infrastructure/ansible
2
0
Fork 0
Code Pull requests 7 Activity Actions
38328 commits 9 branches 0 tags 110 MiB
Commit graph

138 commits

Author SHA1 Message Date
Kevin Fenzi
d14d971351 rabbitmq/server: fix template to cluster to the right nodes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-20 14:31:19 -07:00
Kevin Fenzi
306252899a rabbitmq/server: drop stay leftover loop line. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 10:02:03 -07:00
Kevin Fenzi
661a8b54be rabbitmq / server: avoid clashing loops. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 09:11:54 -07:00
Kevin Fenzi
c8d2d330e2 rabbitmq/server: try this to delegate to each datacenter correctly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 07:56:12 -07:00
Kevin Fenzi
3c5c8b5f2a rabbitmq/server: fix missing quote 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:52:29 -07:00
Kevin Fenzi
6bec1929e5 rabbitmq/server: fix missing quote 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:44:12 -07:00
Kevin Fenzi
13f4b3b63c rabbitmq / server: almost worked, need to hard code vaules however 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:35:19 -07:00
Kevin Fenzi
b19bf634bc rabbitmq / server: see if we can delgate correctly for iad2 vs phx2 this way 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-18 21:25:14 -07:00
Kevin Fenzi
cf517215a5 rhos13 repo: turns out we still use this for newer rabbitmq 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 16:10:05 -07:00
Kevin Fenzi
93cfa0134d rabbitmq: adjust things to avoid messy partitions 
We have been having the cluster fall over for still unknown reasons,
but this patch should at least help prevent them:

first we increase the net_ticktime parameter from it's default of 60 to 120.
rabbitmq sends 4 'ticks' to other cluster members over this time and if 25%
of them are lost it assumes that cluster member is down. All these vm's are
on the same net and in the same datacenter, but perhaps heavy load
from other vm's causes them to sometimes not get a tick in time?
http://www.rabbitmq.com/nettick.html

Also, set our partitioning strategy to autoheal. Currently if some cluster
member gets booted out, it gets paused, and stops processing at all.
With autoheal it will try and figure out a 'winning' partition and restart
all the nodes that are not in that partition.
https://www.rabbitmq.com/partitions.html

Hopefully the first thing will make partitions less likely and the second
will make them repair without causing massive pain to the cluster.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:26 +02:00
Aurélien Bompard
16ba6fdbff RabbitMQ: add server_name_indication to the federation parameters 
The Federation plugin uses an AMQP client that verifies that the
hostname it's connecting to is the right one. Our RabbitMQ server
TLS certificates only have the "public" name as Subject Alternative Name
and in that case apparently the client does not check the CN. Therefore
this changeset sets the client parameter to expect the "public" name in
the certificate.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
8f5de8c822 Also create zmq.topic in /pubsub 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
48de31d042 RabbitMQ: leave it to apps to grant access to the nagios-monitoring user 
Because those vhosts may not be created yet when the main RabbitMQ
playbook is run.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
704835c2bb RabbitMQ: Don't create the nagios user before the vhost is setup 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:22 +02:00
Kevin Fenzi
135bc4418d rabbitmq_cluster / staging: nagios-plugins-rabbitmq builds, but is not installable 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:22 +02:00
Aurélien Bompard
5cae294eaa RabbitMQ: give the admin user admin privileges 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:21 +02:00
Aurélien Bompard
01da7c30b6 Restart rabbitmq when a config file changes 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:20 +02:00
Aurélien Bompard
eebab27357 RabbitMQ: handle partitions automatically 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:20 +02:00
Aurélien Bompard
b91e03d059 RabbitMQ: allow the nagios-monitoring user access to other vhosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:20 +02:00
Tim Flink
b03d81e48a rabbitmq_cluster: adding rpminspect queue to match rpminspect keypair 2020-04-24 21:34:20 +02:00
Tim Flink
a962b3a2ec rabbitmq: fixing syntax error I introduced 2020-04-24 21:34:19 +02:00
Tim Flink
3f15954566 rabbitmq: adding queue for fedora-build-checks 2020-04-24 21:34:19 +02:00
Aurélien Bompard
3dabb3a067 Remove useless comment 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:12 +02:00
Michal Konečný
fed409d8fc rabbitmq_cluster: Change CentOS routing key to correct format 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2020-04-24 21:34:12 +02:00
Michal Konečný
190a82ac07 rabbitmq_cluster: Add testing key for CentOS 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2020-04-24 21:34:12 +02:00
Aurélien Bompard
f6a71cf48d Set the RabbitMQ admin user permissions in a way that does not overwrite other vhosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:11 +02:00
Aurélien Bompard
7d472ed5c8 Create the RabbitMQ user for CentOS CI 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:11 +02:00
Kevin Fenzi
5f28f28e0f Revert "rabbitmq_cluster: Switch how permissions are done and give admin all perms" 
This reverts commit a28ddcde1920160038684d0a7d18618920faa2a0.
 2020-04-24 21:34:11 +02:00
Kevin Fenzi
a9c97618a1 rabbitmq_cluster: Switch how permissions are done and give admin all perms 
The way we were granting perms to admin was just on existing vhost/queues.
Instead we should just give admin full privs to any queues/vhosts that might
exist now or later.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:11 +02:00
Jonathan Lebon
42335b7370 rabbitmq: add coreos queue 
This is needed for CoreOS-specific messages. See
https://pagure.io/fedora-infrastructure/issue/8227.

