CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions

Vendor Galaxy Roles and Collections
Some checks failed
/ Ansible Lint (push) Failing after 5m45s
Details
/ Ansible Lint (pull_request) Failing after 4m59s
Details

Browse source
This commit is contained in:
Stefan Bethke 2026-02-06 22:07:16 +01:00
commit 2aed20393f
3553 changed files with 387444 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
ansible_collections/debops/debops/roles/rabbitmq_server/COPYRIGHT Normal file
View file

@ -0,0 +1,19 @@
debops.rabbitmq_server - Manage RabbitMQ service using Ansible
Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
Copyright (C) 2017 DebOps <https://debops.org/>
SPDX-License-Identifier: GPL-3.0-only
This repository is part of DebOps.
DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.

961
ansible_collections/debops/debops/roles/rabbitmq_server/defaults/main.yml Normal file
View file

@ -0,0 +1,961 @@
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# .. Copyright (C) 2017-2024 Maciej Delmanowski <drybjed@gmail.com>
# .. Copyright (C) 2017-2024 DebOps <https://debops.org/>
# .. SPDX-License-Identifier: GPL-3.0-only
# .. _rabbitmq_server__ref_defaults:
# debops.rabbitmq_server default variables [[[
# ============================================
# .. contents:: Sections
# :local:
#
# .. include:: ../../../../includes/global.rst
# APT packages [[[
# ----------------
# .. envvar:: rabbitmq_server__base_packages [[[
#
# List of base APT packages to install for RabbitMQ service.
rabbitmq_server__base_packages: [ 'rabbitmq-server' ]
# ]]]
# .. envvar:: rabbitmq_server__packages [[[
#
# List of additional APT packages to install with RabbitMQ service.
rabbitmq_server__packages: []
# ]]]
# ]]]
# System configuration [[[
# ------------------------
# .. envvar:: rabbitmq_server__user [[[
#
# Name of the UNIX system account used by RabbitMQ service.
rabbitmq_server__user: 'rabbitmq'
# ]]]
# .. envvar:: rabbitmq_server__group [[[
#
# Name of the UNIX system group used by RabbitMQ service.
rabbitmq_server__group: 'rabbitmq'
# ]]]
# .. envvar:: rabbitmq_server__append_groups [[[
#
# List of additional UNIX groups to add the RabbitMQ user into. The
# ``ssl-cert`` UNIX group is used for the X.509 private key access.
rabbitmq_server__append_groups: '{{ ["ssl-cert"] if rabbitmq_server__pki | bool else [] }}'
# ]]]
# .. envvar:: rabbitmq_server__home [[[
#
# Absolute path of the RabbitMQ home directory.
rabbitmq_server__home: '/var/lib/rabbitmq'
# ]]]
# ]]]
# Resource utilization [[[
# ------------------------
# .. envvar:: rabbitmq_server__relative_disk_free_limit [[[
#
# Floating point which tells RabbitMQ how much of the free disk space relative
# to system RAM it should expect before allowing for operation. The default
# value tells RabbitMQ to expect twice the amount of available RAM to be free
# on the disk.
#
# See https://www.rabbitmq.com/production-checklist.html for more details.
rabbitmq_server__relative_disk_free_limit: 2.0
# ]]]
# ]]]
# Erlang cookie [[[
# -----------------
# .. envvar:: rabbitmq_server__erlang_cookie_path [[[
#
# Absolute path of the Erlang cookie file used by RabbitMQ.
rabbitmq_server__erlang_cookie_path: '{{ rabbitmq_server__home + "/.erlang.cookie" }}'
# ]]]
# .. envvar:: rabbitmq_server__erlang_cookie_password [[[
#
# The contents of the Erlang cookie file used by RabbitMQ. It needs to be the
# same on all nodes in the RabbitMQ cluster.
rabbitmq_server__erlang_cookie_password: '{{ lookup("password", secret
+ "/rabbitmq_server/cluster/erlang_cookie "
+ "length=64") }}'
# ]]]
# ]]]
# Advanced Message Queuing Protocol (AMQP) configuration [[[
# ----------------------------------------------------------
# .. envvar:: rabbitmq_server__amqp_allow [[[
#
# List of IP addresses or CIDR subnets which are allowed to connect to the
# RabbitMQ service over plaintext ``amqp://`` connection.
#
# If the TLS support is enabled, only the hosts and subnets specified in this
# list will be allowed to connect.
#
# If the TLS support is disabled, and nothing is specified, anybody will be
# able to connect over plaintext. You can specify the entries to limit the
# connections to selected IPs and subnets.
rabbitmq_server__amqp_allow: []
# ]]]
# .. envvar:: rabbitmq_server__amqps_allow [[[
#
# List of IP addresses or CIDR subnets which are allowed to connect to the
# RabbitMQ service over TLS ``amqps://`` connection.
#
# If this list is empty, anybody can connect over encrypted connection.
rabbitmq_server__amqps_allow: []
# ]]]
# ]]]
# RabbitMQ environment [[[
# ------------------------
# These variables define contents of the
# :file:`/etc/rabbitmq/rabbitmq-env.conf` configuration file. This file is
# sourced by the RabbitMQ init script and should contain shell environment
# variables that should be defined in the server environment. Each variable is
# a YAML dictionary, dictionary keys are variable names (they will be written
# as uppercase automatically), dictionary values are environment values.
# You can find the list of known environment variables in the RabbitMQ
# documentation: https://www.rabbitmq.com/configure.html#customise-environment
# .. envvar:: rabbitmq_server__environment [[[
#
# The RabbitMQ environment variables defined on all hosts in the Ansible
# inventory.
rabbitmq_server__environment: {}
# ]]]
# .. envvar:: rabbitmq_server__group_environment [[[
#
# The RabbitMQ environment variables defined on hosts in a specific Ansible
# inventory group.
rabbitmq_server__group_environment: {}
# ]]]
# .. envvar:: rabbitmq_server__host_environment [[[
#
# The RabbitMQ environment variables defined on specific hosts in the Ansible
# inventory.
rabbitmq_server__host_environment: {}
# ]]]
# .. envvar:: rabbitmq_server__combined_environment [[[
#
# The variable which combines all of the environment variables and is used in
# the configuration template.
rabbitmq_server__combined_environment: '{{ rabbitmq_server__environment
| combine(rabbitmq_server__group_environment,
rabbitmq_server__host_environment) }}'
# ]]]
# ]]]
# RabbitMQ main configuration [[[
# -------------------------------
# These variables define the contents of the
# :file:`/etc/rabbitmq/rabbitmq.config` configuration file.
# See :ref:`rabbitmq_server__ref_config` for more details.
# .. envvar:: rabbitmq_server__default_config [[[
#
# The default configuration defined by the ``debops.rabbitmq_server`` Ansible
# role.
rabbitmq_server__default_config:
- name: 'ssl'
state: '{{ "present" if rabbitmq_server__pki | bool else "ignore" }}'
options:
- name: 'versions'
value: [ 'tlsv1.2', 'tlsv1.1' ]
type: 'atom'
- name: 'ciphers'
value: |
[
{{ rabbitmq_server__ssl_ciphers | indent(2) }}
]
type: 'raw'
state: '{{ "present"
if rabbitmq_server__ssl_ciphers
else "ignore" }}'
- client_renegotiation: False
- secure_renegotiate: True
- reuse_sessions: True
- honor_cipher_order: True
- honor_ecc_order: True
- name: 'rabbit'
state: '{{ "present" if rabbitmq_server__pki | bool else "ignore" }}'
options:
- name: 'tcp_listeners'
comment: |
Listen for TCP connections only on the 'localhost' interface
when the TLS support is enabled
value: |
[{"127.0.0.1", 5672},
{"::1", 5672}]
type: 'raw'
state: '{{ "ignore" if rabbitmq_server__amqp_allow else "present" }}'
- ssl_listeners: [ 5671 ]
- name: 'ssl_options'
value: |
[{cacertfile, "{{ rabbitmq_server__cacertfile }}"},
{certfile, "{{ rabbitmq_server__certfile }}"},
