mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-02-02 20:59:02 +08:00
93 lines
2.8 KiB
YAML
93 lines
2.8 KiB
YAML
- name: Configure the mbs-private-queue virtual host
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_vhost:
|
|
name: /mbs-private-queue
|
|
state: present
|
|
tags:
|
|
- mbs-private-queue
|
|
|
|
- name: Configure the HA policy for the mbs-private-queue queues
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_policy:
|
|
name: HA
|
|
apply_to: queues
|
|
pattern: .*
|
|
tags:
|
|
ha-mode: all
|
|
ha-sync-mode: automatic # Auto sync queues to new cluster members
|
|
ha-sync-batch-size: 10000 # Larger is faster, but must finish in 1 net_ticktime
|
|
vhost: /mbs-private-queue
|
|
tags:
|
|
- mbs-private-queue
|
|
|
|
- name: Add a policy to limit queues to 1GB and remove after a month of no use
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_policy:
|
|
apply_to: queues
|
|
name: pubsub_sweeper
|
|
state: present
|
|
pattern: ".*"
|
|
tags:
|
|
# Unused queues are killed after 1000 * 60 * 60 * 31 milliseconds (~a month)
|
|
expires: 111600000
|
|
# Queues can use at most 1GB of storage
|
|
max-length-bytes: 1073741824
|
|
vhost: /mbs-private-queue
|
|
tags:
|
|
- mbs-private-queue
|
|
|
|
- name: Create the mbs-private-queue user for the mbs-private-queue vhost (prod)
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_user:
|
|
user: mbs-private-queue
|
|
password: "{{ (env == 'production')|ternary(rabbitmq_mbs_private_queue_admin_password_production, rabbitmq_mbs_private_queue_admin_password_staging) }}"
|
|
vhost: /mbs-private-queue
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
tags:
|
|
- mbs-private-queue
|
|
|
|
- name: Dump the admin password in a file for administrative operations
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
copy:
|
|
dest: /root/.mbs-private-queue-rabbitmqpass
|
|
content: "{{ (env == 'production')|ternary(rabbitmq_mbs_private_queue_admin_password_production, rabbitmq_mbs_private_queue_admin_password_staging) }}"
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- mbs-private-queue
|
|
|
|
- name: Grant the admin user access to the mbs-private-queue vhost
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_user:
|
|
user: admin
|
|
vhost: /mbs-private-queue
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
tags: administrator
|
|
tags:
|
|
- mbs-private-queue
|
|
|
|
- name: Create a user for mbs-private-queue access
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_user:
|
|
user: "mbs-private-queue{{ env_suffix }}"
|
|
vhost: /mbs-private-queue
|
|
configure_priv: .*
|
|
write_priv: .*
|
|
read_priv: .*
|
|
state: present
|
|
tags:
|
|
- mbs-private-queue
|
|
|