RabbitMQ: leave it to apps to grant access to the nagios-monitoring user

Because those vhosts may not be created yet when the main RabbitMQ playbook is run. Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2020-02-14 11:22:44 +01:00 · 2020-02-14 11:22:44 +01:00 · 48de31d042
commit 48de31d042
parent f21127ef84
3 changed files with 32 additions and 17 deletions
--- a/roles/bodhi2/base/tasks/main.yml
+++ b/roles/bodhi2/base/tasks/main.yml
@ -78,6 +78,21 @@
  - config
  - bodhi

+- name: Grant the nagios-monitoring user access to the bodhi vhost
+  run_once: true
+  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
+  rabbitmq_user:
+    user: nagios-monitoring
+    vhost: /bodhi
+    configure_priv: "^$"
+    read_priv: "^$"
+    write_priv: "^$"
+    tags: monitoring
+  tags:
+  - rabbitmq_cluster
+  - config
+  - bodhi
+
 # Create a user for Celery
 # - name: Create a user for Celery usage
 #   run_once: true
@ -106,4 +121,4 @@
  tags:
  - rabbitmq_cluster
  - config
-  - bodhi
+  - bodhi
--- a/roles/odcs/backend/tasks/main.yml
+++ b/roles/odcs/backend/tasks/main.yml
@ -140,6 +140,22 @@
  - odcs
  - odcs/backend

+- name: Grant the nagios-monitoring user access to the odcs vhost
+  run_once: true
+  delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
+  rabbitmq_user:
+    user: nagios-monitoring
+    vhost: /odcs
+    configure_priv: "^$"
+    read_priv: "^$"
+    write_priv: "^$"
+    tags: monitoring
+  tags:
+  - rabbitmq_cluster
+  - config
+  - odcs
+  - odcs/backend
+
 # Create a user with:
 - name: Create a user for odcs access
  run_once: true
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@ -225,14 +225,6 @@
        configure_priv: "^$"
        read_priv: "^$"
        write_priv: "^$"
-      - vhost: /bodhi
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
-      - vhost: /odcs
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
    tags: monitoring
  when: env == "staging" and inventory_hostname.startswith('rabbitmq01')
  tags:
@ -257,14 +249,6 @@
        configure_priv: "^$"
        read_priv: "^$"
        write_priv: "^$"
-      - vhost: /bodhi
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
-      - vhost: /odcs
-        configure_priv: "^$"
-        read_priv: "^$"
-        write_priv: "^$"
    tags: monitoring
  when: env == "production" and inventory_hostname.startswith('rabbitmq01')
  tags: