FMN: setup the fmn vhost in rabbitmq
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
parent
ac0f56446d
commit
c8c4dfe72c
3 changed files with 148 additions and 9 deletions
|
|
@ -19,6 +19,76 @@
|
||||||
owner: fmn
|
owner: fmn
|
||||||
encoding: UTF-8
|
encoding: UTF-8
|
||||||
|
|
||||||
|
- name: setup RabbitMQ
|
||||||
|
hosts: rabbitmq[0]:rabbitmq_stg[0]
|
||||||
|
user: root
|
||||||
|
gather_facts: False
|
||||||
|
|
||||||
|
vars_files:
|
||||||
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
|
- /srv/private/ansible/vars.yml
|
||||||
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: rabbit/queue
|
||||||
|
username: "fmn{{ env_suffix }}"
|
||||||
|
queue_name: "fmn{{ env_suffix }}"
|
||||||
|
routing_keys:
|
||||||
|
- "#"
|
||||||
|
thresholds:
|
||||||
|
warning: 50
|
||||||
|
critical: 500
|
||||||
|
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fmn\..*
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- role: rabbit/vhost
|
||||||
|
vhost: /fmn
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- role: rabbit/queue
|
||||||
|
username: fmn
|
||||||
|
vhost: /fmn
|
||||||
|
queue_name: email
|
||||||
|
thresholds:
|
||||||
|
warning: 10
|
||||||
|
critical: 100
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- role: rabbit/queue
|
||||||
|
username: fmn
|
||||||
|
vhost: /fmn
|
||||||
|
queue_name: irc
|
||||||
|
# message_ttl: 300000
|
||||||
|
thresholds:
|
||||||
|
warning: 10
|
||||||
|
critical: 100
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Grant the fmn user access to the fmn vhost
|
||||||
|
rabbitmq_user:
|
||||||
|
user: "fmn{{ env_suffix }}"
|
||||||
|
vhost: /fmn
|
||||||
|
configure_priv: .*
|
||||||
|
read_priv: .*
|
||||||
|
write_priv: .*
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
- name: make the app be real
|
- name: make the app be real
|
||||||
# Only staging for now
|
# Only staging for now
|
||||||
# hosts: os_control_stg:os_control
|
# hosts: os_control_stg:os_control
|
||||||
|
|
@ -102,15 +172,6 @@
|
||||||
objectname: secret-webhook.yml
|
objectname: secret-webhook.yml
|
||||||
|
|
||||||
# Fedora Messaging
|
# Fedora Messaging
|
||||||
- role: rabbit/queue
|
|
||||||
username: "fmn{{ env_suffix }}"
|
|
||||||
queue_name: "fmn{{ env_suffix }}"
|
|
||||||
routing_keys:
|
|
||||||
- "#"
|
|
||||||
thresholds:
|
|
||||||
warning: 50
|
|
||||||
critical: 500
|
|
||||||
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fmn\..*
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: fmn
|
app: fmn
|
||||||
secret_name: fedora-messaging-ca
|
secret_name: fedora-messaging-ca
|
||||||
|
|
|
||||||
1
roles/rabbit/vhost/defaults/main.yml
Normal file
1
roles/rabbit/vhost/defaults/main.yml
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
rabbitmq_server: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||||
77
roles/rabbit/vhost/tasks/main.yml
Normal file
77
roles/rabbit/vhost/tasks/main.yml
Normal file
|
|
@ -0,0 +1,77 @@
|
||||||
|
---
|
||||||
|
# Ensure a virtual host exists in RabbitMQ with a cluster replication policy.
|
||||||
|
# This is intended to be something most applications can use, but if you need
|
||||||
|
# more flexibility, just use the rabbitmq_vhost module directly.
|
||||||
|
#
|
||||||
|
# Required parameters:
|
||||||
|
#
|
||||||
|
# - vhost (str): the virtual host to create in RabbitMQ.
|
||||||
|
|
||||||
|
- name: Validate parameters
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- vhost != "/pubsub"
|
||||||
|
- vhost != "/public_pubsub"
|
||||||
|
fail_msg: "This virtual host name is reserved"
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- name: Configure the virtual host
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ rabbitmq_server }}"
|
||||||
|
rabbitmq_vhost:
|
||||||
|
name: "{{ vhost }}"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- name: Configure the HA policy for the queues
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ rabbitmq_server }}"
|
||||||
|
rabbitmq_policy:
|
||||||
|
name: HA
|
||||||
|
apply_to: queues
|
||||||
|
pattern: .*
|
||||||
|
tags:
|
||||||
|
ha-mode: all
|
||||||
|
ha-sync-mode: automatic # Auto sync queues to new cluster members
|
||||||
|
ha-sync-batch-size: 10000 # Larger is faster, but must finish in 1 net_ticktime
|
||||||
|
vhost: "{{ vhost }}"
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- name: Grant the admin user access to the vhost
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ rabbitmq_server }}"
|
||||||
|
rabbitmq_user:
|
||||||
|
user: admin
|
||||||
|
vhost: "{{ vhost }}"
|
||||||
|
configure_priv: .*
|
||||||
|
read_priv: .*
|
||||||
|
write_priv: .*
|
||||||
|
tags: administrator
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
|
|
||||||
|
- name: Grant the nagios-monitoring user access to the vhost
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ rabbitmq_server }}"
|
||||||
|
rabbitmq_user:
|
||||||
|
user: nagios-monitoring
|
||||||
|
vhost: "{{ vhost }}"
|
||||||
|
configure_priv: "^$"
|
||||||
|
read_priv: "^$"
|
||||||
|
write_priv: "^$"
|
||||||
|
tags: monitoring
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- fedora-messaging
|
||||||
|
- rabbitmq_cluster
|
||||||
Loading…
Add table
Add a link
Reference in a new issue