diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 87d2ee8e09..c82eda9b29 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -31,8 +31,8 @@ certname: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - role: rabbit/user - username: "batcave{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..* + user_username: "batcave{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..* - role: rabbit/queue username: "mirror_pagure_ansible{{ env_suffix }}" queue_name: "mirror_pagure_ansible{{ env_suffix }}" diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 6b2b3326c4..ea9813f397 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -120,8 +120,8 @@ - sudo - role: rabbit/user - username: "koji{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* + user_username: "koji{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* tasks: - import_tasks: "{{ tasks_path }}/motd.yml" diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 50be1b7bad..f7f0ddf306 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -34,8 +34,8 @@ when: env == "production" # Set up for fedora-messaging - role: rabbit/user - username: "logging{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..* + user_username: "logging{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..* - logging pre_tasks: diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 0a5ab11527..f1dc443784 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -98,8 +98,8 @@ - role: mailman3 # Set up for fedora-messaging - role: rabbit/user - username: "mailman{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mailman\..* + user_username: "mailman{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mailman\..* tasks: - name: install more needed packages diff --git a/playbooks/groups/openqa.yml b/playbooks/groups/openqa.yml index f399a16ecc..6d2884bab3 100644 --- a/playbooks/groups/openqa.yml +++ b/playbooks/groups/openqa.yml @@ -52,18 +52,18 @@ # user and impersonate prod openqa on the message bus, which is # not a huge deal. fixing it would be kinda tedious. - role: rabbit/user - username: "{{ openqa_amqp_prod_username }}" - publish_only: false - sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..* + user_username: "{{ openqa_amqp_prod_username }}" + user_publish_only: false + user_sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..* vars: env: "production" env_suffix: "" tags: ['rabbit'] - role: rabbit/user - username: "{{ openqa_amqp_stg_username }}" - publish_only: false - sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..* + user_username: "{{ openqa_amqp_stg_username }}" + user_publish_only: false + user_sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..* vars: env: "staging" env_suffix: ".stg" diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index c77fdcd04c..21cc16e6b5 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -93,8 +93,8 @@ - {role: hosts, when: env == "staging"} # Set up for fedora-messaging - role: rabbit/user - username: "pagure{{ env_suffix }}" - sent_topics: + user_username: "pagure{{ env_suffix }}" + user_sent_topics: ^(io\.pagure\.{{ env_short }}|org\.fedoraproject\.{{ env_short }}\.(pagure|git|logger))\..* handlers: diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 6ff57c3722..717e412e33 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -146,8 +146,8 @@ when: "'releng_compose' in group_names" - role: rabbit/user - username: "pungi{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..* + user_username: "pungi{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..* - { role: "push-container-registry", diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 61fb0778a6..e559231309 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -54,8 +54,8 @@ - role: fedoraloveskde/build when: master_sundries_node|bool - role: rabbit/user - username: "sundries{{ env_suffix }}" - sent_topics: ^$ + user_username: "sundries{{ env_suffix }}" + user_sent_topics: ^$ when: master_sundries_node|bool and deployment_type == "stg" - role: nfs/client mnt_dir: '/srv/docs' diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index 0a4e7425ff..f926dc0ab9 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -34,8 +34,8 @@ - apache # Set up for fedora-messaging - role: rabbit/user - username: "mediawiki{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..* + user_username: "mediawiki{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..* when: inventory_hostname.startswith('wiki01') - { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments', mount_stg: true } - { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' } diff --git a/playbooks/openshift-apps/badges.yml b/playbooks/openshift-apps/badges.yml index 9fa8a2c5e1..989abc381f 100644 --- a/playbooks/openshift-apps/badges.yml +++ b/playbooks/openshift-apps/badges.yml @@ -61,8 +61,8 @@ roles: - role: rabbit/user - username: "tahrir{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..