Merge "Add configurable rabbitmq monitoring user"
This commit is contained in:
commit
3a16dd574d
@ -492,6 +492,7 @@ enable_kibana: "{{ 'yes' if enable_central_logging | bool else 'no' }}"
|
||||
####################
|
||||
rabbitmq_hipe_compile: "no"
|
||||
rabbitmq_user: "openstack"
|
||||
rabbitmq_monitoring_user: ""
|
||||
rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
|
||||
outward_rabbitmq_user: "openstack"
|
||||
|
||||
|
@ -5,12 +5,14 @@
|
||||
{% endif %}
|
||||
],
|
||||
"users": [
|
||||
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if project_name == 'outward_rabbitmq' %},
|
||||
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
|
||||
{"name": "{{ role_rabbitmq_monitoring_user }}", "password": "{{ role_rabbitmq_monitoring_password }}", "tags": "monitoring"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
|
||||
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
|
||||
{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if project_name == 'outward_rabbitmq' %},
|
||||
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
|
||||
{"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
|
||||
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
|
||||
{% endif %}
|
||||
],
|
||||
|
@ -180,6 +180,8 @@
|
||||
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}',
|
||||
role_rabbitmq_groups: rabbitmq,
|
||||
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}',
|
||||
role_rabbitmq_monitoring_password: '{{ rabbitmq_monitoring_password }}',
|
||||
role_rabbitmq_monitoring_user: '{{ rabbitmq_monitoring_user }}',
|
||||
role_rabbitmq_password: '{{ rabbitmq_password }}',
|
||||
role_rabbitmq_port: '{{ rabbitmq_port }}',
|
||||
role_rabbitmq_user: '{{ rabbitmq_user }}',
|
||||
|
@ -208,6 +208,7 @@ qdrouterd_password:
|
||||
# RabbitMQ options
|
||||
####################
|
||||
rabbitmq_password:
|
||||
rabbitmq_monitoring_password:
|
||||
rabbitmq_cluster_cookie:
|
||||
outward_rabbitmq_password:
|
||||
outward_rabbitmq_cluster_cookie:
|
||||
|
@ -0,0 +1,21 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Kolla-Ansible now supports creating a monitoring
|
||||
user for RabbitMQ.
|
||||
As an operator I want to be able to monitor the status
|
||||
of RabbitMQ by collecting metrics such as queue length,
|
||||
message rates (globally and per channel), and information
|
||||
about resource usage on the host, such as memory use,
|
||||
open file descriptors and the state of the cluster. Whilst
|
||||
it is possible to gather all of this information using
|
||||
the OpenStack RabbitMQ user configured by Kolla Ansible,
|
||||
this user has write access to the OpenStack vhost. This
|
||||
feature adds a monitoring user which has access to all of
|
||||
the information described above, but does not have write
|
||||
access. An example of a service which may use the
|
||||
monitoring user is the RabbitMQ plugin for the Monasca
|
||||
Agent. As not all users will configure monitoring, by
|
||||
default the monitoring user is disabled. To create it,
|
||||
the user should override the rabbitmq_monitoring_user
|
||||
variable.
|
Loading…
Reference in New Issue
Block a user