Adding centos-odcs/centos-odcs-private-queue queue and user

Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2020-11-16 13:58:28 -05:00 · 2020-11-16 13:58:28 -05:00 · 11db5b4cfa
commit 11db5b4cfa
parent 1f39c7e9d0
1 changed files with 107 additions and 0 deletions
--- a/roles/rabbitmq_cluster/tasks/apps.yml
+++ b/roles/rabbitmq_cluster/tasks/apps.yml
@ -126,3 +126,110 @@
  vars:
     username: koji-centos{{ env_suffix }}
 # CENTOS KOJI END
+
+# CENTOS ODCS BEGIN
+- name: Configure the centos-odcs virtual host
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_vhost:
+    name: /centos-odcs
+    state: present
+  tags:
+  - centos-odcs
+
+- name: Configure the HA policy for the centos-odcs queues
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_policy:
+    name: HA
+    apply_to: queues
+    pattern: .*
+    tags:
+      ha-mode: all
+      ha-sync-mode: automatic  # Auto sync queues to new cluster members
+      ha-sync-batch-size: 10000  # Larger is faster, but must finish in 1 net_ticktime
+    vhost: /centos-odcs
+  tags:
+  - centos-odcs
+
+- name: Add a policy to limit queues to 1GB and remove after a month of no use
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_policy:
+    apply_to: queues
+    name: pubsub_sweeper
+    state: present
+    pattern: ".*"
+    tags:
+      # Unused queues are killed after 1000 * 60 * 60 * 31 milliseconds (~a month)
+      expires: 111600000
+      # Queues can use at most 1GB of storage
+      max-length-bytes: 1073741824
+    vhost: /centos-odcs
+  tags:
+  - centos-odcs
+
+- name: Create the centos-odcs-admin user for the centos-odcs vhost (prod)
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_user:
+    user: centos-odcs-admin
+    password: "{{ (env == 'production')|ternary(rabbitmq_centos-odcs_admin_password_production, rabbitmq_centos-odcs_admin_password_staging) }}"
+    vhost: /centos-odcs
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
+  tags:
+  - centos-odcs
+
+- name: Dump the admin password in a file for administrative operations
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  copy:
+    dest: /root/.centos-odcs-rabbitmqpass
+    content: "{{ (env == 'production')|ternary(rabbitmq_centos-odcs_admin_password_production, rabbitmq_centos-odcs_admin_password_staging) }}"
+    mode: 0600
+    owner: root
+    group: root
+  tags:
+  - centos-odcs
+
+- name: Grant the admin user access to the centos-odcs vhost
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_user:
+    user: admin
+    vhost: /centos-odcs
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
+    tags: administrator
+  tags:
+  - centos-odcs
+
+- name: Grant the nagios-monitoring user access to the centos-odcs vhost
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_user:
+    user: nagios-monitoring
+    vhost: /centos-odcs
+    configure_priv: "^$"
+    read_priv: "^$"
+    write_priv: "^$"
+    tags: monitoring
+  tags:
+  - centos-odcs
+
+- name: Create a user for centos-odcs access
+  run_once: true
+  delegate_to: "rabbitmq01.iad2.fedoraproject.org"
+  rabbitmq_user:
+    user: "centos-odcs-private-queue{{ env_suffix }}"
+    vhost: /centos-odcs
+    configure_priv: .*
+    write_priv: .*
+    read_priv: .*
+    state: present
+  tags:
+  - centos-odcs
+# CENTOS ODCS END