{keyfile, "{{ rabbitmq_server__keyfile }}"},
{% if rabbitmq_server__ssl_dhparam %}
{dhfile, "{{ rabbitmq_server__ssl_dhparam }}"},
{% endif -%}
{versions, ['tlsv1.2', 'tlsv1.1']},
{depth, 2},
{% if rabbitmq_server__ssl_ciphers %}
{ciphers, [
{{ rabbitmq_server__ssl_ciphers | indent(26) }}
]},
{% endif -%}
{honor_cipher_order, true},
{honor_ecc_order, true},
{client_renegotiation, false},
{secure_renegotiate, true},
{reuse_sessions, true},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]
type: 'raw'
- name: 'rabbit'
options:
- name: 'disk_free_limit'
value: '{mem_relative, {{ rabbitmq_server__relative_disk_free_limit }}{{ "}" }}'
type: 'raw'
# ]]]
# .. envvar:: rabbitmq_server__config [[[
#
# List of RabbitMQ configuration options defined for all hosts in the Ansible
# inventory.
rabbitmq_server__config: []
# ]]]
# .. envvar:: rabbitmq_server__group_config [[[
#
# List of RabbitMQ configuration options defined for hosts in a specific
# Ansible inventory group.
rabbitmq_server__group_config: []
# ]]]
# .. envvar:: rabbitmq_server__host_config [[[
#
# List of RabbitMQ configuration options defined for specific hosts in the
# Ansible inventory.
rabbitmq_server__host_config: []
# ]]]
# .. envvar:: rabbitmq_server__dependent_role [[[
#
# A string that identifies another Ansible role that uses the
# ``debops.rabbitmq_server`` role as a dependency. This value is needed to
# correctly store the dependent configuration options.
# See :ref:`rabbitmq_server__ref_dependency` for more details.
rabbitmq_server__dependent_role: ''
# ]]]
# .. envvar:: rabbitmq_server__dependent_state [[[
#
# Specify the state of the dependent configuration options, either ``present``
# (options should be included in the configuration file) or ``absent`` (options
# should be removed from the configuration file).
# See :ref:`rabbitmq_server__ref_dependency` for more details.
rabbitmq_server__dependent_state: 'present'
# ]]]
# .. envvar:: rabbitmq_server__dependent_config [[[
#
# List of RabbitMQ configuration options defined by another Ansible role
# and specified using role dependent variables.
rabbitmq_server__dependent_config: []
# ]]]
# .. envvar:: rabbitmq_server__dependent_config_filter [[[
#
# Actual variable used in the combined RabbitMQ configuration that unwraps
# the dependent configuration specified by other Ansible roles and converts it
# into format understood by the ``debops.rabbitmq_server`` configuration
# template. See :ref:`rabbitmq_server__ref_dependency` for more details.
rabbitmq_server__dependent_config_filter: '{{ lookup("template",
"lookup/rabbitmq_server__dependent_config_filter.j2")
| from_yaml }}'
# ]]]
# .. envvar:: rabbitmq_server__combined_config [[[
#
# List that combines RabbitMQ configuration variables and passes them to the
# template file.
rabbitmq_server__combined_config: '{{ rabbitmq_server__default_config
+ rabbitmq_server__dependent_config_filter
+ rabbitmq_server__config
+ rabbitmq_server__group_config
+ rabbitmq_server__host_config }}'
# ]]]
# ]]]
# RabbitMQ plugin configuration [[[
# ---------------------------------
# These variables specify what RabbitMQ plugins should be enabled on a given
# host. See :ref:`rabbitmq_server__ref_plugins` for more details.
# .. envvar:: rabbitmq_server__default_plugins [[[
#
# List of default RabbitMQ plugins enabled by this Ansible role.
rabbitmq_server__default_plugins:
# Required on all hosts by RabbitMQ Management Console
- name: 'rabbitmq_management_agent'
# ]]]
# .. envvar:: rabbitmq_server__plugins [[[
#
# List of RabbitMQ plugins to enable on all hosts in the Ansible inventory.
rabbitmq_server__plugins: []
# ]]]
# .. envvar:: rabbitmq_server__group_plugins [[[
#
# List of RabbitMQ plugins to enable on hosts in a specific Ansible inventory
# group.
rabbitmq_server__group_plugins: []
# ]]]
# .. envvar:: rabbitmq_server__host_plugins [[[
#
# List of RabbitMQ plugins to enable on specific hosts in the Ansible
# inventory.
rabbitmq_server__host_plugins: []
# ]]]
# .. envvar:: rabbitmq_server__combined_plugins [[[
#
# Combined list of RabbitMQ plugins passed to the Ansible module.
rabbitmq_server__combined_plugins: '{{ rabbitmq_server__default_plugins
+ rabbitmq_server__plugins
+ rabbitmq_server__group_plugins
+ rabbitmq_server__host_plugins }}'
# ]]]
# ]]]
# RabbitMQ virtual host configuration [[[
# ---------------------------------------
# These variables can be used to configure RabbitMQ virtual hosts.
# See :ref:`rabbitmq_server__ref_vhosts` for more details.
# .. envvar:: rabbitmq_server__vhosts [[[
#
# List of RabbitMQ virtual hosts managed on all hosts in the Ansible inventory.
rabbitmq_server__vhosts: []
# ]]]
# .. envvar:: rabbitmq_server__group_vhosts [[[
#
# List of RabbitMQ virtual hosts managed on hosts in specific Ansible inventory
# group.
rabbitmq_server__group_vhosts: []
# ]]]
# .. envvar:: rabbitmq_server__host_vhosts [[[
#
# List of RabbitMQ virtual hosts managed on specific hosts in the Ansible
# inventory.
rabbitmq_server__host_vhosts: []
# ]]]
# .. envvar:: rabbitmq_server__parameters_vhosts [[[
#
# List of RabbitMQ virtual hosts that are mentioned in parameter configuration.
# Each virtual host will be created if not already present.
rabbitmq_server__parameters_vhosts: '{{ lookup("template",
"lookup/rabbitmq_server__parameters_vhosts.j2") }}'
# ]]]
# .. envvar:: rabbitmq_server__policies_vhosts [[[
#
# List of RabbitMQ virtual hosts that are mentioned in policy configuration.
# Each virtual host will be created if not already present.
rabbitmq_server__policies_vhosts: '{{ lookup("template",
"lookup/rabbitmq_server__policies_vhosts.j2") }}'
# ]]]
# .. envvar:: rabbitmq_server__accounts_vhosts [[[
#
# List of RabbitMQ virtual hosts that are mentioned in user account
# configuration. Each virtual host will be created if not already present.
rabbitmq_server__accounts_vhosts: '{{ lookup("template",
"lookup/rabbitmq_server__accounts_vhosts.j2") }}'
# ]]]
# .. envvar:: rabbitmq_server__combined_vhosts [[[
#
# Combined list of RabbitMQ virtual hosts passed to the Ansible task.
rabbitmq_server__combined_vhosts: '{{ rabbitmq_server__vhosts
+ rabbitmq_server__group_vhosts
+ rabbitmq_server__host_vhosts
+ rabbitmq_server__parameters_vhosts
+ rabbitmq_server__policies_vhosts
+ rabbitmq_server__accounts_vhosts }}'
# ]]]
# ]]]
# RabbitMQ vhost limits [[[
# -------------------------
# These variables can be used to define RabbitMQ virtual host limits (maximum
# number of connections and queues).
# See :ref:`rabbitmq_server__ref_vhost_limits` for more details.
# .. envvar:: rabbitmq_server__vhost_limits [[[
#
# List of vhost limits which should be configured on all hosts in the Ansible
# inventory.
rabbitmq_server__vhost_limits: []
# ]]]
# .. envvar:: rabbitmq_server__group_vhost_limits [[[
#
# List of vhost limits which should be configured on hosts in specific Ansible
# inventory group.
rabbitmq_server__group_vhost_limits: []
# ]]]
# .. envvar:: rabbitmq_server__host_vhost_limits [[[
#
# List of vhost limits which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_vhost_limits: []
# ]]]
# .. envvar:: rabbitmq_server__combined_vhost_limits [[[
#
# Combined list of all vhost limits used in role tasks and templates.
rabbitmq_server__combined_vhost_limits: '{{ rabbitmq_server__vhost_limits
+ rabbitmq_server__group_vhost_limits
+ rabbitmq_server__host_vhost_limits }}'