* + user_username: "tahrir{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..* tags: - config - fedora-messaging diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml index d4c5caf7f2..44b9320e69 100644 --- a/playbooks/openshift-apps/bugzilla2fedmsg.yml +++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml @@ -12,8 +12,8 @@ roles: - role: rabbit/user - username: "bugzilla2fedmsg{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.bugzilla\..* + user_username: "bugzilla2fedmsg{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.bugzilla\..* - role: openshift/project project_app: bugzilla2fedmsg diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml index d3c377f806..4d1936e06f 100644 --- a/playbooks/openshift-apps/cloud-image-uploader.yml +++ b/playbooks/openshift-apps/cloud-image-uploader.yml @@ -11,8 +11,8 @@ roles: - role: rabbit/user - username: "cloud-image-uploader{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_image_uploader\..* + user_username: "cloud-image-uploader{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_image_uploader\..* - role: rabbit/queue username: "cloud-image-uploader{{ env_suffix }}" diff --git a/playbooks/openshift-apps/discourse2fedmsg.yml b/playbooks/openshift-apps/discourse2fedmsg.yml index 49b5940099..1968afddeb 100644 --- a/playbooks/openshift-apps/discourse2fedmsg.yml +++ b/playbooks/openshift-apps/discourse2fedmsg.yml @@ -11,8 +11,8 @@ roles: - role: rabbit/user - username: "discourse2fedmsg{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.discourse\..* + user_username: "discourse2fedmsg{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.discourse\..* - role: openshift/project project_app: discourse2fedmsg diff --git a/playbooks/openshift-apps/elections.yml b/playbooks/openshift-apps/elections.yml index 908d26bcc3..eb9d76d3a0 100644 --- a/playbooks/openshift-apps/elections.yml +++ b/playbooks/openshift-apps/elections.yml @@ -33,8 +33,8 @@ roles: - role: rabbit/user - username: "elections{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..* + user_username: "elections{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..* - role: openshift/project project_app: elections diff --git a/playbooks/openshift-apps/fedocal.yml b/playbooks/openshift-apps/fedocal.yml index 9b05fe204c..151f0d1d43 100644 --- a/playbooks/openshift-apps/fedocal.yml +++ b/playbooks/openshift-apps/fedocal.yml @@ -11,8 +11,8 @@ roles: - role: rabbit/user - username: "fedocal{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedocal\..* + user_username: "fedocal{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedocal\..* - role: openshift/project project_app: fedocal diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml index a846348a60..b51d3dddc6 100644 --- a/playbooks/openshift-apps/greenwave.yml +++ b/playbooks/openshift-apps/greenwave.yml @@ -29,9 +29,9 @@ - apply-appowners - role: rabbit/user - username: greenwave{{ env_suffix }} - queue_name: greenwave{{ env_suffix }} - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.greenwave\..* + user_username: greenwave{{ env_suffix }} + user_queue_name: greenwave{{ env_suffix }} + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.greenwave\..* - role: openshift/secret-file app: greenwave diff --git a/playbooks/openshift-apps/kerneltest.yml b/playbooks/openshift-apps/kerneltest.yml index 16e5506605..110ade1205 100644 --- a/playbooks/openshift-apps/kerneltest.yml +++ b/playbooks/openshift-apps/kerneltest.yml @@ -40,8 +40,8 @@ roles: - role: rabbit/user - username: "kerneltest{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.kerneltest\..* + user_username: "kerneltest{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.kerneltest\..* - role: openshift/project project_app: kerneltest diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml index b1bf9e67b3..d1d880c7c9 100644 --- a/playbooks/openshift-apps/maubot.yml +++ b/playbooks/openshift-apps/maubot.yml @@ -32,8 +32,8 @@ roles: - role: rabbit/user - username: "maubot{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(meetbot|maubot)\..* + user_username: "maubot{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(meetbot|maubot)\..* - role: openshift/project project_app: maubot diff --git a/playbooks/openshift-apps/mdapi.yml b/playbooks/openshift-apps/mdapi.yml index e937878269..10ac28872c 100644 --- a/playbooks/openshift-apps/mdapi.yml +++ b/playbooks/openshift-apps/mdapi.yml @@ -11,8 +11,8 @@ roles: - role: rabbit/user - username: "mdapi{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mdapi\..* + user_username: "mdapi{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mdapi\..* - role: openshift/project project_app: mdapi diff --git a/playbooks/openshift-apps/mirrormanager.yml b/playbooks/openshift-apps/mirrormanager.yml index def2ad495a..e3f27b86c6 100644 --- a/playbooks/openshift-apps/mirrormanager.yml +++ b/playbooks/openshift-apps/mirrormanager.yml @@ -38,8 +38,8 @@ roles: - role: rabbit/user - username: "mirrormanager{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..