greenwave: replace the rabbit/user role by explicit calls to rabbitmq_user
The rabbit/user role is intended setting up for simple, write-only users, but in this case we need an user who can write and read (listen) to the bus, so we're just calling rabbitmq_user directly. Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon
parent
7459bed158
commit
944e410f02
1 changed files with 14 additions and 2 deletions
|
|
@ -8,9 +8,21 @@
|
||||||
- "/srv/private/ansible/vars.yml"
|
- "/srv/private/ansible/vars.yml"
|
||||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Create the user in RabbitMQ
|
||||||
|
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||||
|
rabbitmq_user:
|
||||||
|
user: "greenwave{{ env_suffix }}"
|
||||||
|
vhost: "/pubsub"
|
||||||
|
read_priv: "amq\\.topic" # Publish only, no reading
|
||||||
|
write_priv: "amq\\.topic"
|
||||||
|
configure_priv: "^$" # No configuration permissions
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- role: rabbit/user
|
|
||||||
username: "greenwave{{ env_suffix }}"
|
|
||||||
# The openshift/project role breaks if the project already exists:
|
# The openshift/project role breaks if the project already exists:
|
||||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||||
- role: openshift/project
|
- role: openshift/project
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue