ansible

Author	SHA1	Message	Date
Kevin Fenzi	b19bf634bc	rabbitmq / server: see if we can delgate correctly for iad2 vs phx2 this way Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2020-05-18 21:25:14 -07:00
Kevin Fenzi	cf517215a5	rhos13 repo: turns out we still use this for newer rabbitmq Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2020-05-13 16:10:05 -07:00
Aurélien Bompard	16ba6fdbff	RabbitMQ: add server_name_indication to the federation parameters The Federation plugin uses an AMQP client that verifies that the hostname it's connecting to is the right one. Our RabbitMQ server TLS certificates only have the "public" name as Subject Alternative Name and in that case apparently the client does not check the CN. Therefore this changeset sets the client parameter to expect the "public" name in the certificate. Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:22 +02:00
Aurélien Bompard	8f5de8c822	Also create zmq.topic in /pubsub Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:22 +02:00
Aurélien Bompard	48de31d042	RabbitMQ: leave it to apps to grant access to the nagios-monitoring user Because those vhosts may not be created yet when the main RabbitMQ playbook is run. Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:22 +02:00
Aurélien Bompard	704835c2bb	RabbitMQ: Don't create the nagios user before the vhost is setup Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:22 +02:00
Kevin Fenzi	135bc4418d	rabbitmq_cluster / staging: nagios-plugins-rabbitmq builds, but is not installable Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2020-04-24 21:34:22 +02:00
Aurélien Bompard	5cae294eaa	RabbitMQ: give the admin user admin privileges Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:21 +02:00
Aurélien Bompard	01da7c30b6	Restart rabbitmq when a config file changes Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:20 +02:00
Aurélien Bompard	b91e03d059	RabbitMQ: allow the nagios-monitoring user access to other vhosts Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:20 +02:00
Tim Flink	b03d81e48a	rabbitmq_cluster: adding rpminspect queue to match rpminspect keypair	2020-04-24 21:34:20 +02:00
Tim Flink	a962b3a2ec	rabbitmq: fixing syntax error I introduced	2020-04-24 21:34:19 +02:00
Tim Flink	3f15954566	rabbitmq: adding queue for fedora-build-checks	2020-04-24 21:34:19 +02:00
Aurélien Bompard	3dabb3a067	Remove useless comment Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:12 +02:00
Michal Konečný	fed409d8fc	rabbitmq_cluster: Change CentOS routing key to correct format Signed-off-by: Michal Konečný <mkonecny@redhat.com>	2020-04-24 21:34:12 +02:00
Michal Konečný	190a82ac07	rabbitmq_cluster: Add testing key for CentOS Signed-off-by: Michal Konečný <mkonecny@redhat.com>	2020-04-24 21:34:12 +02:00
Aurélien Bompard	f6a71cf48d	Set the RabbitMQ admin user permissions in a way that does not overwrite other vhosts Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:11 +02:00
Aurélien Bompard	7d472ed5c8	Create the RabbitMQ user for CentOS CI Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:11 +02:00
Kevin Fenzi	5f28f28e0f	Revert "rabbitmq_cluster: Switch how permissions are done and give admin all perms" This reverts commit a28ddcde1920160038684d0a7d18618920faa2a0.	2020-04-24 21:34:11 +02:00
Kevin Fenzi	a9c97618a1	rabbitmq_cluster: Switch how permissions are done and give admin all perms The way we were granting perms to admin was just on existing vhost/queues. Instead we should just give admin full privs to any queues/vhosts that might exist now or later. Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2020-04-24 21:34:11 +02:00
Jonathan Lebon	42335b7370	rabbitmq: add coreos queue This is needed for CoreOS-specific messages. See https://pagure.io/fedora-infrastructure/issue/8227. Reviewed-by: Aurelien Bompard <abompard@redhat.com>	2020-04-24 21:34:10 +02:00
Kevin Fenzi	f55344abe3	rabbitmq: admin should have all perms to / as well. Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2020-04-24 21:34:09 +02:00
Aurélien Bompard	8423703a36	Remove the testing-farm user/queue Requested on IRC by mvadkert Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:08 +02:00
Aurélien Bompard	2aaa80ab3e	Allow the RabbitMQ monitoring user to access the default vhost Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:08 +02:00
Aurélien Bompard	9d8188dbfa	Let the RabbitMQ nagios user access the default vhost Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:07 +02:00
Jeremy Cline	e7c6b1a156	rabbitmq: add coreos user Create the coreos{.stg} user. Signed-off-by: Jeremy Cline <jeremy@jcline.org>	2020-04-24 21:34:07 +02:00
Aurélien Bompard	c5b01f6d30	Give the monitoring user access to the vhosts we use Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:07 +02:00
Aurélien Bompard	4f47672637	Create, build and load a custom SELinux module for NRPE & RabbitMQ Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:07 +02:00