# ]]]
# ]]]
# RabbitMQ parameter configuration [[[
# ------------------------------------
# These variables can be used to manage RabbitMQ parameters.
# See :ref:`rabbitmq_server__ref_parameters` for more details.
# .. envvar:: rabbitmq_server__parameters [[[
#
# List of RabbitMQ parameters which should be configured on all hosts in the
# Ansible inventory.
rabbitmq_server__parameters: []
# ]]]
# .. envvar:: rabbitmq_server__group_parameters [[[
#
# List of RabbitMQ parameters which should be configured on hosts in specific
# Ansible inventory group.
rabbitmq_server__group_parameters: []
# ]]]
# .. envvar:: rabbitmq_server__host_parameters [[[
#
# List of RabbitMQ parameters which should be configured on specific hosts in
# the Ansible inventory.
rabbitmq_server__host_parameters: []
# ]]]
# .. envvar:: rabbitmq_server__combined_parameters [[[
#
# Combined list of all RabbitMQ parameters passed to the Ansible task.
rabbitmq_server__combined_parameters: '{{ rabbitmq_server__parameters
+ rabbitmq_server__group_parameters
+ rabbitmq_server__host_parameters }}'
# ]]]
# ]]]
# RabbitMQ policy configuration [[[
# ---------------------------------
# These variables can be used to manage RabbitMQ policies.
# See :ref:`rabbitmq_server__ref_policies` for more details.
# .. envvar:: rabbitmq_server__policies [[[
#
# List of RabbitMQ policies which should be configured on all hosts in the
# Ansible inventory.
rabbitmq_server__policies: []
# ]]]
# .. envvar:: rabbitmq_server__group_policies [[[
#
# List of RabbitMQ policies which should be configured on hosts in specific
# Ansible inventory group.
rabbitmq_server__group_policies: []
# ]]]
# .. envvar:: rabbitmq_server__host_policies [[[
#
# List of RabbitMQ policies which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_policies: []
# ]]]
# .. envvar:: rabbitmq_server__combined_policies [[[
#
# Combined list of all RabbitMQ policies passed to the Ansible task.
rabbitmq_server__combined_policies: '{{ rabbitmq_server__policies
+ rabbitmq_server__group_policies
+ rabbitmq_server__host_policies }}'
# ]]]
# ]]]
# RabbitMQ user account configuration [[[
# ---------------------------------------
# These variables can be used to manage RabbitMQ user accounts.
# See :ref:`rabbitmq_server__ref_accounts` for more details.
# .. envvar:: rabbitmq_server__admin_accounts [[[
#
# List of automatically managed administrator accounts, based of the admin
# users managed by the :ref:`debops.core` Ansible role.
rabbitmq_server__admin_accounts: '{{ lookup("template",
"lookup/rabbitmq_server__admin_accounts.j2") }}'
# ]]]
# .. envvar:: rabbitmq_server__default_accounts [[[
#
# List of default RabbitMQ user accounts defined by the role.
rabbitmq_server__default_accounts:
# Remove the default user account
- name: 'guest'
state: 'absent'
# ]]]
# .. envvar:: rabbitmq_server__accounts [[[
#
# List of RabbitMQ user accounts which should be managed on all hosts in the
# Ansible inventory.
rabbitmq_server__accounts: []
# ]]]
# .. envvar:: rabbitmq_server__group_accounts [[[
#
# List of RabbitMQ user accounts which should be managed on hosts in a specific
# Ansible inventory group.
rabbitmq_server__group_accounts: []
# ]]]
# .. envvar:: rabbitmq_server__host_accounts [[[
#
# List of RabbitMQ user accounts which should be managed on specific hosts in
# the Ansible inventory.
rabbitmq_server__host_accounts: []
# ]]]
# .. envvar:: rabbitmq_server__combined_accounts [[[
#
# Combined list of RabbitMQ user accounts, passed to the Ansible task.
rabbitmq_server__combined_accounts: '{{ rabbitmq_server__admin_accounts
+ rabbitmq_server__default_accounts
+ rabbitmq_server__accounts
+ rabbitmq_server__group_accounts
+ rabbitmq_server__host_accounts }}'
# ]]]
# .. envvar:: rabbitmq_server__admin_default_vhost [[[
#
# The default RabbitMQ virtual host which will be configured for the RabbitMQ
# administrator accounts.
rabbitmq_server__admin_default_vhost: '/'
# ]]]
# .. envvar:: rabbitmq_server__account_password_length [[[
#
# The default length of the autogenerated user account passwords.
rabbitmq_server__account_password_length: '32'
# ]]]
# ]]]
# RabbitMQ user limits [[[
# ------------------------
# These variables can be used to define RabbitMQ per-user limits (maximum number
# of connections and used channels).
# See :ref:`rabbitmq_server__ref_user_limits` for more details.
# .. envvar:: rabbitmq_server__user_limits [[[
#
# List of user limits which should be configured on all hosts in the Ansible
# inventory.
rabbitmq_server__user_limits: []
# ]]]
# .. envvar:: rabbitmq_server__group_user_limits [[[
#
# List of user limits which should be configured on hosts in specific Ansible
# inventory group.
rabbitmq_server__group_user_limits: []
# ]]]
# .. envvar:: rabbitmq_server__host_user_limits [[[
#
# List of user limits which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_user_limits: []
# ]]]
# .. envvar:: rabbitmq_server__combined_user_limits [[[
#
# Combined list of all user limits used in role tasks and templates.
rabbitmq_server__combined_user_limits: '{{ rabbitmq_server__user_limits
+ rabbitmq_server__group_user_limits
+ rabbitmq_server__host_user_limits }}'
# ]]]
# ]]]
# RabbitMQ exchanges [[[
# ----------------------
# These variables can be used to define RabbitMQ exchanges which receive
# messages for processing.
# See :ref:`rabbitmq_server__ref_exchanges` for more details.
# .. envvar:: rabbitmq_server__exchanges [[[
#
# List of exchanges which should be configured on all hosts in the Ansible
# inventory.
rabbitmq_server__exchanges: []
# ]]]
# .. envvar:: rabbitmq_server__group_exchanges [[[
#
# List of exchanges which should be configured on hosts in specific Ansible
# inventory group.
rabbitmq_server__group_exchanges: []
# ]]]
# .. envvar:: rabbitmq_server__host_exchanges [[[
#
# List of exchanges which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_exchanges: []
# ]]]
# .. envvar:: rabbitmq_server__combined_exchanges [[[
#
# Combined list of all exchanges used in role tasks and templates.
rabbitmq_server__combined_exchanges: '{{ rabbitmq_server__exchanges
+ rabbitmq_server__group_exchanges
+ rabbitmq_server__host_exchanges }}'
# ]]]
# ]]]
# RabbitMQ queues [[[
# -------------------
# These variables can be used to define RabbitMQ queues which store processed
# messages for consumers.
# See :ref:`rabbitmq_server__ref_queues` for more details.
# .. envvar:: rabbitmq_server__queues [[[
#
# List of queues which should be configured on all hosts in the Ansible
# inventory.
rabbitmq_server__queues: []
# ]]]
# .. envvar:: rabbitmq_server__group_queues [[[
#
# List of queues which should be configured on hosts in specific Ansible
# inventory group.
rabbitmq_server__group_queues: []
# ]]]
# .. envvar:: rabbitmq_server__host_queues [[[
#
# List of queues which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_queues: []
# ]]]
# .. envvar:: rabbitmq_server__combined_queues [[[
#
# Combined list of all queues used in role tasks and templates.
rabbitmq_server__combined_queues: '{{ rabbitmq_server__queues
+ rabbitmq_server__group_queues
+ rabbitmq_server__host_queues }}'
# ]]]
# ]]]
# RabbitMQ bindings [[[
# ---------------------
# These variables can be used to define RabbitMQ bindings which connect
# exchanges and queues.
# See :ref:`rabbitmq_server__ref_bindings` for more details.
# .. envvar:: rabbitmq_server__bindings [[[
#
# List of bindings which should be configured on all hosts in the Ansible
# inventory.
rabbitmq_server__bindings: []
