Merge "Add configurable rabbitmq monitoring user"

This commit is contained in:
Zuul 2017-12-15 03:05:34 +00:00 committed by Gerrit Code Review
commit 3a16dd574d
5 changed files with 29 additions and 2 deletions

View File

@ -492,6 +492,7 @@ enable_kibana: "{{ 'yes' if enable_central_logging | bool else 'no' }}"
####################
rabbitmq_hipe_compile: "no"
rabbitmq_user: "openstack"
rabbitmq_monitoring_user: ""
rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
outward_rabbitmq_user: "openstack"

View File

@ -5,12 +5,14 @@
{% endif %}
],
"users": [
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if project_name == 'outward_rabbitmq' %},
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
{"name": "{{ role_rabbitmq_monitoring_user }}", "password": "{{ role_rabbitmq_monitoring_password }}", "tags": "monitoring"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
{% endif %}
],
"permissions": [
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if project_name == 'outward_rabbitmq' %},
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
{"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
{% endif %}
],

View File

@ -180,6 +180,8 @@
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}',
role_rabbitmq_groups: rabbitmq,
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}',
role_rabbitmq_monitoring_password: '{{ rabbitmq_monitoring_password }}',
role_rabbitmq_monitoring_user: '{{ rabbitmq_monitoring_user }}',
role_rabbitmq_password: '{{ rabbitmq_password }}',
role_rabbitmq_port: '{{ rabbitmq_port }}',
role_rabbitmq_user: '{{ rabbitmq_user }}',

View File

@ -208,6 +208,7 @@ qdrouterd_password:
# RabbitMQ options
####################
rabbitmq_password:
rabbitmq_monitoring_password:
rabbitmq_cluster_cookie:
outward_rabbitmq_password:
outward_rabbitmq_cluster_cookie:

View File

@ -0,0 +1,21 @@
---
features:
- |
Kolla-Ansible now supports creating a monitoring
user for RabbitMQ.
As an operator I want to be able to monitor the status
of RabbitMQ by collecting metrics such as queue length,
message rates (globally and per channel), and information
about resource usage on the host, such as memory use,
open file descriptors and the state of the cluster. Whilst
it is possible to gather all of this information using
the OpenStack RabbitMQ user configured by Kolla Ansible,
this user has write access to the OpenStack vhost. This
feature adds a monitoring user which has access to all of
the information described above, but does not have write
access. An example of a service which may use the
monitoring user is the RabbitMQ plugin for the Monasca
Agent. As not all users will configure monitoring, by
default the monitoring user is disabled. To create it,
the user should override the rabbitmq_monitoring_user
variable.