diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 49657ab5c4..2bce417d03 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -234,6 +234,8 @@ om_enable_rabbitmq_tls: "{{ rabbitmq_enable_tls | bool }}" # CA certificate bundle in containers using oslo.messaging with RabbitMQ TLS. om_rabbitmq_cacert: "{{ rabbitmq_cacert }}" +om_enable_rabbitmq_high_availability: false + #################### # Networking options #################### diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2 index 428a85e144..5ec0f60595 100644 --- a/ansible/roles/aodh/templates/aodh.conf.j2 +++ b/ansible/roles/aodh/templates/aodh.conf.j2 @@ -66,3 +66,6 @@ heartbeat_in_pthread = {{ service_name == 'aodh-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2 index d4e5c2ba71..891508571b 100644 --- a/ansible/roles/barbican/templates/barbican.conf.j2 +++ b/ansible/roles/barbican/templates/barbican.conf.j2 @@ -84,6 +84,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2 index f76d38b130..2cf03ed53f 100644 --- a/ansible/roles/blazar/templates/blazar.conf.j2 +++ b/ansible/roles/blazar/templates/blazar.conf.j2 @@ -59,6 +59,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if blazar_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 b/ansible/roles/ceilometer/templates/ceilometer.conf.j2 index 550639e2ac..4a0ab9e03a 100644 --- a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer.conf.j2 @@ -41,6 +41,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if ceilometer_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 3a518df9f8..8c219f181e 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -71,6 +71,9 @@ heartbeat_in_pthread = {{ service_name == 'cinder-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index b27ce6b725..cfde2ff4b2 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -50,6 +50,9 @@ heartbeat_in_pthread = {{ service_name == 'cloudkitty-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [collect] collector = {{ cloudkitty_collector_backend }} diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2 index 3e46b43086..e67c48c1ae 100644 --- a/ansible/roles/cyborg/templates/cyborg.conf.j2 +++ b/ansible/roles/cyborg/templates/cyborg.conf.j2 @@ -63,3 +63,6 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 index 0931b7e7ec..0510d1e880 100644 --- a/ansible/roles/designate/templates/designate.conf.j2 +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -98,6 +98,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_concurrency] lock_path = /var/lib/designate/tmp diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index a9be163af7..61dba09da8 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -126,6 +126,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if glance_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index 4cec4a4b91..c372d88863 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -78,6 +78,9 @@ heartbeat_in_pthread = {{ service_name == 'heat-api' or service_name == 'heat-ap ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if heat_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index 26c66f15a2..fa9462dff5 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -18,6 +18,9 @@ heartbeat_in_pthread = true ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [ironic] {% if ironic_enable_keystone_integration | bool %} diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index dc58ffbb27..3c0a51b375 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -33,6 +33,9 @@ heartbeat_in_pthread = {{ service_name == 'ironic-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if ironic_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index 2b5f13bcab..65566e618e 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -65,6 +65,9 @@ heartbeat_in_pthread = {{ service_name == 'keystone' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if enable_osprofiler | bool %} [profiler] diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 6b57b291bd..2761486c50 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -132,6 +132,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if magnum_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index 165d1b001e..ff5e81aa17 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -62,6 +62,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2 index 99410d3e43..969cf2f2d5 100644 --- a/ansible/roles/masakari/templates/masakari.conf.j2 +++ b/ansible/roles/masakari/templates/masakari.conf.j2 @@ -56,6 +56,9 @@ heartbeat_in_pthread = {{ service_name == 'masakari-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2 index cbee0050ff..6e621b7b76 100644 --- a/ansible/roles/mistral/templates/mistral.conf.j2 +++ b/ansible/roles/mistral/templates/mistral.conf.j2 @@ -78,6 +78,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if mistral_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index 132894e88e..32954d896f 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -67,6 +67,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_middleware] enable_proxy_headers_parsing = True diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 2a4c6d99a0..7cac74be67 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -142,6 +142,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if neutron_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2 index 3d3d79c749..a5341514d6 100644 --- a/ansible/roles/nova-cell/templates/nova.conf.j2 +++ b/ansible/roles/nova-cell/templates/nova.conf.j2 @@ -190,6 +190,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if service_name in nova_cell_services_require_policy_json and nova_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index 9c5192a771..171073e3e1 