# ]]]
# .. envvar:: rabbitmq_server__group_bindings [[[
#
# List of bindings which should be configured on hosts in specific Ansible
# inventory group.
rabbitmq_server__group_bindings: []
# ]]]
# .. envvar:: rabbitmq_server__host_bindings [[[
#
# List of bindings which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_bindings: []
# ]]]
# .. envvar:: rabbitmq_server__combined_bindings [[[
#
# Combined list of all bindings used in role tasks and templates.
rabbitmq_server__combined_bindings: '{{ rabbitmq_server__bindings
+ rabbitmq_server__group_bindings
+ rabbitmq_server__host_bindings }}'
# ]]]
# ]]]
# RabbitMQ feature flags [[[
# --------------------------
# These variables can be used to define RabbitMQ feature flags which should be
# present on specific or all RabbitMQ nodes.
# See :ref:`rabbitmq_server__ref_feature_flags` for more details.
# .. envvar:: rabbitmq_server__feature_flags [[[
#
# List of feature flags which should be configured on all hosts in the Ansible
# inventory.
rabbitmq_server__feature_flags: []
# ]]]
# .. envvar:: rabbitmq_server__group_feature_flags [[[
#
# List of feature flags which should be configured on hosts in specific Ansible
# inventory group.
rabbitmq_server__group_feature_flags: []
# ]]]
# .. envvar:: rabbitmq_server__host_feature_flags [[[
#
# List of feature flags which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_feature_flags: []
# ]]]
# .. envvar:: rabbitmq_server__combined_feature_flags [[[
#
# Combined list of all feature flags used in role tasks and templates.
rabbitmq_server__combined_feature_flags: '{{ rabbitmq_server__feature_flags
+ rabbitmq_server__group_feature_flags
+ rabbitmq_server__host_feature_flags }}'
# ]]]
# ]]]
# RabbitMQ global parameters [[[
# ------------------------------
# These variables can be used to define RabbitMQ global parameters on one or
# more RabbitMQ nodes.
# See :ref:`rabbitmq_server__ref_global_parameters` for more details.
# .. envvar:: rabbitmq_server__global_parameters [[[
#
# List of global parameters which should be configured on all hosts in the
# Ansible inventory.
rabbitmq_server__global_parameters: []
# ]]]
# .. envvar:: rabbitmq_server__group_global_parameters [[[
#
# List of global parameters which should be configured on hosts in specific
# Ansible inventory group.
rabbitmq_server__group_global_parameters: []
# ]]]
# .. envvar:: rabbitmq_server__host_global_parameters [[[
#
# List of global parameters which should be configured on specific hosts in the
# Ansible inventory.
rabbitmq_server__host_global_parameters: []
# ]]]
# .. envvar:: rabbitmq_server__combined_global_parameters [[[
#
# Combined list of all global parameters used in role tasks and templates.
rabbitmq_server__combined_global_parameters: '{{ rabbitmq_server__global_parameters
+ rabbitmq_server__group_global_parameters
+ rabbitmq_server__host_global_parameters }}'
# ]]]
# ]]]
# RabbitMQ cluster configuration [[[
# ----------------------------------
# .. envvar:: rabbitmq_server__cluster_allow [[[
#
# List of IP addresses or CIDR subnets which are allowed to communicate with
# the RabbitMQ service to form a cluster (TCP ports 4369, 25672).
# If nothing is specified, no direct cluster communication is allowed.
rabbitmq_server__cluster_allow: []
# ]]]
# ]]]
# Public Key Infrastructure configuration [[[
# -------------------------------------------
# These variables configure the PKI environment for RabbitMQ service using the
# :ref:`debops.pki` Ansible role. See its documentation for more details.
# .. envvar:: rabbitmq_server__pki [[[
#
# Enable or disable PKI support.
rabbitmq_server__pki: '{{ True
if (ansible_local.pki.enabled | d() and
ansible_local.pki.enabled | bool) else False }}'
# ]]]
# .. envvar:: rabbitmq_server__pki_path [[[
#
# Absolute path to the directory with PKI realms.
rabbitmq_server__pki_path: '{{ ansible_local.pki.path | d("/etc/pki/realms") }}'
# ]]]
# .. envvar:: rabbitmq_server__pki_realm [[[
#
# Name of the PKI realm to use by the RabbitMQ service.
rabbitmq_server__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
# ]]]
# .. envvar:: rabbitmq_server__pki_ca [[[
#
# Name of the Certificate Authority certificate file to use.
rabbitmq_server__pki_ca: '{{ ansible_local.pki.ca | d("CA.crt") }}'
# ]]]
# .. envvar:: rabbitmq_server__pki_crt [[[
#
# Name of the X.509 certificate file to use.
rabbitmq_server__pki_crt: '{{ ansible_local.pki.crt | d("default.crt") }}'
# ]]]
# .. envvar:: rabbitmq_server__pki_key [[[
#
# Name of the X.509 private key file to use.
rabbitmq_server__pki_key: '{{ ansible_local.pki.key | d("default.key") }}'
# ]]]
# .. envvar:: rabbitmq_server__cacertfile [[[
#
# Absolute path of the Certificate Authority certificate to use.
rabbitmq_server__cacertfile: '{{ rabbitmq_server__pki_path
+ "/" + rabbitmq_server__pki_realm
+ "/" + rabbitmq_server__pki_ca }}'
# ]]]
# .. envvar:: rabbitmq_server__certfile [[[
#
# Absolute path of the X.509 certificate to use.
rabbitmq_server__certfile: '{{ rabbitmq_server__pki_path
+ "/" + rabbitmq_server__pki_realm
+ "/" + rabbitmq_server__pki_crt }}'
# ]]]
# .. envvar:: rabbitmq_server__keyfile [[[
#
# Absolute path of the X.509 private key to use.
rabbitmq_server__keyfile: '{{ rabbitmq_server__pki_path
+ "/" + rabbitmq_server__pki_realm
+ "/" + rabbitmq_server__pki_key }}'
# ]]]
# .. envvar:: rabbitmq_server__ssl_versions [[[
#
# List of TLS/SSL protocol versions supported by the RabbitMQ service.
rabbitmq_server__ssl_versions: [ 'tlsv1.2', 'tlsv1.1' ]
# ]]]
# .. envvar:: rabbitmq_server__ssl_ciphers [[[
#
# A Erlang raw string which contains a list of TLS/SSL ciphers to allow by the
# server. Contents of this variable are gathered by the Ansible local facts.
rabbitmq_server__ssl_ciphers: '{{ ansible_local.rabbitmq_server.raw_erlang_ssl_ciphers | d("") }}'
# ]]]
# .. envvar:: rabbitmq_server__ssl_dhparam [[[
#
# Path to the file with Diffie-Hellman parameters to use by the RabbitMQ
# service. See :ref:`debops.dhparam` Ansible role for more details.
rabbitmq_server__ssl_dhparam: '{{ (ansible_local.dhparam[rabbitmq_server__ssl_dhparam_set]
if (ansible_local | d() and ansible_local.dhparam | d() and
ansible_local.dhparam[rabbitmq_server__ssl_dhparam_set] | d())
else "") }}'
# ]]]
# .. envvar:: rabbitmq_server__ssl_dhparam_set [[[
#
# Name of the ``dhparam`` set to use.
rabbitmq_server__ssl_dhparam_set: 'default'
# ]]]
# ]]]
# Configuration for other Ansible roles [[[
# -----------------------------------------
# .. envvar:: rabbitmq_server__etc_services__dependent_list [[[
#
# Configuration for the :ref:`debops.etc_services` Ansible role.
rabbitmq_server__etc_services__dependent_list:
- name: 'einc'
port: '25672'
comment: 'Erlang Inter-Node Communication (RabbitMQ)'
# ]]]
# .. envvar:: rabbitmq_server__ferm__dependent_rules [[[
#
# Configuration for the :ref:`debops.ferm` Ansible role.
rabbitmq_server__ferm__dependent_rules:
- name: 'rabbitmq-amqp'
type: 'accept'
saddr: '{{ rabbitmq_server__amqp_allow }}'
dport: [ 'amqp' ]
accept_any: '{{ False if rabbitmq_server__pki | bool else True }}'
- name: 'rabbitmq-amqps'
type: 'accept'
saddr: '{{ rabbitmq_server__amqps_allow }}'
dport: [ 'amqps' ]
accept_any: True
rule_state: '{{ "present" if rabbitmq_server__pki | bool else "absent" }}'
- name: 'rabbitmq-cluster'
type: 'accept'
saddr: '{{ rabbitmq_server__cluster_allow }}'
dport: [ 'epmd', 'einc' ]
accept_any: False
# ]]]
# ]]]
# ]]]

34
ansible_collections/debops/debops/roles/rabbitmq_server/meta/main.yml Normal file
View file

@ -0,0 +1,34 @@
---
# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017-2022 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Ensure that custom Ansible plugins and modules included in the main DebOps
# collection are available to roles in other collections.
collections: [ 'debops.debops' ]
dependencies: []
galaxy_info:
author: 'Maciej Delmanowski'
description: 'Manage RabbitMQ service'
company: 'DebOps'
license: 'GPL-3.0-only'
min_ansible_version: '2.3.0'
platforms:
- name: 'Ubuntu'
versions: [ 'all' ]
- name: 'Debian'
versions: [ 'all' ]
galaxy_tags:
- amqp
- stomp
- mqtt
- broker
- queue
- networking

311
ansible_collections/debops/debops/roles/rabbitmq_server/tasks/main.yml Normal file
View file

@ -0,0 +1,311 @@
---
# Copyright (C) 2017-2024 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017-2024 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Import DebOps global handlers
ansible.builtin.import_role:
name: 'global_handlers'
- name: Import DebOps secret role
ansible.builtin.import_role:
name: 'secret'
- name: Make sure that required UNIX group exists
ansible.builtin.group:
name: '{{ rabbitmq_server__group }}'
state: 'present'
system: True
- name: Make sure that required UNIX account exists
ansible.builtin.user:
name: '{{ rabbitmq_server__user }}'
group: '{{ rabbitmq_server__group }}'
groups: '{{ rabbitmq_server__append_groups | join(",") }}'
home: '{{ rabbitmq_server__home }}'
comment: 'RabbitMQ messaging server'
shell: '/bin/false'
state: 'present'
system: True
append: True
# Without this, first Erlang cookie lookup on each host
# returns different values.
- name: Initialize Erlang cookie on the Ansible Controller
ansible.builtin.set_fact:
rabbitmq_server__fact_erlang_cookie: '{{ rabbitmq_server__erlang_cookie_password }}'
delegate_to: 'localhost'
become: False
run_once: True
no_log: '{{ debops__no_log | d(True) }}'
- name: Configure Erlang cookie
ansible.builtin.copy:
content: '{{ rabbitmq_server__erlang_cookie_password }}'
dest: '{{ rabbitmq_server__erlang_cookie_path }}'
owner: '{{ rabbitmq_server__user }}'
group: '{{ rabbitmq_server__group }}'
mode: '0400'
notify: [ 'Restart rabbitmq-server' ]
no_log: '{{ debops__no_log | d(True) }}'
- name: Ensure that configuration directory exists
ansible.builtin.file:
path: '/etc/rabbitmq'
state: 'directory'
owner: '{{ rabbitmq_server__user }}'
group: '{{ rabbitmq_server__group }}'
mode: '0755'
- name: Generate RabbitMQ environment file
ansible.builtin.template:
src: 'etc/rabbitmq/rabbitmq-env.conf.j2'
dest: '/etc/rabbitmq/rabbitmq-env.conf'
owner: 'root'
group: 'root'
mode: '0644'
notify: [ 'Restart rabbitmq-server' ]
tags: [ 'role::rabbitmq_server:config' ]
- name: Install RabbitMQ packages
ansible.builtin.package:
name: '{{ q("flattened", (rabbitmq_server__base_packages
+ rabbitmq_server__packages)) }}'
state: 'present'
register: rabbitmq_server__register_packages
until: rabbitmq_server__register_packages is succeeded
- name: Check if the dependent config file exists
ansible.builtin.stat:
path: '{{ secret + "/rabbitmq_server/dependent_config/" + inventory_hostname + "/config.json" }}'
register: rabbitmq_server__register_dependent_config_file
become: False
delegate_to: 'localhost'
when: (ansible_local | d() and ansible_local.rabbitmq_server | d() and
ansible_local.rabbitmq_server.installed is defined and
ansible_local.rabbitmq_server.installed | bool)
tags: [ 'role::rabbitmq_server:config' ]
- name: Load the dependent configuration from Ansible Controller
ansible.builtin.slurp:
src: '{{ secret + "/rabbitmq_server/dependent_config/" + inventory_hostname + "/config.json" }}'
register: rabbitmq_server__register_dependent_config
become: False
delegate_to: 'localhost'
when: (ansible_local | d() and ansible_local.rabbitmq_server | d() and
ansible_local.rabbitmq_server.installed is defined and
ansible_local.rabbitmq_server.installed | bool and
rabbitmq_server__register_dependent_config_file.stat.exists | bool)
tags: [ 'role::rabbitmq_server:config' ]
- name: Make sure that Ansible local facts directory exists
ansible.builtin.file:
path: '/etc/ansible/facts.d'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0755'
- name: Save RabbitMQ local facts
ansible.builtin.template:
src: 'etc/ansible/facts.d/rabbitmq_server.fact.j2'
dest: '/etc/ansible/facts.d/rabbitmq_server.fact'
owner: 'root'
group: 'root'
mode: '0755'
notify: [ 'Refresh host facts' ]
tags: [ 'meta::facts' ]
- name: Update Ansible facts if they were modified
ansible.builtin.meta: 'flush_handlers'
- name: Generate RabbitMQ configuration
ansible.builtin.template:
src: 'etc/rabbitmq/rabbitmq.config.j2'
dest: '/etc/rabbitmq/rabbitmq.config'
owner: '{{ rabbitmq_server__user }}'
group: '{{ rabbitmq_server__group }}'
mode: '0600'
notify: [ 'Restart rabbitmq-server' ]
tags: [ 'role::rabbitmq_server:config' ]
- name: Manage RabbitMQ plugins
community.rabbitmq.rabbitmq_plugin:
names: '{{ item.name | d(item) }}'
state: '{{ "enabled" if item.state | d("present") != "absent" else "disabled" }}'
prefix: '{{ item.prefix | d(omit) }}'
new_only: True
loop: '{{ q("flattened", rabbitmq_server__combined_plugins) }}'
notify: [ 'Restart rabbitmq-server' ]
tags: [ 'role::rabbitmq_server:config' ]
- name: Manage RabbitMQ virtual hosts
community.rabbitmq.rabbitmq_vhost:
name: '{{ item.name | d(item) }}'
node: '{{ item.node | d(omit) }}'
state: '{{ item.state | d("present") }}'
tracing: '{{ item.tracing | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_vhosts) }}'
tags: [ 'role::rabbitmq_server:vhost', 'role::rabbitmq_server:parameter',
'role::rabbitmq_server:policy', 'role::rabbitmq_server:user' ]
- name: Manage RabbitMQ virtual host limits
community.rabbitmq.rabbitmq_vhost_limits:
vhost: '{{ item.vhost }}'
node: '{{ item.node | d(omit) }}'
max_connections: '{{ item.max_connections | d(omit) }}'
max_queues: '{{ item.max_queues | d(omit) }}'
state: '{{ item.state | d("present") }}'
loop: '{{ q("flattened", rabbitmq_server__combined_vhost_limits) }}'
tags: [ 'role::rabbitmq_server:vhost' ]
- name: Manage RabbitMQ feature flags
community.rabbitmq.rabbitmq_feature_flag:
name: '{{ item.name }}'
node: '{{ item.node | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_feature_flags) }}'
- name: Manage RabbitMQ global parameters
community.rabbitmq.rabbitmq_global_parameter:
name: '{{ item.name }}'
node: '{{ item.node | d(omit) }}'
state: '{{ item.state | d("present") }}'
value: '{{ item.value | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_global_parameters) }}'
tags: [ 'role::rabbitmq_server:parameter' ]
- name: Manage RabbitMQ parameters
community.rabbitmq.rabbitmq_parameter:
component: '{{ item.component }}'
name: '{{ item.name }}'
node: '{{ item.node | d(omit) }}'
state: '{{ item.state | d("present") }}'
value: '{{ item.value | d(omit) }}'
vhost: '{{ item.vhost | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_parameters) }}'
when: (item.name | d() and item.component | d())
tags: [ 'role::rabbitmq_server:parameter' ]
- name: Manage RabbitMQ policies
community.rabbitmq.rabbitmq_policy:
name: '{{ item.name }}'
pattern: '{{ item.pattern }}'
tags: '{{ item.tags }}'
apply_to: '{{ item.apply_to | d(omit) }}'
node: '{{ item.node | d(omit) }}'
priority: '{{ item.priority | d(omit) }}'
state: '{{ item.state | d("present") }}'
vhost: '{{ item.vhost | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_policies) }}'
when: (item.name | d() and item.pattern | d() and item.tags | d())
tags: [ 'role::rabbitmq_server:policy' ]
- name: Manage RabbitMQ user accounts
community.rabbitmq.rabbitmq_user:
user: '{{ item.user | d(item.name) | d(item) }}'
force: '{{ item.force | d(omit) }}'
node: '{{ item.node | d(omit) }}'
permissions: '{{ item.permissions | d(omit) }}' # noqa args[module]
configure_priv: '{{ item.configure_priv | d(omit) }}'
read_priv: '{{ item.read_priv | d(omit) }}'
write_priv: '{{ item.write_priv | d(omit) }}'
state: '{{ item.state | d("present") }}'
vhost: '{{ item.vhost | d(omit) }}'
password: '{{ item.password | d(lookup("password",
secret + "/rabbitmq_server/accounts/"
+ (item.user | d(item.name | d(item)))
+ "/password length="
+ rabbitmq_server__account_password_length)) }}'
tags: '{{ (((item.tags.split(",") | list)
if (item.tags | d() and item.tags is string)
else item.tags) | join(","))
if item.tags | d() else omit }}'
loop: '{{ q("flattened", rabbitmq_server__combined_accounts) }}'
tags: [ 'role::rabbitmq_server:user' ]
no_log: '{{ debops__no_log | d(True) }}'
- name: Manage RabbitMQ user limits
community.rabbitmq.rabbitmq_user_limits:
user: '{{ item.user }}'
node: '{{ item.node | d(omit) }}'
max_connections: '{{ item.max_connections | d(omit) }}'
max_channels: '{{ item.max_channels | d(omit) }}'
state: '{{ item.state | d("present") }}'
loop: '{{ q("flattened", rabbitmq_server__combined_user_limits) }}'
tags: [ 'role::rabbitmq_server:user' ]
- name: Manage RabbitMQ exchanges
community.rabbitmq.rabbitmq_exchange:
name: '{{ item.name }}'
arguments: '{{ item.arguments | d(omit) }}'
auto_delete: '{{ item.auto_delete | d(omit) }}'
ca_cert: '{{ item.ca_cert | d(omit) }}'
client_cert: '{{ item.client_cert | d(omit) }}'
client_key: '{{ item.client_key | d(omit) }}'
durable: '{{ item.durable | d(omit) }}'
exchange_type: '{{ item.exchange_type | d(omit) }}'
internal: '{{ item.internal | d(omit) }}'
login_host: '{{ item.login_host | d(omit) }}'
login_password: '{{ item.login_password | d(omit) }}'
login_port: '{{ item.login_port | d(omit) }}'
login_protocol: '{{ item.login_protocol | d(omit) }}'
login_user: '{{ item.login_user | d(omit) }}'
state: '{{ item.state | d("present") }}'
vhost: '{{ item.vhost | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_exchanges) }}'
no_log: '{{ debops__no_log | d(True) }}'
- name: Manage RabbitMQ queues
community.rabbitmq.rabbitmq_queue:
name: '{{ item.name }}'
arguments: '{{ item.arguments | d(omit) }}'
auto_delete: '{{ item.auto_delete | d(omit) }}'
auto_expires: '{{ item.auto_expires | d(omit) }}'
ca_cert: '{{ item.ca_cert | d(omit) }}'
client_cert: '{{ item.client_cert | d(omit) }}'
client_key: '{{ item.client_key | d(omit) }}'
dead_letter_exchange: '{{ item.dead_letter_exchange | d(omit) }}'
dead_letter_routing_key: '{{ item.dead_letter_routing_key | d(omit) }}'
durable: '{{ item.durable | d(omit) }}'
login_host: '{{ item.login_host | d(omit) }}'
login_password: '{{ item.login_password | d(omit) }}'
login_port: '{{ item.login_port | d(omit) }}'
login_protocol: '{{ item.login_protocol | d(omit) }}'
login_user: '{{ item.login_user | d(omit) }}'
max_length: '{{ item.max_length | d(omit) }}'
max_priority: '{{ item.max_priority | d(omit) }}'
message_ttl: '{{ item.message_ttl | d(omit) }}'
state: '{{ item.state | d("present") }}'
vhost: '{{ item.vhost | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_queues) }}'
no_log: '{{ debops__no_log | d(True) }}'
tags: [ 'role::rabbitmq_server:queue' ]
- name: Manage RabbitMQ bindings
community.rabbitmq.rabbitmq_binding:
name: '{{ item.name }}'
ca_cert: '{{ item.ca_cert | d(omit) }}'
client_cert: '{{ item.client_cert | d(omit) }}'
client_key: '{{ item.client_key | d(omit) }}'
destination: '{{ item.destination }}'
destination_type: '{{ item.destination_type }}'
login_host: '{{ item.login_host | d(omit) }}'
login_password: '{{ item.login_password | d(omit) }}'
login_port: '{{ item.login_port | d(omit) }}'
login_protocol: '{{ item.login_protocol | d(omit) }}'
login_user: '{{ item.login_user | d(omit) }}'
arguments: '{{ item.arguments | d(omit) }}'
routing_key: '{{ item.routing_key | d(omit) }}'
state: '{{ item.state | d("present") }}'
vhost: '{{ item.vhost | d(omit) }}'
loop: '{{ q("flattened", rabbitmq_server__combined_bindings) }}'
no_log: '{{ debops__no_log | d(True) }}'
- name: Save RabbitMQ dependent configuration on Ansible Controller
ansible.builtin.template:
src: 'secret/rabbitmq_server/dependent_config/inventory_hostname/config.json.j2'
dest: '{{ secret + "/rabbitmq_server/dependent_config/" + inventory_hostname + "/config.json" }}'
mode: '0644'
become: False
delegate_to: 'localhost'
tags: [ 'role::rabbitmq_server:config' ]

9
ansible_collections/debops/debops/roles/rabbitmq_server/tasks/main_env.yml Normal file
View file

@ -0,0 +1,9 @@
---
# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Prepare debops.rabbitmq_server environment
ansible.builtin.set_fact:
rabbitmq_server__secret__directories: '{{ lookup("template", "lookup/rabbitmq_server__secret__directories.j2")
| from_yaml }}'

60
ansible_collections/debops/debops/roles/rabbitmq_server/templates/etc/ansible/facts.d/rabbitmq_server.fact.j2 Normal file
View file

@ -0,0 +1,60 @@
#!{{ ansible_python['executable'] }}
# -*- coding: utf-8 -*-
# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# {{ ansible_managed }}
from __future__ import print_function
from json import load, loads, dumps
from sys import exit
import subprocess
import signal
import os
output = loads('''{{ ({
"installed": true
}) | to_nice_json }}''')
# Strings in the 'rabbitmqctl` output which will be filtered out
disable_ciphers = ('rc4', '3des', '{rsa,aes_', ',sha}')
erlang_output = []
raw_erlang_stdout = ''
try:
FNULL = open('/dev/null', 'w')
raw_erlang_stdout = subprocess.check_output(
["/usr/sbin/rabbitmqctl -q eval 'ssl:cipher_suites().'"],
shell=True, stderr=FNULL).decode('utf-8')
except subprocess.CalledProcessError:
pass
if raw_erlang_stdout:
for line in raw_erlang_stdout.split('\n'):
if (line and not any(s in line for s in disable_ciphers)
and not line.endswith('...done.')):
line_clean = (line.replace(
'[{', '').replace(
' {', '').replace(
'},', '').replace(
'}]', '').split(','))
if len(line_clean) == 3:
erlang_output.append(
"{{ '{{' }}{:<16} {:<13} {}{{ '}}' }},".format(
line_clean[0] + ',', line_clean[1] + ',',
line_clean[2]))
elif len(line_clean) == 4:
erlang_output.append(
"{{ '{{' }}{:<16} {:<13} {:<8} {}{{ '}}' }},".format(
line_clean[0] + ',', line_clean[1] + ',',
line_clean[2] + ',', line_clean[3]))
raw_erlang_output = "{}".format("\n".join(erlang_output).rstrip(','))
if raw_erlang_output:
output.update({'raw_erlang_ssl_ciphers': raw_erlang_output})
print(dumps(output, sort_keys=True, indent=4))

11
ansible_collections/debops/debops/roles/rabbitmq_server/templates/etc/rabbitmq/rabbitmq-env.conf.j2 Normal file
View file

@ -0,0 +1,11 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}}
# Custom environment variables for RabbitMQ Server
{% for env_key, env_value in rabbitmq_server__combined_environment.items() %}
{{ '{}="{}"'.format(env_key | upper, env_value) }}
{% endfor %}

236
ansible_collections/debops/debops/roles/rabbitmq_server/templates/etc/rabbitmq/rabbitmq.config.j2 Normal file
View file

@ -0,0 +1,236 @@
%% -*- mode: erlang -*-
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
%% {{ ansible_managed }}
%% ---------------------------------------------------------------------
%% RabbitMQ Configuration File.
%%
%% See https://www.rabbitmq.com/configure.html for details.
%% ---------------------------------------------------------------------
{% set rabbitmq_server__tpl_config = {} %}
{% for element in rabbitmq_server__combined_config %}
{% if element is mapping %}
{% if element.name | d() and element.state | d('present') != 'ignore' %}
{% set rabbitmq_server__tpl_application = (rabbitmq_server__tpl_config[element.name].copy() if rabbitmq_server__tpl_config[element.name] is defined else {}) %}
{% set _ = rabbitmq_server__tpl_application.update({
'name': element.name,
'state': element.state | d('present'),
'weight': element.weight | d(rabbitmq_server__tpl_application.weight | d(0)) | int
}) %}
{% if element.comment | d() %}
{% set _ = rabbitmq_server__tpl_application.update({ 'comment': element.comment }) %}
{% endif %}
{% if element.options | d() %}
{% set rabbitmq_server__tpl_options = (rabbitmq_server__tpl_application['options'].copy() if rabbitmq_server__tpl_application['options'] is defined else {}) %}
{% for option in element.options %}
{% if option.name | d() and option.state | d('present') != 'ignore' %}
{% set option_params = (rabbitmq_server__tpl_options[option.name].copy() if rabbitmq_server__tpl_options[option.name] is defined else {}) %}
{% set _ = option_params.update({
'name': option.name | d(rabbitmq_server__tpl_options.name),
'value': option.value | d(rabbitmq_server__tpl_options.value),
'state': option.state | d(rabbitmq_server__tpl_options.state | d('present')),
'weight': option.weight | d(rabbitmq_server__tpl_options.weight | d(0)) | int
}) %}
{% if option.comment is defined %}
{% set _ = option_params.update({ 'comment': option.comment }) %}
{% endif %}
{% if option.option is defined %}
{% set _ = option_params.update({ 'option': option.option }) %}
{% endif %}
{% if option.type is defined %}
{% set _ = option_params.update({ 'type': option.type }) %}
{% else %}
{% if option.value is defined %}
{% if option.value | bool and option.value is not iterable %}
{% set _ = option_params.update({ 'type': 'boolean' }) %}
{% elif not option.value | bool and option.value is not iterable %}
{% if option.value is not none %}
{% if option.value | int or option.value | string == '0' %}
{% set _ = option_params.update({ 'type': 'number' }) %}
{% else %}
{% set _ = option_params.update({ 'type': 'boolean' }) %}
{% endif %}
{% endif %}
{% elif option.value is string %}
{% if (option.value.split('\n') | list | count > 1) %}
{% set _ = option_params.update({ 'type': 'raw' }) %}
{% elif option_params.type is undefined %}
{% set _ = option_params.update({ 'type': 'string' }) %}
{% elif option_params.type is defined and option_params.type in [ 'bit-string', 'bit-list' ] %}
{% set _ = option_params.update({ 'type': 'bit-string' }) %}
{% endif %}
{% elif option.value is number %}
{% set _ = option_params.update({ 'type': 'number' }) %}
{% elif option.value is mapping %}
{% set _ = option_params.update({ 'type': 'mapping' }) %}
{% elif option.value is not string and option.value is not mapping %}
{% if option_params.type is undefined %}
{% set _ = option_params.update({ 'type': 'list' }) %}
{% elif option_params.type is defined and option_params.type in [ 'bit-string', 'bit-list' ] %}
{% set _ = option_params.update({ 'type': 'bit-list' }) %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% if option_params | d() %}
{% set _ = rabbitmq_server__tpl_options.update({ option.name: option_params }) %}
{% endif %}
{% elif option is mapping and (not option.name | d() and not option.state | d()) %}
{% for option_key, option_value in option.items() %}
{% set option_params = (rabbitmq_server__tpl_options[option_key].copy() if rabbitmq_server__tpl_options[option_key] is defined else {}) %}
{% set _ = option_params.update({
'name': option_key,
'value': option_value,
'state': rabbitmq_server__tpl_options.state | d('present'),
'weight': rabbitmq_server__tpl_options.weight | d(0) | int
}) %}
{% if option_value | bool and option_value is not iterable %}
{% set _ = option_params.update({ 'type': 'boolean' }) %}
{% elif not option_value | bool and option_value is not iterable %}
{% if option_value is not none %}
{% if option_value | int or option_value | string == '0' %}
{% set _ = option_params.update({ 'type': 'number' }) %}
{% else %}
{% set _ = option_params.update({ 'type': 'boolean' }) %}
{% endif %}
{% endif %}
{% elif option_value is string %}
{% if (option_value.split('\n') | list | count > 1) %}
{% set _ = option_params.update({ 'type': 'raw' }) %}
{% elif option_params.type is undefined %}
{% set _ = option_params.update({ 'type': 'string' }) %}
{% elif option_params.type is defined and option_params.type in [ 'bit-string', 'bit-list' ] %}
{% set _ = option_params.update({ 'type': 'bit-string' }) %}
{% endif %}
{% elif option_value is number %}
{% set _ = option_params.update({ 'type': 'number' }) %}
{% elif option_value is mapping %}
{% set _ = option_params.update({ 'type': 'mapping' }) %}
{% elif option_value is not string and option_value is not mapping %}
{% if option_params.type is defined and option_params.type in [ 'bit-string', 'bit-list' ] %}
{% set _ = option_params.update({ 'type': 'bit-list' }) %}
{% else %}
{% set _ = option_params.update({ 'type': 'list' }) %}
{% endif %}
{% endif %}
{% if option_params | d() %}
{% set _ = rabbitmq_server__tpl_options.update({ option_key: option_params }) %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% if rabbitmq_server__tpl_options | d() %}
{% set _ = rabbitmq_server__tpl_application.update({ 'options': rabbitmq_server__tpl_options }) %}
{% endif %}
{% endif %}
{% set _ = rabbitmq_server__tpl_config.update({ element.name: rabbitmq_server__tpl_application }) %}
{% endif %}
{% endif %}
{% endfor %}
{# ------------------------------------------------------------------ #}
{% macro print_values(elements) %}
{% if elements.type in [ 'bit-list', 'bit-string' ] %}
{% if elements.value is string %}
{{ '<<"{}">>'.format(elements.value) -}}
{% elif elements.value is not string and elements.value is not mapping %}
{{ '[<<"{}">>]'.format(elements.value | join('">>, <<"')) -}}
{% endif %}
{% elif elements.type == 'string' %}
{{ '"{}"'.format(elements.value) -}}
{% elif elements.type in [ 'number', 'raw' ] %}
{{ '{}'.format(elements.value) -}}
{% elif elements.type == 'list' %}
{{ '{}'.format(elements.value | to_json) -}}
{% elif elements.type == 'atom' %}
{% if elements.value is string %}
{% if elements.value is search('^[A-Z].+') %}
{{ "'{}'".format(elements.value) -}}
{% elif elements.value is search('[^a-zA-Z0-9@_].+') %}
{{ "'{}'".format(elements.value) -}}
{% else %}
{{ '{}'.format(elements.value) -}}
{% endif %}
{% elif elements.value is not string and elements.value is not mapping %}
{% set rabbitmq_server__tpl_atom_list = [] %}
{% for thing in elements.value %}
{% if thing is search('^[A-Z].+') %}
{% set _ = rabbitmq_server__tpl_atom_list.append("'{}'".format(thing)) %}
{% elif thing is search('[^a-zA-Z0-9@_].+') %}
{% set _ = rabbitmq_server__tpl_atom_list.append("'{}'".format(thing)) %}
{% else %}
{% set _ = rabbitmq_server__tpl_atom_list.append('{}'.format(thing)) %}
{% endif %}
{% endfor %}
{% if rabbitmq_server__tpl_atom_list %}
{{ '[' + (rabbitmq_server__tpl_atom_list | join(', ')) + ']' -}}
{% endif %}
{% endif %}
{% elif elements.type == 'boolean' %}
{{ '{}'.format(elements.value | bool | lower) -}}
{% endif %}
{% endmacro %}
{# ------------------------------------------------------------------ #}
{% macro print_options(elements) %}
{% set rabbitmq_server__tpl_print_options = [] %}
{% for key, value in elements.items() %}
{% if value.state | d('present') not in [ 'absent' ] %}
{% set _ = rabbitmq_server__tpl_print_options.append(value) %}
{% endif %}
{% endfor %}
{% for option in rabbitmq_server__tpl_print_options | sort(attribute='weight') %}
{% if option.comment | d() %}
{{ option.comment | regex_replace('\n$','') | comment(decoration=' %% ', prefix='', postfix='') -}}
{% endif %}
{% if option.type != 'raw' %}
{{ ' {{{:<30} {}}}{}'.format((option.option | d(option.name)) + ',', print_values(option), (',\n' if not loop.last | bool else '')) }}
{% else %}
{% if option.value is string %}
{% if option.value.split('\n') | list | count == 1 %}
{{ ' {{{:<30} {}{}'.format((option.option | d(option.name)) + ',', option.value.split('\n')[0], ('},\n' if not loop.last | bool else '}')) }}
{% else %}
{{ ' {{{:<30} {}'.format((option.option | d(option.name)) + ',', option.value.split('\n')[0]) }}
{% set outer_loop = loop %}
{% for line in option.value.split('\n')[1:] %}
{% if line %}
{{ ' {:<31} {}'.format('', line) }}
{% endif %}
{% if loop.last | bool %}
{{ ' }}{}'.format((',\n' if not outer_loop.last | bool else '')) }}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endmacro %}
{# ------------------------------------------------------------------ #}
{% macro print_erlang(erlang_config) %}
{% set rabbitmq_server__tpl_sorted_config = [] %}
{% for application, params in erlang_config.items() %}
{% set _ = rabbitmq_server__tpl_sorted_config.append(params) %}
{% endfor %}
{% for params in rabbitmq_server__tpl_sorted_config | sort(attribute='weight') %}
{% if params is mapping and params.state | d('present') != 'absent' %}
{% if params.comment | d() %}
{{ params.comment | regex_replace('\n$','') | comment(decoration=' %% ', prefix=' %% -------------------------------------------------------------------', postfix=' %% -------------------------------------------------------------------\n') -}}
{% endif %}
{{ ' {{{}, ['.format(params.name) }}
{% if params.options | d() %}
{{ print_options(params.options) -}}
{% endif %}
{% if loop.last | bool %}
]}
{% else %}
]},
{% endif %}
{% endif %}
{% endfor %}
{% endmacro %}
[{{ ('\n' + print_erlang(rabbitmq_server__tpl_config)) if rabbitmq_server__tpl_config else '' -}}
].

