Policies were always applied to target `all` aspects and
there was no way to have them target only e.g. exchanges.
This can be important though, see [1].
This change enables the use of the apply_to parmeter via the existing
variables while maintaining `all` to be the default.
[1] https://www.rabbitmq.com/docs/parameters#how-policies-work
Change-Id: I61d68c630599b8ef2382663e8a37fdc456435c11
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I63f6a2c803370736e969aa3a4dea3ea959316def
Using 'always' tag in combination with condition depending on
variables is not always a good idea because these variables may not be
defined at the moment.
Currently, rabbitmq_server role cannot be executed with tag limit,
because task containing 'always' tag has a condition operating on
variable(s) that are registered only when 'rabbitmq-config' tag is being
used.
Change-Id: I7ef7b3fed79933b4c8bbc39a63ca6db54532e10e
This line snuck in with Ie2d656bc04ea600e35735a7a8630cadd915469b7
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Ib47d6dd5eff0df89ccb23c4adb141c7a6a89d298
There is no need in using complicated shell for getting/grepping
for instaled rabbitmq version as this can be done in more neat way
with simple commad.
Alternative would be to gather package facts, but we may want not to
rely on facts caching and leave quering package managers.
Change-Id: Ieb858a7e850ec6b48989196392fb85a4b3c2a8a7
Record for 127.0.1.1 is added by some distributions which makes
clustering fail, as Erlang port is binded to mgmt IP, while rabbit
expects to access it through $hostname, which would lead to 127.0.1.1.
At same time it's possbile to explicitly bind distribution port only
to single address. So we need to
ensure that hostname resolvs to mgmt IP and drop record for 127.0.1.1
Closes-Bug: #1960587
Change-Id: I907d4714319ac7134ede0dc62b51c1964b9befc5
With this patch we ensure that duplicated records are not
created with rabbitmq role if hosts file already contain
OSA managed block. Managing hosts still might be required for
role usage outside of the OSA so we workaround this usecase.
Change-Id: Ia20902f0ffe21ce563966fee4d233e5ec3afe3d9
Related-Bug: #1960587
It appears that old repo must be removed explicitly and apt_repository
don't have an option for exclusive content when filename defined
So we need to drop old repo after switching to cloudsmith to avoid
fetching data from them and make repos clean during upgrade.
Change-Id: Iffb5dd5f9a1937825e2cc345b720d7af072608c1
Replace placing templates for systemd overrides with
systemd_service role, that will handle overrides for us in more
convenient and unified way.
Change-Id: I2759b1949e9ecc98953f414c6f9838aed7dd8499
Currently Debian Bullseye doesn't have erlang provided by external repos
So in order to update rabbitmq version used we need to implement
rabbitmq_erlang_install_method, so that we could use external rabbitmq
with distro provided erlang.
Hpefully that is temporary solution and erlang packages for bullseye
will be built one day.
Change-Id: I32256271759d26522c17fe14c75b41da4c86c31a
Switch to using cloudsmith repo as a source for rabbitmq and erlang.
This allows us to be consistent about repository that is
used across supported distributions along with switching from
unreliable erlang-solutions that tend to fail periodically.
Change-Id: Ia438ee3b0aa1ba95aff014776e936516b83181ec
Starting from RabbitMQ 3.7.0 it's recommended to use new-style
config which is simply an ini file.
It's easier to read and maintain config file in ini fromat rather then
in classic erlang.
At the same time we still keep old-style config as it might have settings
that are not supported in new-style config.
There're no evidences that used there options are still supported,
but it's worth deprecating them in follow-up patch anyway.
Change-Id: I239366ad4aa2bc7a02d826b6c2f94631f4b0e622
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Ie2d656bc04ea600e35735a7a8630cadd915469b7
It might be desired by deployer to remove already applied policy.
For that policy state should be explicitly passeda as absent
for the module.
Change-Id: I24bb110998eef978daf618964c1ee3713eb6b339
With include_tasks we got tags behaviour broken since they need to
be specifically applied and "always" tag should be assigned for include
itself for tags inside include to work properly.
Change-Id: If912a2fe2ca5358dd680fec85ef16823c46713bb
Packages for bullseye are only availble from the distro repository
as there are no officially provided packages from RabbitMQ or Erlang
Solutions yet.
