diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 00839baf40..84b8df014a 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -522,6 +522,13 @@ nova_backend_ceph: "{{ enable_ceph }}" nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}" +####################### +# Murano options +####################### +murano_agent_rabbitmq_vhost: "muranoagent" +murano_agent_rabbitmq_user: "muranoagent" + + ####################### # Horizon options ####################### diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index f704a3d7fd..4dc06648cc 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -33,11 +33,18 @@ memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} - [murano] url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }} api_workers = {{ openstack_service_workers }} - [oslo_messaging_notifications] driver = messagingv2 + +{% if service_name == 'murano-engine' %} +[rabbitmq] +host = {{ kolla_external_vip_address }} +port = {{ outward_rabbitmq_port }} +login = {{ murano_agent_rabbitmq_user }} +password = {{ murano_agent_rabbitmq_password }} +virtual_host = {{ murano_agent_rabbitmq_vhost }} +{% endif %} diff --git a/ansible/roles/rabbitmq/templates/definitions.json.j2 b/ansible/roles/rabbitmq/templates/definitions.json.j2 index 0f312ac4d8..f617069d52 100644 --- a/ansible/roles/rabbitmq/templates/definitions.json.j2 +++ b/ansible/roles/rabbitmq/templates/definitions.json.j2 @@ -1,14 +1,22 @@ { "vhosts": [ - {"name": "/"} + {"name": "/"}{% if project_name == 'outward_rabbitmq' %}, + {"name": "{{ murano_agent_rabbitmq_vhost }}"} + {% endif %} ], "users": [ - {"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"} + {"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if project_name == 'outward_rabbitmq' %}, + {"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"} + {% endif %} ], "permissions": [ - {"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"} + {"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if project_name == 'outward_rabbitmq' %}, + {"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"} + {% endif %} ], "policies":[ - {"vhost": "/", "name": "ha-all", "pattern": ".*", "apply-to": "all", "definition": {"ha-mode":"all"}, "priority":0} + {"vhost": "/", "name": "ha-all", "pattern": ".*", "apply-to": "all", "definition": {"ha-mode":"all"}, "priority":0}{% if project_name == 'outward_rabbitmq' %}, + {"vhost": "{{ murano_agent_rabbitmq_vhost }}", "name": "ha-all", "pattern": ".*", "apply-to": "all", "definition": {"ha-mode":"all"}, "priority":0} + {% endif %} ] } diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 43310fc61b..c5c45a383c 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -94,6 +94,7 @@ heat_domain_admin_password: murano_database_password: murano_keystone_password: +murano_agent_rabbitmq_password: ironic_database_password: ironic_keystone_password: diff --git a/releasenotes/notes/murano-rabbitmq-c3cec712b12f045f.yaml b/releasenotes/notes/murano-rabbitmq-c3cec712b12f045f.yaml new file mode 100644 index 0000000000..ef3b780788 --- /dev/null +++ b/releasenotes/notes/murano-rabbitmq-c3cec712b12f045f.yaml @@ -0,0 +1,4 @@ +--- +features: + - RabbitMQ now has a vhost entry so the engine can communicate + with murano agents running in user VMs.