Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
33211 commits 9 branches 0 tags 111 MiB
Commit graph

102 commits

Author SHA1 Message Date
Siteshwar Vashisht
5118b6817d Update roles/rabbitmq_cluster/tasks/apps.yml 
Add `alt-src` user and queue for `sync2git` service for CentOS Streams
 2020-09-15 07:55:04 +00:00
Pierre-Yves Chibon
4bc6749fad rabbitmq_cluster: Remove the rpminspect queue from the server 
The Fedora CI folks are apparently no longer using it

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-04 21:18:07 +02:00
Pierre-Yves Chibon
4a93e4f1e0 rabbitmq_cluster: add a tags for the task on the osci-pipelines 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 10:03:31 +02:00
Michal Srb
079119927f Lower TTL for OSCI queues 
Not all OSCI queues are actively used all the time -- no need to keep messages for 10 days in them. 5 days TTL should be plenty of time even for actively used queues.
 2020-07-23 07:31:19 +00:00
Jonathan Lebon
a51feef5bd Revert "rabbitmq: add coreos queue" 
This reverts commit 42335b7370.

We only need the `coreos` user, so that we can publish messages. We
don't need the `coreos` queue.

See https://pagure.io/fedora-infrastructure/issue/9085#comment-663345
 2020-07-08 07:56:24 +00:00
Kevin Fenzi
2290817ace inventory: drop more autosign01 and bastion-comm01 rabbitmq: add monitoring plugin now. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-30 17:10:32 -07:00
Kevin Fenzi
a9beef0b8d rabbitmq / osci: define the loop var in loop_control 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-22 10:37:39 -07:00
Kevin Fenzi
331272c043 fix typo in last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-22 10:27:34 -07:00
Kevin Fenzi
10e4307204 rabbitmq / osci: try and set loop variable here to avoid clash with rabbit/queue role 
The default loop var is 'item' but it's already being used in
rabbit/queue so if we use it here also it causes clashing and a invalid
binding. So, change this one to something else and see if it fixes the
issue.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-22 10:20:59 -07:00
Andrei Stepanov
2296847061 Add osci client+queues to RabbitMQ 
Signed-off-by: Andrei Stepanov <astepano@redhat.com>
 2020-06-10 23:10:27 +00:00
Kevin Fenzi
05f2b9366d iad2: make copr and faf rabbitmq users 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 10:46:30 -07:00
Kevin Fenzi
5351aa704e iad2 move: setup rabbitmq to be ready for moving. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 07:49:28 -07:00
Kevin Fenzi
5f626eb145 iad2: have rabbitmq instances use rhos16 instead of rhos13, which was/is rhel7 based 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-31 13:35:43 -07:00
Aurélien Bompard
044c88e68b Set the TTL to 10 days on the centos-ci queue 
Fixes #8939

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-05-26 13:46:53 +00:00
Kevin Fenzi
d14d971351 rabbitmq/server: fix template to cluster to the right nodes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-20 14:31:19 -07:00
Kevin Fenzi
306252899a rabbitmq/server: drop stay leftover loop line. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 10:02:03 -07:00
Kevin Fenzi
661a8b54be rabbitmq / server: avoid clashing loops. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 09:11:54 -07:00
Kevin Fenzi
c8d2d330e2 rabbitmq/server: try this to delegate to each datacenter correctly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 07:56:12 -07:00
Kevin Fenzi
3c5c8b5f2a rabbitmq/server: fix missing quote 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:52:29 -07:00
Kevin Fenzi
6bec1929e5 rabbitmq/server: fix missing quote 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:44:12 -07:00
Kevin Fenzi
13f4b3b63c rabbitmq / server: almost worked, need to hard code vaules however 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:35:19 -07:00
Kevin Fenzi
b19bf634bc rabbitmq / server: see if we can delgate correctly for iad2 vs phx2 this way 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:25:14 -07:00
Kevin Fenzi
cf517215a5 rhos13 repo: turns out we still use this for newer rabbitmq 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 16:10:05 -07:00
Kevin Fenzi
93cfa0134d rabbitmq: adjust things to avoid messy partitions 
We have been having the cluster fall over for still unknown reasons,
but this patch should at least help prevent them:

first we increase the net_ticktime parameter from it's default of 60 to 120.
rabbitmq sends 4 'ticks' to other cluster members over this time and if 25%
of them are lost it assumes that cluster member is down. All these vm's are
on the same net and in the same datacenter, but perhaps heavy load
from other vm's causes them to sometimes not get a tick in time?
http://www.rabbitmq.com/nettick.html

