Commit Graph

155 Commits

Author SHA1 Message Date
Christian Rohmann 1d9a0837e9 Add support for the apply_to parameter for policies
Policies were always applied to target `all` aspects and
there was no way to have them target only e.g. exchanges.
This can be important though, see [1].

This change enables the use of the apply_to parmeter via the existing
variables while maintaining `all` to be the default.

[1] https://www.rabbitmq.com/docs/parameters#how-policies-work

Change-Id: I61d68c630599b8ef2382663e8a37fdc456435c11
2024-03-01 10:54:57 +01:00
Jonathan Rosser 6722f0bea4 Remove legacy upgrade task
This task is no longer needed in recent releases of openstack-ansible.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/907886
Change-Id: I2190c16548fb44948a26ee2817d8f71fbe66be53
2024-02-05 17:06:21 +00:00
Dmitriy Rabotyagov b4a3b6269b Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: I63f6a2c803370736e969aa3a4dea3ea959316def
2023-07-12 13:32:46 +02:00
Damian Dabrowski e6f1c69558 Do not use 'always' tag in inappropriate places
Using 'always' tag in combination with condition depending on
variables is not always a good idea because these variables may not be
defined at the moment.

Currently, rabbitmq_server role cannot be executed with tag limit,
because task containing 'always' tag has a condition operating on
variable(s) that are registered only when 'rabbitmq-config' tag is being
used.

Change-Id: I7ef7b3fed79933b4c8bbc39a63ca6db54532e10e
2023-03-07 09:10:59 +00:00
Jonathan Rosser d2a7fbe527 Remove "warn" parameter from command module
This is removed in ansible 2.14.

Change-Id: I3149f3babe9acf8c5854982f2d8e1cbcc23371e1
2023-01-10 09:24:24 +00:00
Erik Berg 85cd51c24e Remove redundant vars line
This line snuck in with Ie2d656bc04ea600e35735a7a8630cadd915469b7
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: Ib47d6dd5eff0df89ccb23c4adb141c7a6a89d298
2022-09-14 14:21:44 +02:00
Dmitriy Rabotyagov dceda157fa Replace shell with simple command for version verification
There is no need in using complicated shell for getting/grepping
for instaled rabbitmq version as this can be done in more neat way
with simple commad.

Alternative would be to gather package facts, but we may want not to
rely on facts caching and leave quering package managers.

Change-Id: Ieb858a7e850ec6b48989196392fb85a4b3c2a8a7
2022-04-13 11:43:08 +00:00
Dmitriy Rabotyagov 8316e00cf0 Pass rabbitmq role in check mode
In order to pass check mode, we must retrieve current installed version
regardless of mode.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837706
Change-Id: Ib6a3084a8f5afd3d045864d0853ebffa025329e0
2022-04-13 11:37:50 +00:00
Zuul 67679fcf2a Merge "Remove affecting rabbitmq hosts record" 2022-03-23 12:14:36 +00:00
Zuul 1de3bf4cc7 Merge "Verify if hosts file already managed with OSA" 2022-03-23 12:14:34 +00:00
Dmitriy Rabotyagov e6b3ddbc1e Remove affecting rabbitmq hosts record
Record for 127.0.1.1 is added by some distributions which makes
clustering fail, as Erlang port is binded to mgmt IP, while rabbit
expects to access it through $hostname, which would lead to 127.0.1.1.
At same time it's possbile to explicitly bind distribution port only
to single address. So we need to
ensure that hostname resolvs to mgmt IP and drop record for 127.0.1.1

Closes-Bug: #1960587
Change-Id: I907d4714319ac7134ede0dc62b51c1964b9befc5
2022-02-21 14:58:39 +01:00
Dmitriy Rabotyagov c8ce051651 Verify if hosts file already managed with OSA
With this patch we ensure that duplicated records are not
created with rabbitmq role if hosts file already contain
OSA managed block. Managing hosts still might be required for
role usage outside of the OSA so we workaround this usecase.

Change-Id: Ia20902f0ffe21ce563966fee4d233e5ec3afe3d9
Related-Bug: #1960587
2022-02-21 12:43:40 +00:00
Zuul cf7d4bafe1 Merge "Remove old repos for Debian" 2022-02-12 02:03:05 +00:00
Zuul ae3c16ba00 Merge "Use systemd_service role for overrides" 2022-02-11 19:19:38 +00:00
Zuul 5956b05381 Merge "Use sysctl ini-like config file" 2022-02-11 18:38:02 +00:00
Dmitriy Rabotyagov 3a735007c6 Remove old repos for Debian
It appears that old repo must be removed explicitly and apt_repository
don't have an option for exclusive content when filename defined
So we need to drop old repo after switching to cloudsmith to avoid
fetching data from them and make repos clean during upgrade.

Change-Id: Iffb5dd5f9a1937825e2cc345b720d7af072608c1
2022-02-03 19:30:11 +00:00
Dmitriy Rabotyagov 8271919b17 Use systemd_service role for overrides
Replace placing templates for systemd overrides with
systemd_service role, that will handle overrides for us in more
convenient and unified way.

Change-Id: I2759b1949e9ecc98953f414c6f9838aed7dd8499
2022-02-01 21:42:49 +02:00
Dmitriy Rabotyagov 1b570e3511 Allow different install methods for rabbit/erlang
Currently Debian Bullseye doesn't have erlang provided by external repos
So in order to update rabbitmq version used we need to implement
rabbitmq_erlang_install_method, so that we could use external rabbitmq
with distro provided erlang.

Hpefully that is temporary solution and erlang packages for bullseye
will be built one day.

Change-Id: I32256271759d26522c17fe14c75b41da4c86c31a
2022-01-31 21:03:40 +00:00
Dmitriy Rabotyagov 4ab856bfef Use cloudsmith repo for rabbit and erlang
Switch to using cloudsmith repo as a source for rabbitmq and erlang.

This allows us to be consistent about repository that is
used across supported distributions along with switching from
unreliable erlang-solutions that tend to fail periodically.

Change-Id: Ia438ee3b0aa1ba95aff014776e936516b83181ec
2022-01-29 07:35:17 +00:00
Dmitriy Rabotyagov e707eecdd8 Use sysctl ini-like config file
Starting from RabbitMQ 3.7.0 it's recommended to use new-style
config which is simply an ini file.

It's easier to read and maintain config file in ini fromat rather then
in classic erlang.

At the same time we still keep old-style config as it might have settings
that are not supported in new-style config.

There're no evidences that used there options are still supported,
but it's worth deprecating them in follow-up patch anyway.

Change-Id: I239366ad4aa2bc7a02d826b6c2f94631f4b0e622
2022-01-25 19:27:01 +02:00
Jonathan Rosser e41730d531 Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: Ie2d656bc04ea600e35735a7a8630cadd915469b7
2022-01-12 08:04:03 +00:00
Zuul 34819a10ac Merge "Allow to provide policy state" 2021-12-04 18:49:44 +00:00
Dmitriy Rabotyagov bf5da3b7fa Allow to provide policy state
It might be desired by deployer to remove already applied policy.
For that policy state should be explicitly passeda as absent
for the module.

Change-Id: I24bb110998eef978daf618964c1ee3713eb6b339
2021-12-03 11:27:12 +00:00
Dmitriy Rabotyagov e6ef36449b Fix tags usage
With include_tasks we got tags behaviour broken since they need to
be specifically applied and "always" tag should be assigned for include
itself for tags inside include to work properly.

Change-Id: If912a2fe2ca5358dd680fec85ef16823c46713bb
2021-11-30 21:04:04 +02:00
Dmitriy Rabotyagov a2b11fcad9 Fix PKI certificates regeneration
We were passing wrong variable to PKI role which didn't have any effect.

Change-Id: Iefbd2d116c867dc673edab2bfdadde6b6a75f3f9
2021-09-09 11:28:08 +03:00
Zuul 840f47f4b9 Merge "Use ansible-role-pki to generate SSL certificates" 2021-06-10 13:30:54 +00:00
Jonathan Rosser 235d912059 Add debian bullseye support
Packages for bullseye are only availble from the distro repository
as there are no officially provided packages from RabbitMQ or Erlang
Solutions yet.

Change-Id: I8515470997982ccb765b6e3bbc824a5445d99f86
2021-05-18 07:54:51 +00:00
Jonathan Rosser df13274e15 Use ansible-role-pki to generate SSL certificates
Supports two scenarios:

1) variables defined in defaults/main.yml are sufficient to create
a root/intermediate CA certificate for rabbitmq when this role
is used outside openstack-ansible.