21
ansible_collections/debops/debops/roles/rabbitmq_server/templates/lookup/rabbitmq_server__accounts_vhosts.j2 Normal file
View file

@ -0,0 +1,21 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set rabbitmq_server__tpl_accounts_vhosts = [] %}
{% for account in lookup("flattened", rabbitmq_server__combined_accounts) %}
{% set entry = {} %}
{% if account.vhost | d() and account.state | d('present') != 'absent' %}
{% set _ = entry.update({'name': account.vhost}) %}
{% if account.node | d() %}
{% set _ = entry.update({'node': account.node}) %}
{% endif %}
{% if account.tracing | d() %}
{% set _ = entry.update({'tracing': account.tracing}) %}
{% endif %}
{% endif %}
{% if entry | d() %}
{% set _ = rabbitmq_server__tpl_accounts_vhosts.append(entry) %}
{% endif %}
{% endfor %}
{{ rabbitmq_server__tpl_accounts_vhosts }}

18
ansible_collections/debops/debops/roles/rabbitmq_server/templates/lookup/rabbitmq_server__admin_accounts.j2 Normal file
View file

@ -0,0 +1,18 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set rabbitmq_server__tpl_admin_accounts = [] %}
{% if ansible_local.core.admin_users | d() %}
{% for admin in ansible_local.core.admin_users %}
{% set _ = rabbitmq_server__tpl_admin_accounts.append({
'name': admin,
'vhost': rabbitmq_server__admin_default_vhost,
'tags': 'administrator',
'configure_priv': '.*',
'read_priv': '.*',
'write_priv': '.*'
}) %}
{% endfor %}
{% endif %}
{{ rabbitmq_server__tpl_admin_accounts }}

23
ansible_collections/debops/debops/roles/rabbitmq_server/templates/lookup/rabbitmq_server__dependent_config_filter.j2 Normal file
View file

@ -0,0 +1,23 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set rabbitmq_server__tpl_dependent_config = {} %}
{% if (rabbitmq_server__register_dependent_config | d() and rabbitmq_server__register_dependent_config.content | d()) %}
{% set _ = rabbitmq_server__tpl_dependent_config.update(rabbitmq_server__register_dependent_config.content | b64decode | trim | from_json) %}
{% endif %}
{% if rabbitmq_server__dependent_role | d() %}
{% if rabbitmq_server__dependent_state == 'present' %}
{% set rabbitmq_server__tpl_flattened_config = lookup('flattened', rabbitmq_server__dependent_config) %}
{% set _ = rabbitmq_server__tpl_dependent_config.update({
rabbitmq_server__dependent_role: ([ rabbitmq_server__tpl_flattened_config ] if rabbitmq_server__tpl_flattened_config is mapping else rabbitmq_server__tpl_flattened_config)
}) %}
{% elif rabbitmq_server__dependent_state == 'absent' %}
{% set _ = rabbitmq_server__tpl_dependent_config.pop(rabbitmq_server__dependent_role, None) %}
{% endif %}
{% endif %}
{% set rabbitmq_server__tpl_output = [] %}
{% for key, value in rabbitmq_server__tpl_dependent_config.items() %}
{% set _ = rabbitmq_server__tpl_output.extend(value) %}
{% endfor %}
{{ rabbitmq_server__tpl_output | to_yaml }}

17
ansible_collections/debops/debops/roles/rabbitmq_server/templates/lookup/rabbitmq_server__parameters_vhosts.j2 Normal file
View file

@ -0,0 +1,17 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set rabbitmq_server__tpl_parameters_vhosts = [] %}
{% for parameter in lookup("flattened", rabbitmq_server__combined_parameters) %}
{% if parameter.vhost | d() and parameter.state | d('present') != 'absent' %}
{% set _ = rabbitmq_server__tpl_parameters_vhosts.append({ 'name': parameter.vhost }) %}
{% endif %}
{% if parameter.node | d() %}
{% set _ = rabbitmq_server__tpl_parameters_vhosts.append({ 'node': parameter.node }) %}
{% endif %}
{% if parameter.tracing | d() %}
{% set _ = rabbitmq_server__tpl_parameters_vhosts.append({ 'tracing': parameter.tracing }) %}
{% endif %}
{% endfor %}
{{ rabbitmq_server__tpl_parameters_vhosts }}

17
ansible_collections/debops/debops/roles/rabbitmq_server/templates/lookup/rabbitmq_server__policies_vhosts.j2 Normal file
View file

@ -0,0 +1,17 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set rabbitmq_server__tpl_policies_vhosts = [] %}
{% for policy in lookup("flattened", rabbitmq_server__combined_policies) %}
{% if policy.vhost | d() and policy.state | d('present') != 'absent' %}
{% set _ = rabbitmq_server__tpl_policies_vhosts.append({ 'name': policy.vhost }) %}
{% endif %}
{% if policy.node | d() %}
{% set _ = rabbitmq_server__tpl_policies_vhosts.append({ 'node': policy.node }) %}
{% endif %}
{% if policy.tracing | d() %}
{% set _ = rabbitmq_server__tpl_policies_vhosts.append({ 'tracing': policy.tracing }) %}
{% endif %}
{% endfor %}
{{ rabbitmq_server__tpl_policies_vhosts }}

7
ansible_collections/debops/debops/roles/rabbitmq_server/templates/lookup/rabbitmq_server__secret__directories.j2 Normal file
View file

@ -0,0 +1,7 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% for host in play_hosts %}
- 'rabbitmq_server/dependent_config/{{ host }}'
{% endfor %}

19
ansible_collections/debops/debops/roles/rabbitmq_server/templates/secret/rabbitmq_server/dependent_config/inventory_hostname/config.json.j2 Normal file
View file

@ -0,0 +1,19 @@
{# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set rabbitmq_server__tpl_dependent_config = {} %}
{% if (rabbitmq_server__register_dependent_config | d() and rabbitmq_server__register_dependent_config.content | d()) %}
{% set _ = rabbitmq_server__tpl_dependent_config.update(rabbitmq_server__register_dependent_config.content | b64decode | trim | from_json) %}
{% endif %}
{% if rabbitmq_server__dependent_role | d() %}
{% if rabbitmq_server__dependent_state == 'present' %}
{% set rabbitmq_server__tpl_flattened_config = lookup('flattened', rabbitmq_server__dependent_config) %}
{% set _ = rabbitmq_server__tpl_dependent_config.update({
rabbitmq_server__dependent_role: ([ rabbitmq_server__tpl_flattened_config ] if rabbitmq_server__tpl_flattened_config is mapping else rabbitmq_server__tpl_flattened_config)
}) %}
{% elif rabbitmq_server__dependent_state == 'absent' %}
{% set _ = rabbitmq_server__tpl_dependent_config.pop(rabbitmq_server__dependent_role, None) %}
{% endif %}
{% endif %}
{{ rabbitmq_server__tpl_dependent_config | to_nice_json }}