Add service-rabbitmq role

This role can be used by other roles to register RabbitMQ resources. Currently support is provided for creating virtual hosts and users. Change-Id: Ie1774a10b4d629508584af679b8aa9e372847804 Partially Implements: blueprint support-nova-cells Depends-On: https://review.opendev.org/684742
2019-09-23 15:05:40 +01:00 · 2019-09-23 15:05:40 +01:00 · 039cc2be50
commit 039cc2be50
parent 42bfc53375
5 changed files with 96 additions and 3 deletions
--- a/ansible/library/kolla_toolbox.py
+++ b/ansible/library/kolla_toolbox.py
@ -45,6 +45,11 @@ options:
      - The extra variables used by the module
    required: False
    type: str or dict
+  user:
+    description:
+      - The user to execute Ansible inside kolla_toolbox with
+    required: False
+    type: str
  api_version:
    description:
      - The version of the API for docker-py to use when contacting Docker
@ -132,6 +137,7 @@ def main():
        module_extra_vars=dict(type='json'),
        api_version=dict(required=False, type='str', default='auto'),
        timeout=dict(required=False, type='int', default=180),
+        user=dict(required=False, type='str'),
    )
    module = AnsibleModule(argument_spec=specs, bypass_checks=True)
    client = get_docker_client()(
@ -144,6 +150,9 @@ def main():
        module.fail_json(msg='kolla_toolbox container is not running.')

    kolla_toolbox = kolla_toolbox[0]
+    kwargs = {}
+    if 'user' in module.params:
+        kwargs['user'] = module.params['user']

    # NOTE(mgoddard): Docker 1.12 has API version 1.24, and was installed by
    # kolla-ansible bootstrap-servers on Rocky and earlier releases. This API
@ -158,7 +167,7 @@ def main():
        environment = {"ANSIBLE_STDOUT_CALLBACK": "json",
                       "ANSIBLE_LOAD_CALLBACK_PLUGINS": "True"}
        job = client.exec_create(kolla_toolbox, command_line,
-                                 environment=environment)
+                                 environment=environment, **kwargs)
        json_output = client.exec_start(job)

        try:
@ -192,7 +201,7 @@ def main():
        # Remove Ansible's internal variables from returned fields.
        ret.pop('_ansible_no_log', None)
    else:
-        job = client.exec_create(kolla_toolbox, command_line)
+        job = client.exec_create(kolla_toolbox, command_line, **kwargs)
        output = client.exec_start(job)

        for exp in [JSON_REG, NON_JSON_REG]:
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@ -340,6 +340,16 @@
  notify:
    - Restart cron container

+- name: Ensure RabbitMQ Erlang cookie exists
+  become: true
+  copy:
+    content: "{{ rabbitmq_cluster_cookie }}"
+    dest: "{{ node_config_directory }}/kolla-toolbox/rabbitmq-erlang.cookie"
+    mode: "0660"
+  when: enable_rabbitmq | bool
+  notify:
+    - Restart kolla-toolbox container
+
 - name: Ensuring config directories have correct owner and permission
  become: true
  file:
--- a/ansible/roles/common/templates/kolla-toolbox.json.j2
+++ b/ansible/roles/common/templates/kolla-toolbox.json.j2
@ -1,6 +1,13 @@
 {
    "command": "sleep infinity",
-    "config_files": [],
+    "config_files": [
+        {% if enable_rabbitmq | bool %}{
+            "source": "{{ container_config_directory }}/rabbitmq-erlang.cookie",
+            "dest": "/var/lib/rabbitmq/.erlang.cookie",
+            "owner": "rabbitmq",
+            "perm": "0600"
+        }{% endif %}
+    ],
    "permissions": [
        {
            "path": "/var/log/kolla/ansible.log",
--- a/ansible/roles/service-rabbitmq/defaults/main.yml
+++ b/ansible/roles/service-rabbitmq/defaults/main.yml
@ -0,0 +1,25 @@
+---
+# Role to ensure RabbitMQ configuration exists for a service.
+
+# Host to delegate task execution to.
+service_rabbitmq_delegate_host: "{{ inventory_hostname }}"
+
+# Whether to run the task on only one host.
+service_rabbitmq_run_once: true
+
+# Condition on which to run the task.
+service_rabbitmq_when: true
+
+# Number of retries for each task.
+service_rabbitmq_retries: 5
+
+# Delay between task retries.
+service_rabbitmq_delay: 10
+
+# List of RabbitMQ users to create. Each item should contain the following
+# fields:
+# 'user'
+# 'password'
+# 'vhost'
+# Virtual hosts in this list will also be created.
+service_rabbitmq_users: []
--- a/ansible/roles/service-rabbitmq/tasks/main.yml
+++ b/ansible/roles/service-rabbitmq/tasks/main.yml
@ -0,0 +1,42 @@
+---
+- block:
+    - name: "{{ project_name }} | Ensure RabbitMQ vhosts exist"
+      kolla_toolbox:
+        module_name: rabbitmq_vhost
+        module_args:
+          name: "{{ item }}"
+        user: rabbitmq
+      loop: "{{ service_rabbitmq_users | map(attribute='vhost') | unique | reject('equalto', '/') | list }}"
+      register: service_rabbitmq_result
+      until: service_rabbitmq_result is success
+      retries: "{{ service_rabbitmq_retries }}"
+      delay: "{{ service_rabbitmq_delay }}"
+
+    - name: "{{ project_name }} | Ensure RabbitMQ users exist"
+      kolla_toolbox:
+        module_name: rabbitmq_user
+        module_args:
+          user: "{{ item.user }}"
+          password: "{{ item.password }}"
+          update_password: always
+          vhost: "{{ item.vhost }}"
+          configure_priv: ".*"
+          read_priv: ".*"
+          write_priv: ".*"
+        user: rabbitmq
+      loop: "{{ service_rabbitmq_users }}"
+      loop_control:
+        label:
+          user: "{{ item.user }}"
+          vhost: "{{ item.vhost }}"
+      register: service_rabbitmq_result
+      until: service_rabbitmq_result is success
+      retries: "{{ service_rabbitmq_retries }}"
+      delay: "{{ service_rabbitmq_delay }}"
+
+  become: true
+  when: service_rabbitmq_when | bool
+  delegate_to: "{{ service_rabbitmq_delegate_host }}"
+  run_once: "{{ service_rabbitmq_run_once }}"
+  tags:
+    - service-rabbitmq