Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

RabbitMQ: Don't create the nagios user before the vhost is setup

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-02-14 10:37:44 +01:00 committed by Pierre-Yves Chibon
parent 83b5e3ac4f
commit 704835c2bb
1 changed files with 66 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

132
roles/rabbitmq_cluster/tasks/main.yml
View file

@ -124,72 +124,6 @@
- rabbitmq_cluster - rabbitmq_cluster
- config - config
# Users with the "monitoring" tag have read-only access vhosts, connections,
# channels, node-level resource usage, and cluster stats.
- name: Create the Nagios monitoring user in staging
rabbitmq_user:
user: nagios-monitoring
password: "{{ rabbitmq_monitoring_password_staging }}"
update_password: always
permissions:
- vhost: /
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /public_pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /bodhi
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /odcs
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
tags: monitoring
when: env == "staging" and inventory_hostname.startswith('rabbitmq01')
tags:
- rabbitmq_cluster
- config
- name: Create the Nagios monitoring user in production
rabbitmq_user:
user: nagios-monitoring
password: "{{ rabbitmq_monitoring_password_production }}"
update_password: always
permissions:
- vhost: /
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /public_pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /bodhi
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /odcs
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
tags: monitoring
when: env == "production" and inventory_hostname.startswith('rabbitmq01')
tags:
- rabbitmq_cluster
- config
- name: Configure the pubsub virtual host - name: Configure the pubsub virtual host
rabbitmq_vhost: rabbitmq_vhost:
@ -271,6 +205,72 @@
- rabbitmq_cluster - rabbitmq_cluster
- config - config
# Users with the "monitoring" tag have read-only access vhosts, connections,
# channels, node-level resource usage, and cluster stats.
- name: Create the Nagios monitoring user in staging
rabbitmq_user:
user: nagios-monitoring
password: "{{ rabbitmq_monitoring_password_staging }}"
update_password: always
permissions:
- vhost: /
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /public_pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /bodhi
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /odcs
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
tags: monitoring
when: env == "staging" and inventory_hostname.startswith('rabbitmq01')
tags:
- rabbitmq_cluster
- config
- name: Create the Nagios monitoring user in production
rabbitmq_user:
user: nagios-monitoring
password: "{{ rabbitmq_monitoring_password_production }}"
update_password: always
permissions:
- vhost: /
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /public_pubsub
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /bodhi
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
- vhost: /odcs
configure_priv: "^$"
read_priv: "^$"
write_priv: "^$"
tags: monitoring
when: env == "production" and inventory_hostname.startswith('rabbitmq01')
tags:
- rabbitmq_cluster
- config
- name: Create the zmq.topic exchange in /public_pubsub - name: Create the zmq.topic exchange in /public_pubsub
run_once: true run_once: true
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org" delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"