Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
26084 commits 9 branches 0 tags 111 MiB
Commit graph

42 commits

Author SHA1 Message Date
Jeremy Cline
73240bc64e rabbitmq_cluster: Add the admin user to the public_pubsub vhost 
It needs permissions to manage that vhost

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-03-22 20:48:30 +00:00
Jeremy Cline
36d43c5d55 rabbitmq_cluster: Create the zmq.topic and bind it to amq.topic 
This way amq.topic in the public vhost gets all messages.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-03-22 20:26:30 +00:00
Jeremy Cline
e5c5720d5b rabbitmq_cluster: federate both amq.topic and zmq.topic 
Native AMQP clients publish to amq.topic, but the zmq-to-amqp bridge
publishes to zmq.topic so we can keep track of who's publishing where.
 2019-03-22 19:51:27 +00:00
Jeremy Cline
70ed6bb95c rabbitmq_cluster: create public user fedora.stg in staging 
The cert for the user in staging is fedora.stg, so make the user in
rabbitmq match.
 2019-03-20 19:24:31 +00:00
Jeremy Cline
059f52d479 rabbitmq_cluster: Add client cert and key for federation 2019-03-20 17:54:14 +00:00
Jeremy Cline
a8c60a6d82 rabbitmq_cluster: work around ansible producing invalid json 
Using an ansible variable in the string causes it to produce a similar
string, except it uses single quotes and that kills the json parser,
too.
 2019-03-20 16:55:11 +00:00
Jeremy Cline
e06b46df9f rabbitmq_cluster: write the param value as a json string 
If a YAML dictionary is used, this gets turned into a string before
being handed to the rabbitmq_parameter module. The problem is it uses
single quotes instead of double quotes, so when the module attempts to
JSON-deserialize it, it explodes.
 2019-03-20 16:29:56 +00:00
Jeremy Cline
f1e1891027 *on-confirm* instead of confirm 2019-03-19 22:14:48 +00:00
Jeremy Cline
897cda60e0 Try writing json as a yaml dictionary to make rabbitmq module happy 2019-03-19 21:44:34 +00:00
Jeremy Cline
153716f9a1 I accidentally the whole url 
The arguments need to be url encoded (/ -> %2F), but the protocol scheme
and first / shouldn't be.
 2019-03-19 20:20:01 +00:00
Jeremy Cline
f2884d625a Mark all vhost config tasks as run_once 2019-03-19 20:03:17 +00:00
Jeremy Cline
a83bcf38ac Properly escape the backslashes in the rabbit permissions regex 2019-03-19 17:57:38 +00:00
Jeremy Cline
cbe981cc2e Add a public vhost for the rabbitmq cluster 
This adds a new virtual host in RabbitMQ, /public_pubsub, intended to be
used by consumers outside Fedora's infrastructure. The federation plugin
is used to push any messages published to the /pubsub amq.topic exchange
into the /public_pubsub amq.topic exchange.

A user called "fedora" with the password of "fedora" is created in this
virtual host with permissions to create UUIDish queues. A policy is
applied to queues that deletes them after 7 days of not being used and
sets a maximum size of 50MB to a queue to ensure abandoned queues don't
get too big.

Signed-off-by: Jeremy Cline <jcline@redhat.com>
 2019-03-14 20:42:28 +00:00
Aurélien Bompard
47a20bac7c RabbitMQ: store the admin password 2019-02-28 15:36:48 +00:00
Aurélien Bompard
abb8274dba Changing erlang cookies requires restarting the server 2018-11-28 09:37:57 +00:00
Patrick Uiterwijk
52c915cab4 Add prod erlang cookie 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-11-28 09:14:47 +00:00
Patrick Uiterwijk
a7b56e6b08 Add prod rabbitmq admin 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-28 10:08:37 +01:00
Aurélien Bompard
20c0cc5415 Allow the RabbitMQ user to login to the management UI 2018-10-05 09:57:46 +00:00
Aurélien Bompard
9a108064c7 Oh crap Erlang does not use # for comments 2018-10-05 09:50:40 +00:00
Aurélien Bompard
e90ec28ebe The RabbitMQ ansible modules can't use https yet. 
Disable SSL on the management api, and mitigate the security risk by
only listening on localhost.
 2018-10-05 09:42:04 +00:00
Aurélien Bompard
6088ebdd00 Only create the rabbitmq user on one member of the cluster 2018-10-05 08:39:35 +00:00
Aurélien Bompard
a3cac4de5b RabbitMQ: create admin user 2018-10-05 08:33:04 +00:00
Aurélien Bompard
618eae997e Create the RabbitMQ user, queues and bindings 2018-10-04 16:26:46 +00:00
Jeremy Cline
f57f3026d5 Add a RabbitMQ vhost for pubsub (fedmsg) and configure an HA policy 
Since many of our applications will likely wish to use RabbitMQ for
private things like work queues, using separate vhosts is a good idea.
This sets up a single vhost to act as a fedmsg replacement (called
pubsub) and configures it for high availability.

The HA policy mirrors queues to all nodes in the cluster and enables
automatic synchronization with a batch size of 10K messages. Automatic
synchronization means that when a new node joins the cluster, all
messages from existing nodes are pushed to the new node, blocking queue
activity until mirroring is complete.

Signed-off-by: Jeremy Cline <jcline@redhat.com>
 2018-10-02 18:11:29 +00:00
Jeremy Cline
e8b13a2fa4 Raise the file limit on the RabbitMQ cluster 
RabbitMQ recommends[0] that the open file descriptor limit be set to a
minimum of 50K. It recommends that the maximum number of open
connections be multiplied by 2 and added to the total number of queues.
Finally, it suggests that 500K isn't an unreasonable setting. This sets
the default to 500K and makes the value configurable.

Signed-off-by: Jeremy Cline <jcline@redhat.com>
 2018-09-18 15:35:20 +00:00
Patrick Uiterwijk
29c479c291 Use just the common name from client certs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-17 14:19:33 +00:00
Patrick Uiterwijk
7f1ef59465 Enable ssl auth plugin 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-17 13:56:16 +00:00
Patrick Uiterwijk
cfcbb8b41f Make very sure the default guest user is no more 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 21:26:56 +00:00
Patrick Uiterwijk
1d3648bcd5 Please enable the service now 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 21:22:53 +00:00
Patrick Uiterwijk
0bffc3a1b1 Silly me. Directories and their X flags 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 21:21:23 +00:00
Patrick Uiterwijk
4458ed8d21 We configure long (FQDN) names 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 21:08:24 +00:00
Patrick Uiterwijk
86ff0d1a7f Can't end with a comma here. Rabbitmq grumpy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:59:24 +00:00
Patrick Uiterwijk
8d0b10e81b Set a node name 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:57:40 +00:00
Patrick Uiterwijk
9a4edf5f64 Add missing comma 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:53:09 +00:00
Patrick Uiterwijk
34d54c4be7 Fix paths to certs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:44:40 +00:00
Patrick Uiterwijk
c6a33bd8fb Build combined config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:43:17 +00:00
Patrick Uiterwijk
37131d4ef5 We will need custom env 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:38:39 +00:00
Patrick Uiterwijk
418b8a07b2 Use owner= not user= 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:33:41 +00:00
Patrick Uiterwijk
a5bfab5427 Deploy erlang cookie 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:31:40 +00:00
Patrick Uiterwijk
35b4080a58 Import some more rabbitmq cluster config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:23:16 +00:00
Patrick Uiterwijk
c71de9325b Deploy rhos13 repo to rabbitmq cluster 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:06:47 +00:00
Patrick Uiterwijk
5d8e972157 Start initial rabbitmq_Cluster role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-02 20:04:06 +00:00