* + user_username: "mirrormanager{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..* tags: - config - fedora-messaging diff --git a/playbooks/openshift-apps/monitor_gating.yml b/playbooks/openshift-apps/monitor_gating.yml index 252f7c8065..a6389bcc72 100644 --- a/playbooks/openshift-apps/monitor_gating.yml +++ b/playbooks/openshift-apps/monitor_gating.yml @@ -21,8 +21,8 @@ - patrikp - role: rabbit/user - username: "monitor-gating{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..* + user_username: "monitor-gating{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..* - role: openshift/keytab app: monitor-gating diff --git a/playbooks/openshift-apps/noggin-centos.yml b/playbooks/openshift-apps/noggin-centos.yml index fce98744b0..1d663dfac0 100644 --- a/playbooks/openshift-apps/noggin-centos.yml +++ b/playbooks/openshift-apps/noggin-centos.yml @@ -13,8 +13,8 @@ roles: - role: rabbit/user - username: "noggin{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* + user_username: "noggin{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* - role: openshift/project project_app: noggin-centos diff --git a/playbooks/openshift-apps/noggin.yml b/playbooks/openshift-apps/noggin.yml index cadf325b36..f61aa251ae 100644 --- a/playbooks/openshift-apps/noggin.yml +++ b/playbooks/openshift-apps/noggin.yml @@ -13,8 +13,8 @@ roles: - role: rabbit/user - username: "noggin{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* + user_username: "noggin{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* - role: openshift/project project_app: noggin diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml index e598bc17b2..37d4d21e5e 100644 --- a/playbooks/openshift-apps/openscanhub.yml +++ b/playbooks/openshift-apps/openscanhub.yml @@ -135,8 +135,8 @@ # Configurations for Fedora messaging - role: rabbit/user - username: "openscanhub{{ env_suffix }}" - sent_topics: "{{ openscanhub_sent_topics }}" + user_username: "openscanhub{{ env_suffix }}" + user_sent_topics: "{{ openscanhub_sent_topics }}" - role: rabbit/queue username: "openscanhub{{ env_suffix }}" diff --git a/playbooks/openshift-apps/planet.yml b/playbooks/openshift-apps/planet.yml index 3786218268..758329e6d8 100644 --- a/playbooks/openshift-apps/planet.yml +++ b/playbooks/openshift-apps/planet.yml @@ -101,5 +101,5 @@ privatefile: "rabbitmq/{{env}}/pki/private/planet{{env_suffix}}.key" - role: rabbit/user - username: "planet{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.planet\..* + user_username: "planet{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.planet\..* diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml index 80ba7c3a54..ae3c6a5f73 100644 --- a/playbooks/openshift-apps/poddlers.yml +++ b/playbooks/openshift-apps/poddlers.yml @@ -16,8 +16,8 @@ ansible.builtin.include_role: name: rabbit/user vars: - username: toddlers{{ env_suffix }} - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..* + user_username: toddlers{{ env_suffix }} + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..* - name: Setup Rabbit Queue ansible.builtin.include_role: diff --git a/playbooks/openshift-apps/release-monitoring.yml b/playbooks/openshift-apps/release-monitoring.yml index 17297336cd..d38fc6a276 100644 --- a/playbooks/openshift-apps/release-monitoring.yml +++ b/playbooks/openshift-apps/release-monitoring.yml @@ -12,8 +12,8 @@ roles: - role: rabbit/user - username: "anitya{{ env_suffix }}" - sent_topics: ^org\.release-monitoring\.{{ env_short }}\.anitya\..* + user_username: "anitya{{ env_suffix }}" + user_sent_topics: ^org\.release-monitoring\.{{ env_short }}\.anitya\..* - role: openshift/project project_app: release-monitoring project_description: release-monitoring diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml index 9ef5be0ace..a073f126df 100644 --- a/playbooks/openshift-apps/resultsdb.yml +++ b/playbooks/openshift-apps/resultsdb.yml @@ -39,8 +39,8 @@ roles: - role: rabbit/user - username: "resultsdb{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..* + user_username: "resultsdb{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..* # The openshift/project role breaks if the project already exists: # https://pagure.io/fedora-infrastructure/issue/6404 diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml index 8094aa3519..ced11f4cc5 100644 --- a/playbooks/openshift-apps/waiverdb.yml +++ b/playbooks/openshift-apps/waiverdb.yml @@ -42,8 +42,8 @@ roles: - role: rabbit/user - username: "waiverdb{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..* + user_username: "waiverdb{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..