infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

Set the RabbitMQ admin user permissions in a way that does not overwrite other vhosts

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2019-09-27 18:20:30 +02:00 committed by Pierre-Yves Chibon
parent 71c04a9d6b
commit f6a71cf48d
2 changed files with 20 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

40
roles/odcs/backend/tasks/main.yml
View file

@ -108,38 +108,17 @@
- odcs - odcs
- odcs/backend - odcs/backend
- name: Create the admin user for the odcs vhost
run_once: true
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
rabbitmq_user:
user: admin
password: "{{ rabbitmq_odcs_admin_password_staging }}"
permissions:
- vhost: /odcs
configure_priv: .*
read_priv: .*
write_priv: .*
tags: management
when: env == "staging"
tags:
- rabbitmq_cluster
- config
- odcs
- odcs/backend
- name: Create the admin user for the odcs vhost (prod) - name: Create the admin user for the odcs vhost (prod)
run_once: true run_once: true
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org" delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
rabbitmq_user: rabbitmq_user:
user: admin user: admin
password: "{{ rabbitmq_odcs_admin_password_production }}" password: "{{ (env == 'production')|ternary(rabbitmq_odcs_admin_password_production, rabbitmq_odcs_admin_password_staging) }}"
permissions: vhost: /odcs
- vhost: /odcs configure_priv: .*
configure_priv: .* read_priv: .*
read_priv: .* write_priv: .*
write_priv: .*
tags: management tags: management
when: env != "staging"
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster
- config - config
@ -167,11 +146,10 @@
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org" delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
rabbitmq_user: rabbitmq_user:
user: "odcs-private-queue{{ env_suffix }}" user: "odcs-private-queue{{ env_suffix }}"
permissions: vhost: /odcs
- vhost: /odcs configure_priv: .*
configure_priv: .* write_priv: .*
write_priv: .* read_priv: .*
read_priv: .*
state: present state: present
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster

50
roles/rabbitmq_cluster/tasks/main.yml
View file

@ -224,48 +224,20 @@
- rabbitmq_cluster - rabbitmq_cluster
- config - config
- name: Create the admin user for the pubsub vhost - name: Create the admin user for the {{ item }} vhost
rabbitmq_user: rabbitmq_user:
user: admin user: admin
password: "{{ rabbitmq_admin_password_staging }}" password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}"
permissions: vhost: "{{ item }}"
- vhost: / configure_priv: .*
configure_priv: .* read_priv: .*
read_priv: .* write_priv: .*
write_priv: .*
- vhost: /pubsub
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: /public_pubsub
configure_priv: .*
read_priv: .*
write_priv: .*
tags: management tags: management
when: env == "staging" and inventory_hostname.startswith('rabbitmq01') with_items:
tags: - /
- rabbitmq_cluster - /pubsub
- config - /public_pubsub
when: inventory_hostname.startswith('rabbitmq01')
- name: Create the admin user for the pubsub vhost
rabbitmq_user:
user: admin
password: "{{ rabbitmq_admin_password_production }}"
permissions:
- vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: /pubsub
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: /public_pubsub
configure_priv: .*
read_priv: .*
write_priv: .*
tags: management
when: env == "production" and inventory_hostname.startswith('rabbitmq01')
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster
- config - config