Also, set our partitioning strategy to autoheal. Currently if some cluster
member gets booted out, it gets paused, and stops processing at all.
With autoheal it will try and figure out a 'winning' partition and restart
all the nodes that are not in that partition.
https://www.rabbitmq.com/partitions.html

Hopefully the first thing will make partitions less likely and the second
will make them repair without causing massive pain to the cluster.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:26 +02:00
Aurélien Bompard
16ba6fdbff RabbitMQ: add server_name_indication to the federation parameters 
The Federation plugin uses an AMQP client that verifies that the
hostname it's connecting to is the right one. Our RabbitMQ server
TLS certificates only have the "public" name as Subject Alternative Name
and in that case apparently the client does not check the CN. Therefore
this changeset sets the client parameter to expect the "public" name in
the certificate.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
8f5de8c822 Also create zmq.topic in /pubsub 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
48de31d042 RabbitMQ: leave it to apps to grant access to the nagios-monitoring user 
Because those vhosts may not be created yet when the main RabbitMQ
playbook is run.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
704835c2bb RabbitMQ: Don't create the nagios user before the vhost is setup 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Kevin Fenzi
135bc4418d rabbitmq_cluster / staging: nagios-plugins-rabbitmq builds, but is not installable 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
5cae294eaa RabbitMQ: give the admin user admin privileges 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:21 +02:00
Aurélien Bompard
01da7c30b6 Restart rabbitmq when a config file changes 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:20 +02:00
Aurélien Bompard
eebab27357 RabbitMQ: handle partitions automatically 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:20 +02:00
Aurélien Bompard
b91e03d059 RabbitMQ: allow the nagios-monitoring user access to other vhosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:20 +02:00
Tim Flink
b03d81e48a rabbitmq_cluster: adding rpminspect queue to match rpminspect keypair 2020-04-24 21:34:20 +02:00
Tim Flink
a962b3a2ec rabbitmq: fixing syntax error I introduced 2020-04-24 21:34:19 +02:00
Tim Flink
3f15954566 rabbitmq: adding queue for fedora-build-checks 2020-04-24 21:34:19 +02:00
Aurélien Bompard
3dabb3a067 Remove useless comment 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:12 +02:00
Michal Konečný
fed409d8fc rabbitmq_cluster: Change CentOS routing key to correct format 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2020-04-24 21:34:12 +02:00
Michal Konečný
190a82ac07 rabbitmq_cluster: Add testing key for CentOS 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2020-04-24 21:34:12 +02:00
Aurélien Bompard
f6a71cf48d Set the RabbitMQ admin user permissions in a way that does not overwrite other vhosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:11 +02:00
Aurélien Bompard
7d472ed5c8 Create the RabbitMQ user for CentOS CI 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:11 +02:00
Kevin Fenzi
5f28f28e0f Revert "rabbitmq_cluster: Switch how permissions are done and give admin all perms" 
This reverts commit a28ddcde1920160038684d0a7d18618920faa2a0.
 2020-04-24 21:34:11 +02:00
Kevin Fenzi
a9c97618a1 rabbitmq_cluster: Switch how permissions are done and give admin all perms 
The way we were granting perms to admin was just on existing vhost/queues.
Instead we should just give admin full privs to any queues/vhosts that might
exist now or later.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:11 +02:00
Jonathan Lebon
42335b7370 rabbitmq: add coreos queue 
This is needed for CoreOS-specific messages. See
https://pagure.io/fedora-infrastructure/issue/8227.

Reviewed-by: Aurelien Bompard <abompard@redhat.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
f55344abe3 rabbitmq: admin should have all perms to / as well. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:09 +02:00
Aurélien Bompard
8423703a36 Remove the testing-farm user/queue 
Requested on IRC by mvadkert

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:08 +02:00
Aurélien Bompard
2aaa80ab3e Allow the RabbitMQ monitoring user to access the default vhost 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:08 +02:00
Aurélien Bompard
9d8188dbfa Let the RabbitMQ nagios user access the default vhost 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00
Jeremy Cline
e7c6b1a156 rabbitmq: add coreos user 
Create the coreos{.stg} user.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2020-04-24 21:34:07 +02:00
Aurélien Bompard
c5b01f6d30 Give the monitoring user access to the vhosts we use 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00