From 704835c2bb79e3ec99f042558c2e083fab7979a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Fri, 14 Feb 2020 10:37:44 +0100 Subject: [PATCH] RabbitMQ: Don't create the nagios user before the vhost is setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- roles/rabbitmq_cluster/tasks/main.yml | 132 +++++++++++++------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml index 7559c539f6..d30f9ddb69 100644 --- a/roles/rabbitmq_cluster/tasks/main.yml +++ b/roles/rabbitmq_cluster/tasks/main.yml @@ -124,72 +124,6 @@ - rabbitmq_cluster - config -# Users with the "monitoring" tag have read-only access vhosts, connections, -# channels, node-level resource usage, and cluster stats. -- name: Create the Nagios monitoring user in staging - rabbitmq_user: - user: nagios-monitoring - password: "{{ rabbitmq_monitoring_password_staging }}" - update_password: always - permissions: - - vhost: / - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /pubsub - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /public_pubsub - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /bodhi - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /odcs - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - tags: monitoring - when: env == "staging" and inventory_hostname.startswith('rabbitmq01') - tags: - - rabbitmq_cluster - - config - -- name: Create the Nagios monitoring user in production - rabbitmq_user: - user: nagios-monitoring - password: "{{ rabbitmq_monitoring_password_production }}" - update_password: always - permissions: - - vhost: / - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /pubsub - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /public_pubsub - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /bodhi - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - - vhost: /odcs - configure_priv: "^$" - read_priv: "^$" - write_priv: "^$" - tags: monitoring - when: env == "production" and inventory_hostname.startswith('rabbitmq01') - tags: - - rabbitmq_cluster - - config - - name: Configure the pubsub virtual host rabbitmq_vhost: @@ -271,6 +205,72 @@ - rabbitmq_cluster - config +# Users with the "monitoring" tag have read-only access vhosts, connections, +# channels, node-level resource usage, and cluster stats. +- name: Create the Nagios monitoring user in staging + rabbitmq_user: + user: nagios-monitoring + password: "{{ rabbitmq_monitoring_password_staging }}" + update_password: always + permissions: + - vhost: / + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /pubsub + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /public_pubsub + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /bodhi + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /odcs + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + tags: monitoring + when: env == "staging" and inventory_hostname.startswith('rabbitmq01') + tags: + - rabbitmq_cluster + - config + +- name: Create the Nagios monitoring user in production + rabbitmq_user: + user: nagios-monitoring + password: "{{ rabbitmq_monitoring_password_production }}" + update_password: always + permissions: + - vhost: / + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /pubsub + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /public_pubsub + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /bodhi + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + - vhost: /odcs + configure_priv: "^$" + read_priv: "^$" + write_priv: "^$" + tags: monitoring + when: env == "production" and inventory_hostname.startswith('rabbitmq01') + tags: + - rabbitmq_cluster + - config + - name: Create the zmq.topic exchange in /public_pubsub run_once: true delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"