* # The openshift/project role breaks if the project already exists: # https://pagure.io/fedora-infrastructure/issue/6404 diff --git a/playbooks/openshift-apps/webhook2fedmsg.yml b/playbooks/openshift-apps/webhook2fedmsg.yml index ca2082a3e1..8b4f0196b9 100644 --- a/playbooks/openshift-apps/webhook2fedmsg.yml +++ b/playbooks/openshift-apps/webhook2fedmsg.yml @@ -35,8 +35,8 @@ roles: - role: rabbit/user - username: "webhook2fedmsg{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|discourse)\..* + user_username: "webhook2fedmsg{{ env_suffix }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|discourse)\..* - role: openshift/project project_app: webhook2fedmsg diff --git a/roles/messaging/base/tasks/main.yml b/roles/messaging/base/tasks/main.yml index e3248e8527..f5b0cc267a 100644 --- a/roles/messaging/base/tasks/main.yml +++ b/roles/messaging/base/tasks/main.yml @@ -56,8 +56,8 @@ - name: "make sure the user exists on broker" include_role: name=rabbit/user vars: - - username: "{{ item.username }}{{ env_suffix }}" - sent_topics: "{{ item.sent_topics }}" + - user_username: "{{ item.username }}{{ env_suffix }}" + user_sent_topics: "{{ item.sent_topics }}" with_items: "{{ messaging.certificates }}" tags: - fedora-messaging diff --git a/roles/rabbit/user/defaults/main.yml b/roles/rabbit/user/defaults/main.yml index 2146f29ca7..879ad66478 100644 --- a/roles/rabbit/user/defaults/main.yml +++ b/roles/rabbit/user/defaults/main.yml @@ -1,23 +1,23 @@ --- -rabbitmq_server: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org" -vhost: /pubsub -publish_only: true +user_rabbitmq_server: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org" +user_vhost: /pubsub +user_publish_only: true # Read privileges: # If publish_only: no reading. Otherwise, read from queues prefixed # with their name and bind to the topic exchange -read_priv: "{{ publish_only|ternary('^$', '^(zmq\\.topic)|^(amq\\.topic)|(' + username + '.*)$') }}" +user_read_priv: "{{ user_publish_only|ternary('^$', '^(zmq\\.topic)|^(amq\\.topic)|(' + user_username + '.*)$') }}" # Write privileges: # If publish_only: only write to the exchange. Otherwise, write to # queues prefixed with their name and any prefixes in write_queues, # and publish to the topic exchange -write_priv: "^(amq\\.topic){% if not publish_only %}|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}{% endif %}$" +user_write_priv: "^(amq\\.topic){% if not user_publish_only %}|({{ username }}.*){% for queue in write_queues|default([]) %}|({{ queue }}.*){% endfor %}{% endif %}$" # Topic authorization: # Ref: https://www.rabbitmq.com/access-control.html#topic-authorisation -sent_topics: .* -topic_permissions: +user_sent_topics: .* +user_topic_permissions: - vhost: "{{ vhost }}" read_priv: .* write_priv: "{{ sent_topics }}" diff --git a/roles/rabbit/user/tasks/main.yml b/roles/rabbit/user/tasks/main.yml index 5965787a1e..a23eca17c7 100644 --- a/roles/rabbit/user/tasks/main.yml +++ b/roles/rabbit/user/tasks/main.yml @@ -17,13 +17,13 @@ # See https://www.rabbitmq.com/access-control.html#permissions for details on # the RabbitMQ permissions configuration. -- name: Validate username {{ username }} +- name: Validate username {{ user_username }} assert: that: - - username is defined - - username != "admin" - - username != "guest" - - username != "nagios-monitoring" + - user_username is defined + - user_username != "admin" + - user_username != "guest" + - user_username != "nagios-monitoring" fail_msg: "This user name is reserved" tags: - config @@ -31,7 +31,7 @@ - rabbitmq_cluster - debug: - msg: "Topic permissions: {{ topic_permissions }}" + msg: "Topic permissions: {{ user_topic_permissions }}" tags: - config - fedora-messaging @@ -39,15 +39,15 @@ # See https://www.rabbitmq.com/access-control.html#permissions for details on # the RabbitMQ permissions configuration. -- name: Create the {{ username }} user in RabbitMQ - delegate_to: "{{ rabbitmq_server }}" +- name: Create the {{ user_username }} user in RabbitMQ + delegate_to: "{{ user_rabbitmq_server }}" community.rabbitmq.rabbitmq_user: - user: "{{ username }}" - vhost: "{{ vhost }}" - read_priv: "{{ read_priv }}" - write_priv: "{{ write_priv }}" + user: "{{ user_username }}" + vhost: "{{ user_vhost }}" + read_priv: "{{ user_read_priv }}" + write_priv: "{{ user_write_priv }}" configure_priv: "^$" # No configuration permissions - topic_permissions: "{{ topic_permissions }}" + topic_permissions: "{{ user_topic_permissions }}" state: present tags: - config diff --git a/roles/supybot/tasks/main.yml b/roles/supybot/tasks/main.yml index 26091cc1d0..48da000cf2 100644 --- a/roles/supybot/tasks/main.yml +++ b/roles/supybot/tasks/main.yml @@ -99,8 +99,8 @@ import_role: name: rabbit/user vars: - username: "{{ botnames[env] }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.meetbot\..* + user_username: "{{ botnames[env] }}" + user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.meetbot\..* when: - inventory_hostname.startswith('value02')