From d8fe3ea780c188b6e937ab6f08a8475d2330a9fa Mon Sep 17 00:00:00 2001 From: Paul Bourke Date: Wed, 5 Apr 2017 16:57:35 +0100 Subject: [PATCH] Add a new 'outward' rabbitmq instance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Certain services such as Murano and trove require access to a rabbitmq instance from tenant networks. [0] Exposing the internal rabbitmq to end users is a security hole, hence there are two options, 1) use vhosts in the existing rabbitmq, or two a separate rabbitmq instances. Given the importance of rabbitmq to the OpenStack deployment, we have decided to go with a separate instance. Refer to [1] for more detail on the various options. This change makes the rabbitmq role generic so that it can be reused, in this case to start 'outward_rabbitmq'. It needs to be exposed via haproxy both for network isolation and also because this is what Murano configuration requires. Follow on patches will be added to add a vhost in this outward instance for Murano and other services which require access. Based on the original work by bdaca[2] [0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html [1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html [2] https://review.openstack.org/#/c/374525 Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d Partial-Bug: #1620374 Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd Co-Authored-By: Bartłomiej Daca --- ansible/group_vars/all.yml | 8 +++ ansible/inventory/all-in-one | 3 ++ ansible/inventory/multinode | 3 ++ ansible/roles/common/tasks/config.yml | 1 + .../cron-logrotate-outward-rabbitmq.conf.j2 | 3 ++ ansible/roles/common/templates/cron.json.j2 | 1 + ansible/roles/haproxy/tasks/precheck.yml | 11 ++++ .../roles/haproxy/templates/haproxy.cfg.j2 | 18 +++++++ ansible/roles/rabbitmq/defaults/main.yml | 12 +++-- ansible/roles/rabbitmq/handlers/main.yml | 1 + ansible/roles/rabbitmq/tasks/bootstrap.yml | 11 ++-- ansible/roles/rabbitmq/tasks/config.yml | 7 +-- ansible/roles/rabbitmq/tasks/main.yml | 2 +- ansible/roles/rabbitmq/tasks/precheck.yml | 54 +++++++++++++++++++ ansible/roles/rabbitmq/tasks/upgrade.yml | 12 +++-- .../rabbitmq/templates/definitions.json.j2 | 4 +- .../templates/rabbitmq-clusterer.config.j2 | 4 +- .../rabbitmq/templates/rabbitmq-env.conf.j2 | 4 +- .../rabbitmq/templates/rabbitmq.config.j2 | 8 +-- ansible/roles/telegraf/defaults/main.yml | 1 + .../roles/telegraf/templates/telegraf.conf.j2 | 6 +++ ansible/site.yml | 25 +++++++++ etc/kolla/passwords.yml | 2 + .../outward-rabbitmq-0024957af87a7c7e.yaml | 5 ++ 24 files changed, 179 insertions(+), 27 deletions(-) create mode 100644 ansible/roles/common/templates/cron-logrotate-outward-rabbitmq.conf.j2 create mode 100644 releasenotes/notes/outward-rabbitmq-0024957af87a7c7e.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 204d680ef6..00839baf40 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -162,6 +162,11 @@ rabbitmq_management_port: "15672" rabbitmq_cluster_port: "25672" rabbitmq_epmd_port: "4369" +outward_rabbitmq_port: "5674" +outward_rabbitmq_management_port: "15674" +outward_rabbitmq_cluster_port: "25674" +outward_rabbitmq_epmd_port: "4371" + mongodb_port: "27017" mongodb_web_port: "28017" @@ -300,6 +305,7 @@ enable_memcached: "yes" enable_neutron: "yes" enable_nova: "yes" enable_rabbitmq: "yes" +enable_outward_rabbitmq: "{{ enable_murano | bool }}" # Additional optional OpenStack features and services are specified here enable_aodh: "no" @@ -411,6 +417,7 @@ enable_kibana: "{{ 'yes' if enable_central_logging | bool else 'no' }}" #################### rabbitmq_user: "openstack" rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin" +outward_rabbitmq_user: "openstack" #################### # HAProxy options @@ -520,6 +527,7 @@ nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}" ####################### horizon_backend_database: "{{ enable_murano | bool }}" + ################# # Octavia options ################# diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 6c089fbcde..e67c7fcefc 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -66,6 +66,9 @@ control [rabbitmq:children] control +[outward-rabbitmq:children] +control + [mongodb:children] control diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index c21426d505..c09d45dd38 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -87,6 +87,9 @@ control [rabbitmq:children] control +[outward-rabbitmq:children] +control + [mongodb:children] control diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 732ee05c9b..0f29406804 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -128,6 +128,7 @@ - { name: "neutron", enabled: "{{ enable_neutron }}" } - { name: "nova", enabled: "{{ enable_nova }}" } - { name: "octavia", enabled: "{{ enable_octavia }}" } + - { name: "outward-rabbitmq", enabled: "{{ enable_outward_rabbitmq }}" } - { name: "panko", enabled: "{{ enable_panko }}" } - { name: "rabbitmq", enabled: "{{ enable_rabbitmq }}" } - { name: "rally", enabled: "{{ enable_rally }}" } diff --git a/ansible/roles/common/templates/cron-logrotate-outward-rabbitmq.conf.j2 b/ansible/roles/common/templates/cron-logrotate-outward-rabbitmq.conf.j2 new file mode 100644 index 0000000000..34c1ac0b8d --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-outward-rabbitmq.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/outward-rabbitmq/*.log" +{ +} diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2 index 5f5a762d95..9cee8f685f 100644 --- a/ansible/roles/common/templates/cron.json.j2 +++ b/ansible/roles/common/templates/cron.json.j2 @@ -36,6 +36,7 @@ ( 'neutron', enable_neutron ), ( 'nova', enable_nova ), ( 'octavia', enable_octavia ), + ( 'outward-rabbitmq', enable_outward_rabbitmq ), ( 'panko', enable_panko ), ( 'rabbitmq', enable_rabbitmq ), ( 'rally', enable_rally ), diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml index c48d3ed0e5..2ca62d9cfa 100644 --- a/ansible/roles/haproxy/tasks/precheck.yml +++ b/ansible/roles/haproxy/tasks/precheck.yml @@ -564,6 +564,17 @@ - inventory_hostname in groups['haproxy'] - haproxy_stat.find('rabbitmq_management') == -1 +- name: Checking free port for outward RabbitMQ Management HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ outward_rabbitmq_management_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_outward_rabbitmq | bool + - inventory_hostname in groups['haproxy'] + - haproxy_stat.find('outward_rabbitmq_management') == -1 + - name: Checking free port for RadosGW HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index b6d62bd21b..309c6d44bf 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -44,6 +44,24 @@ listen rabbitmq_management {% for host in groups['rabbitmq'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_management_port }} check inter 2000 rise 2 fall 5 {% endfor %} + +listen outward_rabbitmq_management + bind {{ kolla_internal_vip_address }}:{{ outward_rabbitmq_management_port }} +{% for host in groups['outward-rabbitmq'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ outward_rabbitmq_management_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen outward_rabbitmq_external + mode tcp + option tcplog + timeout client 3600s + timeout server 3600s + bind {{ kolla_external_vip_address }}:{{ outward_rabbitmq_port }} +{% for host in groups['outward-rabbitmq'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ outward_rabbitmq_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_mongodb | bool %} diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml index 82dc09712e..a8e1fadf20 100644 --- a/ansible/roles/rabbitmq/defaults/main.yml +++ b/ansible/roles/rabbitmq/defaults/main.yml @@ -3,14 +3,18 @@ project_name: "rabbitmq" rabbitmq_services: rabbitmq: - container_name: rabbitmq - group: rabbitmq + container_name: "{{ project_name }}" + group: "{{ role_rabbitmq_groups }}" enabled: true image: "{{ rabbitmq_image_full }}" + environment: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + RABBITMQ_CLUSTER_COOKIE: "{{ role_rabbitmq_cluster_cookie }}" + RABBITMQ_LOG_DIR: "/var/log/kolla/{{ project_name }}" volumes: - - "{{ node_config_directory }}/rabbitmq/:{{ container_config_directory }}/:ro" + - "{{ node_config_directory }}/{{ project_name }}/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - - "rabbitmq:/var/lib/rabbitmq/" + - "{{ project_name }}:/var/lib/rabbitmq/" - "kolla_logs:/var/log/kolla/" diff --git a/ansible/roles/rabbitmq/handlers/main.yml b/ansible/roles/rabbitmq/handlers/main.yml index d74057cba4..e219d13087 100644 --- a/ansible/roles/rabbitmq/handlers/main.yml +++ b/ansible/roles/rabbitmq/handlers/main.yml @@ -11,6 +11,7 @@ name: "{{ service.container_name }}" image: "{{ service.image }}" volumes: "{{ service.volumes }}" + environment: "{{ service.environment }}" when: - action != "config" - inventory_hostname in groups[service.group] diff --git a/ansible/roles/rabbitmq/tasks/bootstrap.yml b/ansible/roles/rabbitmq/tasks/bootstrap.yml index e5a5eb97dd..7a79f926d2 100644 --- a/ansible/roles/rabbitmq/tasks/bootstrap.yml +++ b/ansible/roles/rabbitmq/tasks/bootstrap.yml @@ -3,7 +3,7 @@ kolla_docker: action: "create_volume" common_options: "{{ docker_common_options }}" - name: "rabbitmq" + name: "{{ project_name }}" register: rabbitmq_volume - name: Running RabbitMQ bootstrap container @@ -14,14 +14,15 @@ environment: KOLLA_BOOTSTRAP: KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" - RABBITMQ_CLUSTER_COOKIE: "{{ rabbitmq_cluster_cookie }}" + RABBITMQ_CLUSTER_COOKIE: "{{ role_rabbitmq_cluster_cookie }}" + RABBITMQ_LOG_DIR: "/var/log/kolla/{{ project_name }}" image: "{{ rabbitmq_image_full }}" labels: BOOTSTRAP: - name: "rabbitmq_bootstrap" + name: "{{ project_name }}_bootstrap" restart_policy: "never" volumes: - - "{{ node_config_directory }}/rabbitmq/:{{ container_config_directory }}/:ro" + - "{{ node_config_directory }}/{{ project_name }}/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - - "rabbitmq:/var/lib/rabbitmq/" + - "{{ project_name }}:/var/lib/rabbitmq/" when: rabbitmq_volume | changed diff --git a/ansible/roles/rabbitmq/tasks/config.yml b/ansible/roles/rabbitmq/tasks/config.yml index 69daaaf7e5..96decd79f4 100644 --- a/ansible/roles/rabbitmq/tasks/config.yml +++ b/ansible/roles/rabbitmq/tasks/config.yml @@ -1,7 +1,7 @@ --- - name: Ensuring config directories exist file: - path: "{{ node_config_directory }}/{{ item.key }}" + path: "{{ node_config_directory }}/{{ project_name }}" state: "directory" recurse: yes when: @@ -12,7 +12,7 @@ - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" - dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + dest: "{{ node_config_directory }}/{{ project_name }}/config.json" register: rabbitmq_config_jsons when: - inventory_hostname in groups[item.value.group] @@ -26,7 +26,7 @@ service: "{{ rabbitmq_services['rabbitmq'] }}" template: src: "{{ item }}.j2" - dest: "{{ node_config_directory }}/rabbitmq/{{ item }}" + dest: "{{ node_config_directory }}/{{ project_name }}/{{ item }}" register: rabbitmq_confs when: - inventory_hostname in groups[service.group] @@ -46,6 +46,7 @@ name: "{{ item.value.container_name }}" image: "{{ item.value.image }}" volumes: "{{ item.value.volumes }}" + environment: "{{ item.value.environment }}" register: check_rabbitmq_containers when: - action != "config" diff --git a/ansible/roles/rabbitmq/tasks/main.yml b/ansible/roles/rabbitmq/tasks/main.yml index f7e4afef42..9a089f446a 100644 --- a/ansible/roles/rabbitmq/tasks/main.yml +++ b/ansible/roles/rabbitmq/tasks/main.yml @@ -1,3 +1,3 @@ --- - include: "{{ action }}.yml" - when: inventory_hostname in groups['rabbitmq'] + when: inventory_hostname in groups[role_rabbitmq_groups] diff --git a/ansible/roles/rabbitmq/tasks/precheck.yml b/ansible/roles/rabbitmq/tasks/precheck.yml index ac318815a1..e9a4662088 100644 --- a/ansible/roles/rabbitmq/tasks/precheck.yml +++ b/ansible/roles/rabbitmq/tasks/precheck.yml @@ -59,3 +59,57 @@ with_items: "{{ rabbitmq_hostnames.results }}" when: - "item.stdout.find(hostvars[item['item']]['ansible_' ~ hostvars[item['item']]['api_interface']]['ipv4']['address']) == -1" + +- name: Checking free port for outward RabbitMQ + wait_for: + host: "{{ api_interface_address }}" + port: "{{ outward_rabbitmq_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_outward_rabbitmq | bool + - inventory_hostname in groups['outward-rabbitmq'] + +- name: Checking free port for outward RabbitMQ Management + wait_for: + host: "{{ api_interface_address }}" + port: "{{ outward_rabbitmq_management_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_outward_rabbitmq | bool + - inventory_hostname in groups['outward-rabbitmq'] + +- name: Checking free port for outward RabbitMQ Cluster + wait_for: + host: "{{ api_interface_address }}" + port: "{{ outward_rabbitmq_cluster_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_outward_rabbitmq | bool + - inventory_hostname in groups['outward-rabbitmq'] + +- name: Checking free port for outward RabbitMQ EPMD + wait_for: + host: "{{ api_interface_address }}" + port: "{{ outward_rabbitmq_epmd_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_outward_rabbitmq | bool + - inventory_hostname in groups['outward-rabbitmq'] + +- name: Check if all outward rabbit hostnames are resolvable + command: "getent ahostsv4 {{ hostvars[item]['ansible_hostname'] }}" + changed_when: false + register: outward_rabbitmq_hostnames + with_items: "{{ groups['outward-rabbitmq'] }}" + when: + - enable_outward_rabbitmq | bool + +- fail: msg="Hostname has to resolve to IP address of api_interface" + with_items: "{{ outward_rabbitmq_hostnames.results }}" + when: + - enable_outward_rabbitmq | bool + - "item.stdout.find(hostvars[item['item']]['ansible_' ~ hostvars[item['item']]['api_interface']]['ipv4']['address']) == -1" diff --git a/ansible/roles/rabbitmq/tasks/upgrade.yml b/ansible/roles/rabbitmq/tasks/upgrade.yml index c02c94dbf1..f0cd9902d2 100644 --- a/ansible/roles/rabbitmq/tasks/upgrade.yml +++ b/ansible/roles/rabbitmq/tasks/upgrade.yml @@ -1,17 +1,21 @@ --- - name: Checking if rabbitmq container needs upgrading + vars: + service_name: "rabbitmq" + service: "{{ rabbitmq_services[service_name] }}" kolla_docker: action: "compare_image" common_options: "{{ docker_common_options }}" - name: "rabbitmq" + name: "{{ project_name }}" image: "{{ rabbitmq_image_full }}" - when: inventory_hostname in groups['rabbitmq'] + environment: "{{ service.environment }}" + when: inventory_hostname in groups[role_rabbitmq_groups] register: rabbitmq_differs - include: config.yml - name: Find gospel node - command: docker exec -t rabbitmq /usr/local/bin/rabbitmq_get_gospel_node + command: docker exec -t {{ project_name }} /usr/local/bin/rabbitmq_get_gospel_node changed_when: "{{ (gospel_node.stdout | from_json).changed }}" failed_when: "{{ (gospel_node.stdout | from_json).failed }}" register: gospel_node @@ -21,7 +25,7 @@ kolla_docker: action: "stop_container" common_options: "{{ docker_common_options }}" - name: "rabbitmq" + name: "{{ project_name }}" when: - rabbitmq_hostname != (gospel_node.stdout | from_json).hostname - rabbitmq_differs['result'] diff --git a/ansible/roles/rabbitmq/templates/definitions.json.j2 b/ansible/roles/rabbitmq/templates/definitions.json.j2 index fdb7267b51..0f312ac4d8 100644 --- a/ansible/roles/rabbitmq/templates/definitions.json.j2 +++ b/ansible/roles/rabbitmq/templates/definitions.json.j2 @@ -3,10 +3,10 @@ {"name": "/"} ], "users": [ - {"name": "{{ rabbitmq_user }}", "password": "{{ rabbitmq_password }}", "tags": "administrator"} + {"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"} ], "permissions": [ - {"user": "{{ rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"} + {"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"} ], "policies":[ {"vhost": "/", "name": "ha-all", "pattern": ".*", "apply-to": "all", "definition": {"ha-mode":"all"}, "priority":0} diff --git a/ansible/roles/rabbitmq/templates/rabbitmq-clusterer.config.j2 b/ansible/roles/rabbitmq/templates/rabbitmq-clusterer.config.j2 index 34bf9b0dd7..35f0e67fcb 100644 --- a/ansible/roles/rabbitmq/templates/rabbitmq-clusterer.config.j2 +++ b/ansible/roles/rabbitmq/templates/rabbitmq-clusterer.config.j2 @@ -1,11 +1,11 @@ [ {version, 1}, {nodes, [ - {% for host in groups['rabbitmq'] %} + {% for host in groups[role_rabbitmq_groups] %} {'rabbit@{{ hostvars[host]['ansible_hostname'] }}', disc} {%- if not loop.last -%},{%- endif %} {% endfor %} ]}, {gospel, - {node, 'rabbit@{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}'}} + {node, 'rabbit@{{ hostvars[groups[role_rabbitmq_groups][0]]['ansible_hostname'] }}'}} ]. diff --git a/ansible/roles/rabbitmq/templates/rabbitmq-env.conf.j2 b/ansible/roles/rabbitmq/templates/rabbitmq-env.conf.j2 index 564967cb9c..551c43fb4c 100644 --- a/ansible/roles/rabbitmq/templates/rabbitmq-env.conf.j2 +++ b/ansible/roles/rabbitmq/templates/rabbitmq-env.conf.j2 @@ -4,7 +4,7 @@ RABBITMQ_BOOT_MODULE=rabbit_clusterer RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-pa /usr/lib/rabbitmq/lib/{{ rabbitmq_version }}" {%- endif %} -RABBITMQ_LOG_BASE=/var/log/kolla/rabbitmq +RABBITMQ_LOG_BASE=/var/log/kolla/{{ project_name }} # TODO(sdake, vhosakot) # erlang by default binds to wildcard (all interfaces) and can potentially @@ -16,4 +16,4 @@ RABBITMQ_LOG_BASE=/var/log/kolla/rabbitmq # https://bugs.launchpad.net/kolla/+bug/1562701 # https://bugzilla.redhat.com/show_bug.cgi?id=1324922 #export ERL_EPMD_ADDRESS={{ api_interface_address }} -export ERL_EPMD_PORT={{ rabbitmq_epmd_port }} +export ERL_EPMD_PORT={{ role_rabbitmq_epmd_port }} diff --git a/ansible/roles/rabbitmq/templates/rabbitmq.config.j2 b/ansible/roles/rabbitmq/templates/rabbitmq.config.j2 index f0d85b0f8e..037474aeac 100644 --- a/ansible/roles/rabbitmq/templates/rabbitmq.config.j2 +++ b/ansible/roles/rabbitmq/templates/rabbitmq.config.j2 @@ -1,12 +1,12 @@ [ {kernel, [ {inet_dist_use_interface, {% raw %}{{% endraw %}{{ api_interface_address | regex_replace('\.', ',') }}}}, - {inet_dist_listen_min, {{ rabbitmq_cluster_port }}}, - {inet_dist_listen_max, {{ rabbitmq_cluster_port }}} + {inet_dist_listen_min, {{ role_rabbitmq_cluster_port }}}, + {inet_dist_listen_max, {{ role_rabbitmq_cluster_port }}} ]}, {rabbit, [ {tcp_listeners, [ - {"{{ api_interface_address }}", {{ rabbitmq_port }}} + {"{{ api_interface_address }}", {{ role_rabbitmq_port }}} ]}{% if orchestration_engine == 'ANSIBLE' %}, {cluster_partition_handling, autoheal} {%- endif %} @@ -14,7 +14,7 @@ {rabbitmq_management, [ {listener, [ {ip, "{{ api_interface_address }}"}, - {port, {{ rabbitmq_management_port }}} + {port, {{ role_rabbitmq_management_port }}} ]}, {load_definitions, "/etc/rabbitmq/definitions.json"} ]}{% if orchestration_engine == 'ANSIBLE' %}, diff --git a/ansible/roles/telegraf/defaults/main.yml b/ansible/roles/telegraf/defaults/main.yml index dc4b76afbb..1ab9f3621f 100644 --- a/ansible/roles/telegraf/defaults/main.yml +++ b/ansible/roles/telegraf/defaults/main.yml @@ -33,3 +33,4 @@ haproxy_proto: "http" influxdb_proto: "http" rabbitmq_proto: "http" mariadb_proto: "tcp" +outward_rabbitmq_proto: "http" diff --git a/ansible/roles/telegraf/templates/telegraf.conf.j2 b/ansible/roles/telegraf/templates/telegraf.conf.j2 index 58f6bd63c9..f1bf40f208 100644 --- a/ansible/roles/telegraf/templates/telegraf.conf.j2 +++ b/ansible/roles/telegraf/templates/telegraf.conf.j2 @@ -53,6 +53,12 @@ username = "{{ rabbitmq_user }}" password = "{{ rabbitmq_password }}" {% endif %} +{% if inventory_hostname in groups['outward-rabbitmq'] and enable_outward_rabbitmq | bool %} +[[inputs.rabbitmq]] + url = "{{ outward_rabbitmq_proto }}://{{ api_interface_address }}:{{ outward_rabbitmq_management_port }}" + username = "{{ outward_rabbitmq_user }}" + password = "{{ outward_rabbitmq_password }}" +{% endif %} {% if inventory_hostname in groups['mariadb'] and enable_mariadb | bool %} [[inputs.mysql]] servers = ["{{ database_user }}:{{ database_password }}@{{ mariadb_proto }}({{ api_interface_address }}:{{ database_port }})/"] diff --git a/ansible/site.yml b/ansible/site.yml index c7086f76b2..acbc212714 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -165,8 +165,33 @@ roles: - { role: rabbitmq, tags: rabbitmq, + role_rabbitmq_cluster_cookie: '{{ rabbitmq_cluster_cookie }}', + role_rabbitmq_cluster_port: '{{ rabbitmq_cluster_port }}', + role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}', + role_rabbitmq_groups: rabbitmq, + role_rabbitmq_management_port: '{{ rabbitmq_management_port }}', + role_rabbitmq_password: '{{ rabbitmq_password }}', + role_rabbitmq_port: '{{ rabbitmq_port }}', + role_rabbitmq_user: '{{ rabbitmq_user }}', when: enable_rabbitmq | bool } +- name: Apply role rabbitmq (outward) + gather_facts: false + hosts: outward-rabbitmq + roles: + - { role: rabbitmq, + tags: rabbitmq, + project_name: outward_rabbitmq, + role_rabbitmq_cluster_cookie: '{{ outward_rabbitmq_cluster_cookie }}', + role_rabbitmq_cluster_port: '{{ outward_rabbitmq_cluster_port }}', + role_rabbitmq_epmd_port: '{{ outward_rabbitmq_epmd_port }}', + role_rabbitmq_groups: outward-rabbitmq, + role_rabbitmq_management_port: '{{ outward_rabbitmq_management_port }}', + role_rabbitmq_password: '{{ outward_rabbitmq_password }}', + role_rabbitmq_port: '{{ outward_rabbitmq_port }}', + role_rabbitmq_user: '{{ outward_rabbitmq_user }}', + when: enable_outward_rabbitmq | bool } + - name: Apply role etcd gather_facts: false hosts: etcd diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 298ee70a1c..43310fc61b 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -180,6 +180,8 @@ gnocchi_user_id: #################### rabbitmq_password: rabbitmq_cluster_cookie: +outward_rabbitmq_password: +outward_rabbitmq_cluster_cookie: #################### # HAProxy options diff --git a/releasenotes/notes/outward-rabbitmq-0024957af87a7c7e.yaml b/releasenotes/notes/outward-rabbitmq-0024957af87a7c7e.yaml new file mode 100644 index 0000000000..8eaf9591e1 --- /dev/null +++ b/releasenotes/notes/outward-rabbitmq-0024957af87a7c7e.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add a new 'outward facing' rabbitmq, for services + which require a user facing message queue such as + Murano or Trove.