869e3f21c2
The RabbitMQ 'openstack' user has the 'administrator' tag assigned via the RabbitMQ definitions.json file. Since the Train release, the nova-cell role also configures the RabbitMQ user, but omits the tag. This causes the tag to be removed from the user, which prevents it from accessing the management UI and API. This change adds support for configuring user tags to the service-rabbitmq role, and sets the administrator tag by default. Change-Id: I7a5d6fe324dd133e0929804d431583e5b5c1853d Closes-Bug: #1875786
45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
---
|
|
- block:
|
|
- name: "{{ project_name }} | Ensure RabbitMQ vhosts exist"
|
|
kolla_toolbox:
|
|
module_name: rabbitmq_vhost
|
|
module_args:
|
|
name: "{{ item }}"
|
|
user: rabbitmq
|
|
loop: "{{ service_rabbitmq_users | map(attribute='vhost') | unique | reject('equalto', '/') | list }}"
|
|
register: service_rabbitmq_result
|
|
until: service_rabbitmq_result is success
|
|
retries: "{{ service_rabbitmq_retries }}"
|
|
delay: "{{ service_rabbitmq_delay }}"
|
|
|
|
- name: "{{ project_name }} | Ensure RabbitMQ users exist"
|
|
kolla_toolbox:
|
|
module_name: rabbitmq_user
|
|
module_args:
|
|
user: "{{ item.user }}"
|
|
password: "{{ item.password }}"
|
|
update_password: always
|
|
vhost: "{{ item.vhost }}"
|
|
configure_priv: ".*"
|
|
read_priv: ".*"
|
|
tags: "{{ item.tags | default([]) | join(',') }}"
|
|
write_priv: ".*"
|
|
user: rabbitmq
|
|
loop: "{{ service_rabbitmq_users }}"
|
|
loop_control:
|
|
label:
|
|
user: "{{ item.user }}"
|
|
vhost: "{{ item.vhost }}"
|
|
register: service_rabbitmq_result
|
|
until: service_rabbitmq_result is success
|
|
retries: "{{ service_rabbitmq_retries }}"
|
|
delay: "{{ service_rabbitmq_delay }}"
|
|
no_log: True
|
|
|
|
become: true
|
|
when: service_rabbitmq_when | bool
|
|
delegate_to: "{{ service_rabbitmq_delegate_host }}"
|
|
run_once: "{{ service_rabbitmq_run_once }}"
|
|
tags:
|
|
- service-rabbitmq
|