ansible-playbook-rabbitmq/README.md

6.0 KiB

Rabbitmq Playbook

Playbook to install and configure rabbitmq. Will come with various configuration tweaking later on.

If you wish to discuss modifications, or help to support more platforms, open an issue.

Installation

Use Ansible galaxy to install this playbook:

$ ansible-galaxy install Mayeu.RabbitMQ,1.4.0

The master branch should currently be considered instable. Please avoid using it for something else than test purpose :)

Supported system

Currently only Debian Jessie and Wheezy on amd64 are supported. Patch welcome to support other distribution or OS.

Semantic versioning 2.0.0

Starting with the commit 67c608826a140868a71854ce3129b5f3d67ddcce, this playbook use semantic versioning. Following the specification, and since the playbook is used in production and I want to avoid breaking the compatibility, the first version number is 1.0.0

The public API defined in the semantic versioning correspond to the settings available to the user. Breaking the API (incrementing from X.Y.Z to (X+1).Y.Z) in this context mean that the user need to change variable name for its playbook to run.

Any new feature added (from X.Y.Z to X.(Y+1).Z) should have a working default value that need no user interaction by default. If a feature addition require user interaction, then it is not a minor upgrade, but a major one.

Role Variables

Installation

Name Type Description Default
rabbitmq_os_package Bool When true uses the default package proposed by the OS or distribution instead of the one distributed by RabbitMQ. false

Environment

Name Type Description Default
rabbitmq_conf_env Hash Set environment variable undef

Exemple:

rabbitmq_conf_env:
  RABBITMQ_ROCKS: correct

Will generate:

RABBITMQ_ROCKS="correct"

Certificate

Name Type Description Default
rabbitmq_cacert String Path of the CA certificate file. files/rabbitmq_cacert.pem
rabbitmq_server_key String Path of the SSL key file. files/rabbitmq_server_key.pem
rabbitmq_server_cert String Path of the SSL certificate file. files/rabbitmq_server_cert.pem
rabbitmq_ssl Boolean Define if we need to use SSL true

Default configuration file

Name Type Description Default
rabbitmq_conf_tcp_listeners_address String listening address for the tcp interface ''
rabbitmq_conf_tcp_listeners_port Integer listening port for the tcp interface 5672
rabbitmq_conf_ssl_listeners_address String listening address for the ssl interface '0.0.0.0'
rabbitmq_conf_ssl_listeners_port Integer listening port for the ssl interface 5671
rabbitmq_conf_ssl_options_cacertfile String Path the CA certificate "/etc/rabbitmq/ssl/cacert.pem"
rabbitmq_conf_ssl_options_certfile String Path to the server certificate "/etc/rabbitmq/ssl/server_cert.pem"
rabbitmq_conf_ssl_options_keyfile String Path to the private key file "/etc/rabbitmq/ssl/server_key.pem"
rabbitmq_conf_ssl_options_fail_if_no_peer_cert Boolean Value of the fail_if_no_peer_cert SSL option "true"

Plugins

Name Type Description Default
rabbitmq_new_only String Add plugins as new, without deactivating other plugins 'no'
rabbitmq_plugins String List List of plugins to activate

Vhost

Name Type Description Default
rabbitmq_vhost_definitions List Define the list of vhost to create []
rabbitmq_users_definitions List of hash Define the users, and associated vhost and password (see below) []

Defining the vhosts configuration

rabbitmq_vhost_definitions:
  - name:    vhost1
    node:    node_name #Optional, defaults to "rabbit"
    tracing: yes       #Optional, defaults to "no"

Defining the users configuration:

rabbitmq_users_definitions:
  - vhost:    vhost1
    user:     user1
    password: password1
    node:     node_name  # Optional, defaults to "rabbit"
    configure_priv: "^resource.*" # Optional, defaults to ".*"
    read_priv: "^$" # Disallow reading.
    write_priv: "^$" # Disallow writing.
  - vhost:    vhost1
    user:     user2
    password: password2
    force:    no
    tags:                # Optional, user tags
    - administrator

Federation

Name Type Description Default
rabbitmq_federation Boolean Define if we need to setup federation false
rabbitmq_federation_configuration List of hashes Define all the federation we need to setup Not defined
rabbitmq_policy_configuration List of hashes Define all the federation we need to setup Not defined

Defining the federation upstream configuration:

rabbitmq_federation_upstream:
  - name: upstream name
    vhost: local vhost to federate
    value: json description of the federation
    local_username: the local username for the federation

See the RabbitMQ documentation for the possible JSON value.

Defining the policy configuration:

rabbitmq_policy_configuration:
  - name: name of the policy
    vhost: vhost where the policy will be applied
    pattern: pattern of the policy
    tags: description of the policy in dict form # exemple: "ha-mode=all"

Files required

You have to put the needed certificates in your files/ folder, for example:

files/
 |- cacert.crt
 |- myserver_key.key
 |- myserver_cert.crt

And then configure the role:

    rabbitmq_cacert: files/cacert.crt
    rabbitmq_server_key: files/myserver_key.key
    rabbitmq_server_cert: files/myserver_cert.crt

Testing

There is some tests that try to provision a VM using Vagrant. Just launch them with:

$ vagrant up # for test with Debian jessie
$ export VAGRANT_BOX_NAME='chef/centos-6.5' vagrant up # for test with Centos

You can change the VM used during test by setting the VAGRANT_BOX_NAME env variable to something else than deb/jessie.

License

BSD