ansible/roles/rabbitmq_cluster/tasks/apps.yml

#
# This playbook creates users and queues for specific applications
#


- name: CoreOS user
  run_once: true
  include_role:
    name: rabbit/user
  vars:
    username: coreos{{ env_suffix }}


- name: CentOS CI
  run_once: true
  include_role:
    name: rabbit/queue
  vars:
    username: centos-ci{{ env_suffix }}
    queue_name: centos-ci{{ env_suffix }}
    # TTL: 10 days (in miliseconds)
    message_ttl: 864000000
    routing_keys:
      # This routing key is for testing purposes only
      - "org.centos.ci.#"

- name: OSCI
  run_once: true
  include_role:
    name: rabbit/queue
  vars:
    username: osci-pipelines{{ env_suffix }}
    queue_name: "{{ osci_pipeline_queue }}{{ env_suffix }}"
    message_ttl: 864000000
  loop:
    - "osci-pipelines{{ env_suffix }}-queue-0"
    - "osci-pipelines{{ env_suffix }}-queue-1"
    - "osci-pipelines{{ env_suffix }}-queue-2"
    - "osci-pipelines{{ env_suffix }}-queue-3"
    - "osci-pipelines{{ env_suffix }}-queue-4"
    - "osci-pipelines{{ env_suffix }}-queue-5"
    - "osci-pipelines{{ env_suffix }}-queue-6"
    - "osci-pipelines{{ env_suffix }}-queue-7"
    - "osci-pipelines{{ env_suffix }}-queue-9"
    - "osci-pipelines{{ env_suffix }}-queue-10"
    - "osci-pipelines{{ env_suffix }}-queue-11"
    - "osci-pipelines{{ env_suffix }}-queue-12"
    - "osci-pipelines{{ env_suffix }}-queue-13"
    - "osci-pipelines{{ env_suffix }}-queue-14"
    - "osci-pipelines{{ env_suffix }}-queue-15"
  loop_control:
    loop_var: osci_pipeline_queue
  tags:
    - osci-pipelines

- name: Fedora Build Checks
  run_once: true
  include_role:
    name: rabbit/queue
  vars:
     username: fedora-build-checks{{ env_suffix }}
     queue_name: fedora-build-checks{{ env_suffix }}
     routing_keys:
      - "org.centos.ci.#"

- name: copr
  run_once: true
  include_role:
    name: rabbit/user
  vars:
     username: copr{{ env_suffix }}

- name: faf
  run_once: true
  include_role:
    name: rabbit/user
  vars:
     username: faf{{ env_suffix }}

- name: CentOS Stream
  run_once: true
  include_role:
    name: rabbit/queue
  vars:
    username: alt-src{{ env_suffix }}
    queue_name: alt-src{{ env_suffix }}
    # TTL: 10 days (in miliseconds)
    message_ttl: 864000000
    routing_keys:
      # This routing key is for testing purposes only
      - "org.centos.stream.#"
    thresholds:
      warning:  1000
      critical: 10000

# CENTOS GITLAB BEGIN
- name: CentOS Gitlab Queue
  run_once: true
  include_role:
    name: rabbit/queue
  vars:
    username: gitlab-centos{{ env_suffix }}
    queue_name: gitlab-centos{{ env_suffix }}
    # TTL: 10 days (in miliseconds)
    message_ttl: 864000000
    routing_keys:
      - "org.centos.{{ env_short }}.gitlab.#"
# CENTOS GITLAB END

# CENTOS KOJI BEGIN
- name: CentOS Koji User
  run_once: true
  include_role:
    name: rabbit/user
  vars:
     username: koji-centos{{ env_suffix }}

- name: CentOS Stream Koji User
  run_once: true
  include_role:
    name: rabbit/user
  vars:
     username: centos-koji
# CENTOS KOJI END

# CENTOS ODCS BEGIN
- name: Configure the centos-odcs virtual host
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_vhost:
    name: /centos-odcs
    state: present
  tags:
  - centos-odcs

- name: Configure the HA policy for the centos-odcs queues
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    name: HA
    apply_to: queues
    pattern: .*
    tags:
      ha-mode: all
      ha-sync-mode: automatic  # Auto sync queues to new cluster members
      ha-sync-batch-size: 10000  # Larger is faster, but must finish in 1 net_ticktime
    vhost: /centos-odcs
  tags:
  - centos-odcs

