greenwave: replace the rabbit/user role by explicit calls to rabbitmq_user

The rabbit/user role is intended setting up for simple, write-only users,
but in this case we need an user who can write and read (listen) to the
bus, so we're just calling rabbitmq_user directly.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

playbooks/openshift-apps/greenwave.yml

@@ -8,9 +8,21 @@
     - "/srv/private/ansible/vars.yml"
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
+  tasks:
+  - name: Create the user in RabbitMQ
+    delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
+    rabbitmq_user:
+      user: "greenwave{{ env_suffix }}"
+      vhost: "/pubsub"
+      read_priv: "amq\\.topic"  # Publish only, no reading
+      write_priv: "amq\\.topic"
+      configure_priv: "^$"  # No configuration permissions
+      state: present
+    tags:
+      - config
+      - fedora-messaging
+
   roles:
-  - role: rabbit/user
-    username: "greenwave{{ env_suffix }}"
   # The openshift/project role breaks if the project already exists:
   # https://pagure.io/fedora-infrastructure/issue/6404
   - role: openshift/project