Reviewed-by: Aurelien Bompard <abompard@redhat.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
f55344abe3 rabbitmq: admin should have all perms to / as well. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:09 +02:00
Aurélien Bompard
8423703a36 Remove the testing-farm user/queue 
Requested on IRC by mvadkert

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:08 +02:00
Aurélien Bompard
2aaa80ab3e Allow the RabbitMQ monitoring user to access the default vhost 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:08 +02:00
Aurélien Bompard
9d8188dbfa Let the RabbitMQ nagios user access the default vhost 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00
Jeremy Cline
e7c6b1a156 rabbitmq: add coreos user 
Create the coreos{.stg} user.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2020-04-24 21:34:07 +02:00
Aurélien Bompard
c5b01f6d30 Give the monitoring user access to the vhosts we use 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00
Aurélien Bompard
4f47672637 Create, build and load a custom SELinux module for NRPE & RabbitMQ 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00
Aurélien Bompard
4f5de9eb37 Try to fix playbook failure 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00
Aurélien Bompard
ab31f6fcfe Create RabbitMQ user and queue (#7965) 
Attempt to fix: https://pagure.io/fedora-infrastructure/issue/7965

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-04-24 21:34:07 +02:00
Jeremy Cline
78128ae0ff rabbitmq_cluster: limit queue size to 1GB and remove stale queues 
When a user creates a queue and then never consumes from it (such at the
current Greenwave queue) it grows and grows forever. This isn't a
problem in the short term as messages are very small and 100K messages
is in the range of 10MB (depending on the payload size, obviously), but
eventually it will lead to trouble.

This policy will delete any queue that has had no subscribers in 31
days, and as a safety measure also limits all queues to 1GB of storage,
which is probably excessive.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-06-19 14:06:50 +00:00
Aurélien Bompard
6fd793feac rabbitmq_cluster: update package command to not use items 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2019-06-11 17:56:22 +02:00
Jeremy Cline
81fb52008a rabbitmq_cluster: create nagios-monitoring user 2019-04-23 20:43:42 +00:00
Jeremy Cline
eae92f73e9 rabbitmq_cluster: install nagios monitoring scripts 
This package is available in epel7-infra and is built from
https://github.com/nagios-plugins-rabbitmq/nagios-plugins-rabbitmq.
 2019-04-23 20:13:22 +00:00
Jeremy Cline
9e7074570c rabbitmq_cluster: Create the public vhost before the admin user 
The admin user needs access to the public vhost, but it needs to exist
first.
 2019-04-04 23:04:55 +00:00
Jeremy Cline
5acf7832cd Give the admin user admin access to /public_pubsub 
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-03-25 22:16:27 +00:00
Jeremy Cline
b7c688a2ad rabbitmq_cluster: Make the zmq.topic exchange a topic exchange 
The default type is direct, but we want topic.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-03-25 22:06:06 +00:00
Jeremy Cline
73240bc64e rabbitmq_cluster: Add the admin user to the public_pubsub vhost 
It needs permissions to manage that vhost

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-03-22 20:48:30 +00:00
Jeremy Cline
36d43c5d55 rabbitmq_cluster: Create the zmq.topic and bind it to amq.topic 
This way amq.topic in the public vhost gets all messages.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2019-03-22 20:26:30 +00:00
Jeremy Cline
e5c5720d5b rabbitmq_cluster: federate both amq.topic and zmq.topic 
Native AMQP clients publish to amq.topic, but the zmq-to-amqp bridge
publishes to zmq.topic so we can keep track of who's publishing where.
 2019-03-22 19:51:27 +00:00
Jeremy Cline
70ed6bb95c rabbitmq_cluster: create public user fedora.stg in staging 
The cert for the user in staging is fedora.stg, so make the user in
rabbitmq match.
 2019-03-20 19:24:31 +00:00