Change-Id: I8515470997982ccb765b6e3bbc824a5445d99f86
Supports two scenarios:
1) variables defined in defaults/main.yml are sufficient to create
a root/intermediate CA certificate for rabbitmq when this role
is used outside openstack-ansible.
2) when:
openstack_pki_dir
openstack_pki_setup_host
openstack_pki_authorities
openstack_pki_service_intermediate_cert_name
are defined, an external CA already created on the deploy host
with a previous run of ansible-role-pki will be used as the CA.
Server certificates for the rabbitmq instances are created from the
data in rabbitmq_pki_certificates in both situations:
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/788031
Change-Id: I4cb7c48a74a307217b645cb8528fdbb0f7b9f596
If an adjustment to the rabbit config is made which rewrites the
config file, and the playbook is run with
--tags rabbitmq-config,rabbitmq_server-config then the new config
file will be written but the service is not restarted.
This patch adds tag inheritance to the include_tasks for service
restarts to ensure that the service is restarted if the just the
config is updated.
Change-Id: Ia4bcc7a9421d16a8bc35340e1a31a3eb15519369
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ic1b8b532adec2c46373d3a0a3cea8387bff7817a
Remove the ansible 2.9 compatibility task. This change means that this
role requires either ansible 2.9 or 2.10, with the community.rabbitmq
collection in order to give the 'broker_state' parameter for the
rabbitmq_plugin module.
Change-Id: I430c8edc8c973b9018ff9a4d865c174ee07dcc7a
Since we've switched to ansible 2.10 we should explicitly use modules
provided by rabbitmq collection.
Depends-On: https://review.opendev.org/755484
Change-Id: I1a71b123f5524f194cac2388d59b1879752b5cd7
This unifies the way of rabbitmq installation across all distros.
Also includes reno for deprecation of file installation method.
Change-Id: Idcf2d298e2808ef7b1a2160fc94cd6c1b5929182
There doesn't seem to be a need to check for changed either, and
it's easier to read "when: item is not skipped"
Change-Id: I7d8300bcdf0caf24485ce2edc5f2be2672369d2f
Older ansible versions used search as a filter but this is no longer
valid, and search should be used as a test
Change-Id: I4d846b7704e22d1ae58163d413c86dd01ff3563c
This patch makes SUSE use the upstream repos for RabbitMQ and
the devel:languages:erlang:Factory for Erlang.
As all distros are using rabbit 3.8 we can drop checking
3.7 style cluster_status output.
Change-Id: Ifaba2611f987e4e135b7a28db6c6053ef63b0913
The bind address and port can be overriden to be different from
the role defaults, so we must check the actual configured values
rather than assume the defaults.
Change-Id: I61a7b7ec91a6e89f2ab060c2853c7f2d17ce1906
This patch changes the default deployment back to using the
RabbitMQ external repositories. This restores the behaviour
to the same as the old and ships the 3.7.x series.
We deploy without HiPE by default however our testing is doing
it with HiPE. This patch drops it so we can actually test
behaviour that we deploy by default.
Change-Id: I49747e104f118ef1fb2bdeb329c92d2f5fb66c56
This patch uses a feature of apt_key that allows us to send
a payload containing the key data directly without having
to upload it beforehand.
Change-Id: I4d0ce755461ae27018015dd63581ba9b64cf5122
The workaround for the missing unit file is no longer necessary
as the fix has been merged upstream. This patch removes that
extra change.
Change-Id: I95c72e9ccb2a96f1956b0b4b8d82ec8d80b29fa9
We have in the past provided "safe defaults" in the role, because
this role is focused on a rabbitmq server for openstack.
Nowadays, this role is used outside OpenStack-Ansible, and should be
made more independant of it.
Having default policies is a problem because it forces users to define
an empty policy as an override, or their own policy, overriding the existing
"safe default".
This provides a boolean, defaulting to false, to conditionally add the
openstack queues policies. If set to true, we'll apply the "previous behaviour"
to automatically deploy the "safe defaults", which is adding
`rabbitmq_openstack_policies` to the user defined ``rabbitmq_policies``.
Depends-On: https://review.openstack.org/640300
Change-Id: I0bf6e1829ade63052c0c7efe81afb0b765857687