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
# This can be removed when we're done with fedmsg and the bridges are retired.
|
|
- name: Bind the {{ queue_name }} queue to the zmq.topic exchange
|
|
delegate_to: "{{ rabbitmq_server }}"
|
|
rabbitmq_binding:
|
|
name: "zmq.topic"
|
|
destination: "{{ queue_name }}"
|
|
destination_type: queue
|
|
routing_key: "{{ item }}"
|
|
vhost: "{{ vhost }}"
|
|
state: present
|
|
login_user: admin
|
|
login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
|
|
loop: "{{ routing_keys }}"
|
|
when: routing_keys is defined
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- name: Monitor the {{ queue_name }} queue in Nagios (NRPE)
|
|
when: thresholds and env == "production"
|
|
delegate_to: "{{ rabbitmq_server }}"
|
|
template:
|
|
src: nrpe.cfg.j2
|
|
dest: /etc/nrpe.d/check_rabbitmq_queue_{{ queue_name }}.cfg
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart nrpe on rabbitmq
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|
|
|
|
- name: Monitor the {{ queue_name }} queue in Nagios
|
|
when: thresholds and env == "production"
|
|
delegate_to: "{{ nagios_server }}"
|
|
template:
|
|
src: nagios.cfg.j2
|
|
dest: /etc/nagios/services/rabbitmq-queue-{{ queue_name }}.cfg
|
|
# notify: restart nagios on noc
|
|
tags:
|
|
- fedora-messaging
|
|
- rabbitmq_cluster
|