commit 0550dbc26ab7217fff2b35e32413d2180ebe4584 Author: Andy McCrae Date: Fri Jun 26 16:18:51 2015 +0100 Add MaaS specific rabbitmq user Since we are removing the guest/guest user from rabbitmq as part of os-ad we need to create a maas specific user that has "administrator" privileges, otherwise the monitors don't work. This patch adds a maas_user to rabbit, with a password specified in user_extras_secrets. This is then passed to the monitors for rabbit as they are created. diff --git a/rpcd/etc/openstack_deploy/user_extras_secrets.yml b/rpcd/etc/openstack_deploy/user_extras_secrets.yml index c5ac651..a6e4abf 100644 --- a/rpcd/etc/openstack_deploy/user_extras_secrets.yml +++ b/rpcd/etc/openstack_deploy/user_extras_secrets.yml @@ -16,3 +16,4 @@ maas_keystone_password: rpc_support_holland_password: kibana_password: +maas_rabbitmq_password: diff --git a/rpcd/playbooks/roles/rpc_maas/defaults/main.yml b/rpcd/playbooks/roles/rpc_maas/defaults/main.yml index 7ee88ac..14fd7b7 100644 --- a/rpcd/playbooks/roles/rpc_maas/defaults/main.yml +++ b/rpcd/playbooks/roles/rpc_maas/defaults/main.yml @@ -134,6 +134,12 @@ maas_scheme: http maas_keystone_user: maas # +# maas_rabbitmq_user: The rabbitmq user that is created for rabbitmq tests to use. +# +# +maas_rabbitmq_user: maas_user + +# # maas_alarm_local_consecutive_count: The number of consecutive failures before an alert is # generated for local checks. # diff --git a/rpcd/playbooks/roles/rpc_maas/tasks/local.yml b/rpcd/playbooks/roles/rpc_maas/tasks/local.yml index b08148c..207839e 100644 --- a/rpcd/playbooks/roles/rpc_maas/tasks/local.yml +++ b/rpcd/playbooks/roles/rpc_maas/tasks/local.yml @@ -304,7 +304,7 @@ - include: local_setup.yml vars: check_name: rabbitmq_status - check_details: file={{ check_name }}.py,args=-H,args={{ ansible_ssh_host }},args=-n,args={{ inventory_hostname.split('.')[0] }} + check_details: file={{ check_name }}.py,args=-H,args={{ ansible_ssh_host }},args=-n,args={{ inventory_hostname.split('.')[0] }},args=-U,args={{ maas_rabbitmq_user }},args=-p,args={{ maas_rabbitmq_password }} check_period: "{{ maas_check_period }}" check_timeout: "{{ maas_check_timeout }}" alarms: diff --git a/rpcd/playbooks/roles/rpc_maas/tasks/main.yml b/rpcd/playbooks/roles/rpc_maas/tasks/main.yml index b3c1566..e541fb3 100644 --- a/rpcd/playbooks/roles/rpc_maas/tasks/main.yml +++ b/rpcd/playbooks/roles/rpc_maas/tasks/main.yml @@ -21,6 +21,10 @@ when: > inventory_hostname == groups['utility'][0] +- include: rabbitmq_user.yml + when: > + inventory_hostname == groups['rabbitmq_all'][0] + - include: create_my_cnf.yml when: > inventory_hostname in groups['galera'] diff --git a/rpcd/playbooks/roles/rpc_maas/tasks/rabbitmq_user.yml b/rpcd/playbooks/roles/rpc_maas/tasks/rabbitmq_user.yml new file mode 100644 index 0000000..dcc8fd1 --- /dev/null +++ b/rpcd/playbooks/roles/rpc_maas/tasks/rabbitmq_user.yml @@ -0,0 +1,27 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure MaaS rabbitmq user as administrator + rabbitmq_user: + user: "{{ maas_rabbitmq_user }}" + password: "{{ maas_rabbitmq_password }}" + vhost: "/" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + tags: "administrator" + state: "present" + tags: + - rabbitmq-user