Aurélien Bompard	4f5de9eb37	Try to fix playbook failure Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:07 +02:00
Aurélien Bompard	ab31f6fcfe	Create RabbitMQ user and queue (#7965 ) Attempt to fix: https://pagure.io/fedora-infrastructure/issue/7965 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-04-24 21:34:07 +02:00
Jeremy Cline	78128ae0ff	rabbitmq_cluster: limit queue size to 1GB and remove stale queues When a user creates a queue and then never consumes from it (such at the current Greenwave queue) it grows and grows forever. This isn't a problem in the short term as messages are very small and 100K messages is in the range of 10MB (depending on the payload size, obviously), but eventually it will lead to trouble. This policy will delete any queue that has had no subscribers in 31 days, and as a safety measure also limits all queues to 1GB of storage, which is probably excessive. Signed-off-by: Jeremy Cline <jeremy@jcline.org>	2019-06-19 14:06:50 +00:00
Aurélien Bompard	6fd793feac	rabbitmq_cluster: update package command to not use items Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2019-06-11 17:56:22 +02:00
Jeremy Cline	81fb52008a	rabbitmq_cluster: create nagios-monitoring user	2019-04-23 20:43:42 +00:00
Jeremy Cline	eae92f73e9	rabbitmq_cluster: install nagios monitoring scripts This package is available in epel7-infra and is built from https://github.com/nagios-plugins-rabbitmq/nagios-plugins-rabbitmq.	2019-04-23 20:13:22 +00:00
Jeremy Cline	9e7074570c	rabbitmq_cluster: Create the public vhost before the admin user The admin user needs access to the public vhost, but it needs to exist first.	2019-04-04 23:04:55 +00:00
Jeremy Cline	5acf7832cd	Give the admin user admin access to /public_pubsub Signed-off-by: Jeremy Cline <jeremy@jcline.org>	2019-03-25 22:16:27 +00:00
Jeremy Cline	b7c688a2ad	rabbitmq_cluster: Make the zmq.topic exchange a topic exchange The default type is direct, but we want topic. Signed-off-by: Jeremy Cline <jeremy@jcline.org>	2019-03-25 22:06:06 +00:00
Jeremy Cline	73240bc64e	rabbitmq_cluster: Add the admin user to the public_pubsub vhost It needs permissions to manage that vhost Signed-off-by: Jeremy Cline <jeremy@jcline.org>	2019-03-22 20:48:30 +00:00
Jeremy Cline	36d43c5d55	rabbitmq_cluster: Create the zmq.topic and bind it to amq.topic This way amq.topic in the public vhost gets all messages. Signed-off-by: Jeremy Cline <jeremy@jcline.org>	2019-03-22 20:26:30 +00:00
Jeremy Cline	e5c5720d5b	rabbitmq_cluster: federate both amq.topic and zmq.topic Native AMQP clients publish to amq.topic, but the zmq-to-amqp bridge publishes to zmq.topic so we can keep track of who's publishing where.	2019-03-22 19:51:27 +00:00
Jeremy Cline	70ed6bb95c	rabbitmq_cluster: create public user fedora.stg in staging The cert for the user in staging is fedora.stg, so make the user in rabbitmq match.	2019-03-20 19:24:31 +00:00
Jeremy Cline	059f52d479	rabbitmq_cluster: Add client cert and key for federation	2019-03-20 17:54:14 +00:00
Jeremy Cline	a8c60a6d82	rabbitmq_cluster: work around ansible producing invalid json Using an ansible variable in the string causes it to produce a similar string, except it uses single quotes and that kills the json parser, too.	2019-03-20 16:55:11 +00:00
Jeremy Cline	e06b46df9f	rabbitmq_cluster: write the param value as a json string If a YAML dictionary is used, this gets turned into a string before being handed to the rabbitmq_parameter module. The problem is it uses single quotes instead of double quotes, so when the module attempts to JSON-deserialize it, it explodes.	2019-03-20 16:29:56 +00:00
Jeremy Cline	f1e1891027	on-confirm instead of confirm	2019-03-19 22:14:48 +00:00
Jeremy Cline	897cda60e0	Try writing json as a yaml dictionary to make rabbitmq module happy	2019-03-19 21:44:34 +00:00
Jeremy Cline	153716f9a1	I accidentally the whole url The arguments need to be url encoded (/ -> %2F), but the protocol scheme and first / shouldn't be.	2019-03-19 20:20:01 +00:00
Jeremy Cline	f2884d625a	Mark all vhost config tasks as run_once	2019-03-19 20:03:17 +00:00
Jeremy Cline	a83bcf38ac	Properly escape the backslashes in the rabbit permissions regex	2019-03-19 17:57:38 +00:00
Jeremy Cline	cbe981cc2e	Add a public vhost for the rabbitmq cluster This adds a new virtual host in RabbitMQ, /public_pubsub, intended to be used by consumers outside Fedora's infrastructure. The federation plugin is used to push any messages published to the /pubsub amq.topic exchange into the /public_pubsub amq.topic exchange. A user called "fedora" with the password of "fedora" is created in this virtual host with permissions to create UUIDish queues. A policy is applied to queues that deletes them after 7 days of not being used and sets a maximum size of 50MB to a queue to ensure abandoned queues don't get too big. Signed-off-by: Jeremy Cline <jcline@redhat.com>	2019-03-14 20:42:28 +00:00

1 2 3

119 commits