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -144,6 +144,9 @@ heartbeat_in_pthread = {{ service_name == 'nova-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if service_name in nova_services_require_policy_json and nova_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2 index 92c6362309..5f43fde038 100644 --- a/ansible/roles/octavia/templates/octavia.conf.j2 +++ b/ansible/roles/octavia/templates/octavia.conf.j2 @@ -128,6 +128,9 @@ heartbeat_in_pthread = {{ service_name == 'octavia-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if octavia_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/rabbitmq/templates/definitions.json.j2 b/ansible/roles/rabbitmq/templates/definitions.json.j2 index bcb2edcd08..450a04df49 100644 --- a/ansible/roles/rabbitmq/templates/definitions.json.j2 +++ b/ansible/roles/rabbitmq/templates/definitions.json.j2 @@ -16,5 +16,13 @@ {"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"} {% endif %} ], +{% if om_enable_rabbitmq_high_availability | bool %} + "policies":[ + {"vhost": "/", "name": "ha-all", "pattern": "^(?!(amq\\.)|(.*_fanout_)|(reply_)).*", "apply-to": "all", "definition": {"ha-mode":"all"}, "priority":0}{% if project_name == 'outward_rabbitmq' %}, + {"vhost": "{{ murano_agent_rabbitmq_vhost }}", "name": "ha-all", "pattern": "^(?!(amq\\.)|(.*_fanout_)|(reply_)).*", "apply-to": "all", "definition": {"ha-mode":"all"}, "priority":0} + {% endif %} + ] +{% else %} "policies":[] +{% endif %} } diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2 index a77ea56380..4a20e24b52 100644 --- a/ansible/roles/sahara/templates/sahara.conf.j2 +++ b/ansible/roles/sahara/templates/sahara.conf.j2 @@ -46,6 +46,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if sahara_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2 index 70b0d65887..8d5e7465c3 100644 --- a/ansible/roles/senlin/templates/senlin.conf.j2 +++ b/ansible/roles/senlin/templates/senlin.conf.j2 @@ -74,6 +74,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if senlin_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2 index 3afbb32e51..f5b6edc6c5 100644 --- a/ansible/roles/solum/templates/solum.conf.j2 +++ b/ansible/roles/solum/templates/solum.conf.j2 @@ -73,3 +73,6 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2 index fb70199b94..b7613ea2bc 100644 --- a/ansible/roles/tacker/templates/tacker.conf.j2 +++ b/ansible/roles/tacker/templates/tacker.conf.j2 @@ -74,6 +74,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if tacker_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2 index fb1c8ba072..ac6c45b38c 100644 --- a/ansible/roles/trove/templates/trove.conf.j2 +++ b/ansible/roles/trove/templates/trove.conf.j2 @@ -77,6 +77,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if enable_osprofiler | bool %} [profiler] diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2 index f4603ac9ac..7326ff11ca 100644 --- a/ansible/roles/vitrage/templates/vitrage.conf.j2 +++ b/ansible/roles/vitrage/templates/vitrage.conf.j2 @@ -75,6 +75,9 @@ heartbeat_in_pthread = {{ service_name == 'vitrage-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} [oslo_concurrency] lock_path = /var/lib/vitrage/tmp diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2 index ea4ef98ad1..ab0a9daffe 100644 --- a/ansible/roles/watcher/templates/watcher.conf.j2 +++ b/ansible/roles/watcher/templates/watcher.conf.j2 @@ -65,6 +65,9 @@ heartbeat_in_pthread = false ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} {% if watcher_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 index 31bd7ae641..1f57e171ba 100644 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -130,3 +130,6 @@ heartbeat_in_pthread = {{ service_name == 'zun-api' }} ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} +{% if om_enable_rabbitmq_high_availability | bool %} +amqp_durable_queues = true +{% endif %} diff --git a/doc/source/reference/message-queues/rabbitmq.rst b/doc/source/reference/message-queues/rabbitmq.rst index b1114c4e08..793c4b9da1 100644 --- a/doc/source/reference/message-queues/rabbitmq.rst +++ b/doc/source/reference/message-queues/rabbitmq.rst @@ -109,3 +109,12 @@ https://erlang.org/doc/man/erl.html#emulator-flags The ``+sbwt none +sbwtdcpu none +sbwtdio none`` arguments prevent busy waiting of the scheduler, for more details see: https://www.rabbitmq.com/runtime.html#busy-waiting. + +High Availability +~~~~~~~~~~~~~~~~~ + +RabbitMQ offers two features that, when used together, allow for high +availability. These are durable queues and classic queue mirroring. Setting the +flag ``om_enable_rabbitmq_high_availability`` to ``true`` will enable both of +these features. There are some queue types which are intentionally not mirrored +using the exclusionary pattern ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``. diff --git a/releasenotes/notes/add-a-flag-to-handle-rabbitmq-high-availability-44c709318be6cb7b.yaml b/releasenotes/notes/add-a-flag-to-handle-rabbitmq-high-availability-44c709318be6cb7b.yaml new file mode 100644 index 0000000000..87c4e3a66d --- /dev/null +++ b/releasenotes/notes/add-a-flag-to-handle-rabbitmq-high-availability-44c709318be6cb7b.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Adds the flag ``om_enable_rabbitmq_high_availablity``. Setting this to + ``true`` will enable both durable queues and classic mirrored queues in + RabbitMQ. Note that classic queue mirroring and transient (aka non-durable) + queues are deprecated and subject to removal in RabbitMQ version 4.0 (date + of release unknown). + Changes the pattern used in classic mirroring to exclude some queue types. + This pattern is ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``.