- name: Add a policy to limit queues to 1GB and remove after a month of no use
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    apply_to: queues
    name: pubsub_sweeper
    state: present
    pattern: ".*"
    tags:
      # Unused queues are killed after 1000 * 60 * 60 * 31 milliseconds (~a month)
      expires: 111600000
      # Queues can use at most 1GB of storage
      max-length-bytes: 1073741824
    vhost: /centos-odcs
  tags:
  - centos-odcs

- name: Create the centos-odcs-admin user for the centos-odcs vhost (prod)
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: centos-odcs-admin
    password: "{{ (env == 'production')|ternary(rabbitmq_centos_odcs_admin_password_production, rabbitmq_centos_odcs_admin_password_staging) }}"
    vhost: /centos-odcs
    configure_priv: .*
    read_priv: .*
    write_priv: .*
  tags:
  - centos-odcs

- name: Dump the admin password in a file for administrative operations
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  copy:
    dest: /root/.centos-odcs-rabbitmqpass
    content: "{{ (env == 'production')|ternary(rabbitmq_centos_odcs_admin_password_production, rabbitmq_centos_odcs_admin_password_staging) }}"
    mode: 0600
    owner: root
    group: root
  tags:
  - centos-odcs

- name: Grant the admin user access to the centos-odcs vhost
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: admin
    vhost: /centos-odcs
    configure_priv: .*
    read_priv: .*
    write_priv: .*
    tags: administrator
  tags:
  - centos-odcs

- name: Create a user for centos-odcs access
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: "centos-odcs-private-queue{{ env_suffix }}"
    vhost: /centos-odcs
    configure_priv: .*
    write_priv: .*
    read_priv: .*
    state: present
  tags:
  - centos-odcs

- name: Create the user in RabbitMQ
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: centos-odcs
    vhost: /centos-odcs
    read_priv: "^$"  # Publish only, no reading
    write_priv: "amq\\.topic"
    configure_priv: "^$"  # No configuration permissions
    state: present
  tags:
  - centos-odcs

# CENTOS ODCS END

# MBS BEGIN
#
- name: Configure the mbs-private-queue virtual host
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_vhost:
    name: /mbs-private-queue
    state: present
  tags:
  - mbs-private-queue

- name: Configure the HA policy for the mbs-private-queue queues
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    name: HA
    apply_to: queues
    pattern: .*
    tags:
      ha-mode: all
      ha-sync-mode: automatic  # Auto sync queues to new cluster members
      ha-sync-batch-size: 10000  # Larger is faster, but must finish in 1 net_ticktime
    vhost: /mbs-private-queue
  tags:
  - mbs-private-queue

- name: Add a policy to limit queues to 1GB and remove after a month of no use
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    apply_to: queues
    name: pubsub_sweeper
    state: present
    pattern: ".*"
    tags:
      # Unused queues are killed after 1000 * 60 * 60 * 31 milliseconds (~a month)
      expires: 111600000
      # Queues can use at most 1GB of storage
      max-length-bytes: 1073741824
    vhost: /mbs-private-queue
  tags:
  - mbs-private-queue

- name: Create the mbs-private-queue user for the mbs-private-queue vhost (prod)
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: mbs-private-queue
    password: "{{ (env == 'production')|ternary(rabbitmq_mbs_private_queue_admin_password_production, rabbitmq_mbs_private_queue_admin_password_staging) }}"
    vhost: /mbs-private-queue
    configure_priv: .*
    read_priv: .*
    write_priv: .*
  tags:
  - mbs-private-queue

- name: Dump the admin password in a file for administrative operations
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  copy:
    dest: /root/.mbs-private-queue-rabbitmqpass
    content: "{{ (env == 'production')|ternary(rabbitmq_mbs_private_queue_admin_password_production, rabbitmq_mbs_private_queue_admin_password_staging) }}"
    mode: 0600
    owner: root
    group: root
  tags:
  - mbs-private-queue

- name: Grant the admin user access to the mbs-private-queue vhost
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: admin
    vhost: /mbs-private-queue
    configure_priv: .*
    read_priv: .*
    write_priv: .*
    tags: administrator
  tags:
  - mbs-private-queue

- name: Create a user for mbs-private-queue access
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: "mbs-private-queue{{ env_suffix }}"
    vhost: /mbs-private-queue
    configure_priv: .*
    write_priv: .*
    read_priv: .*
    state: present
  tags:
  - mbs-private-queue

# MBS END