Currently 3 sets of credentials are generated for MQ, per service:
- rabbitmq_password
- oslomsg_rpc_password
- oslomsg_notify_password
In each service, we should use x_oslomsg_rpc_password and
x_oslomsg_notify_password, and not rabbitmq.
However there is no wiring as of today. This could lead
to a username like nova, on a vhost nova, with 3 different
passwords. Only one would work.
This patch ensures the wiring is done by default, for all
the roles to be able to use x_oslomsg_notify_password and
x_oslomsg_rpc_password. This is done by always referencing,
in the notify part, the credentials to the rpc part.
The RPC part is then a reference to the rabbitmq_password, so
it's easy to upgrade from queens to Rocky without changes.
If a deployer wants to override the credentials, he can
do so by uncommenting the appropriate line in the
user_secrets. This would then override the existing group_vars
and wire the secrets appropriately. A new user should be
used in that case, as written in the comments.
Change-Id: I834bdc5a33f6b3c49452a9948c889caa79659f3c
f2a3c8ed69