2) when:

openstack_pki_dir
openstack_pki_setup_host
openstack_pki_authorities
openstack_pki_service_intermediate_cert_name

are defined, an external CA already created on the deploy host
with a previous run of ansible-role-pki will be used as the CA.

Server certificates for the rabbitmq instances are created from the
data in rabbitmq_pki_certificates in both situations:

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/788031
Change-Id: I4cb7c48a74a307217b645cb8528fdbb0f7b9f596
2021-05-12 06:32:19 +00:00
Jonathan Rosser fb93d2862d Fix service restart when using tags
If an adjustment to the rabbit config is made which rewrites the
config file, and the playbook is run with
--tags rabbitmq-config,rabbitmq_server-config then the new config
file will be written but the service is not restarted.

This patch adds tag inheritance to the include_tasks for service
restarts to ensure that the service is restarted if the just the
config is updated.

Change-Id: Ia4bcc7a9421d16a8bc35340e1a31a3eb15519369
2021-05-05 11:23:06 +00:00
Jonathan Rosser 712641e32c Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: Ic1b8b532adec2c46373d3a0a3cea8387bff7817a
2021-03-17 09:46:35 +00:00
Jonathan Rosser b8fc872113 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ia6dac13c7e2206f4a86ef8e21c5b1cd80eb16e0e
2021-02-24 10:25:04 +00:00
Jonathan Rosser 8e6833be85 Require the use of community.rabbitmq ansible collection
Remove the ansible 2.9 compatibility task. This change means that this
role requires either ansible 2.9 or 2.10, with the community.rabbitmq
collection in order to give the 'broker_state' parameter for the
rabbitmq_plugin module.

Change-Id: I430c8edc8c973b9018ff9a4d865c174ee07dcc7a
2020-10-06 09:57:50 +01:00
Dmitriy Rabotyagov 0f8215e5ad Explicitly use rabbitmq collection
Since we've switched to ansible 2.10 we should explicitly use modules
provided by rabbitmq collection.

Depends-On: https://review.opendev.org/755484
Change-Id: I1a71b123f5524f194cac2388d59b1879752b5cd7
2020-10-01 13:34:52 +00:00
Jonathan Rosser a13ed77cae Set broker_state when enabling plugins with ansible 2.10
Test enabling plugins when broker is not running, see [1].

[1] da64420792

Change-Id: Id1cb84220fc587aa4cde87b75346742a59e59805
2020-09-28 08:45:10 +00:00
Dmitriy Rabotyagov fc27e735a6 Add Centos-8 support
Depends-On: https://review.opendev.org/734672
Depends-On: https://review.opendev.org/735289
Change-Id: I35690f9a54337d6a268406ddcf6726f7040ac966
2020-06-24 20:41:27 +00:00
Dmitriy Rabotyagov 37c9bc026e Install rabbitmq from external_repo for all distros
This unifies the way of rabbitmq installation across all distros.
Also includes reno for deprecation of file installation method.

Change-Id: Idcf2d298e2808ef7b1a2160fc94cd6c1b5929182
2020-04-13 23:30:38 +03:00
Erik Berg 7aa3d4a9ca rabbitmq_server: there's no system change on a package query
There doesn't seem to be a need to check for changed either, and
it's easier to read "when: item is not skipped"

Change-Id: I7d8300bcdf0caf24485ce2edc5f2be2672369d2f
2020-03-15 02:24:17 +01:00
ShangXiao 5761171b92 Fix typos in install_apt.yml
Change-Id: I5c82c6c10d32ccfb19c983fd4aaf0a44aee31681
2019-11-07 10:56:56 +08:00
Dmitriy Rabotyagov 95bd648ef0 Ansible 'search' is a test not a filter
Older ansible versions used search as a filter but this is no longer
valid, and search should be used as a test

Change-Id: I4d846b7704e22d1ae58163d413c86dd01ff3563c
2019-11-05 19:54:48 +02:00
Mohammed Naser 246ff262e5 suse: switch to using upstream repos
This patch makes SUSE use the upstream repos for RabbitMQ and
the devel:languages:erlang:Factory for Erlang.

As all distros are using rabbit 3.8 we can drop checking
3.7 style cluster_status output.

Change-Id: Ifaba2611f987e4e135b7a28db6c6053ef63b0913
2019-10-31 09:30:26 +02:00
Dmitriy Rabotyagov 427ab54f39 Bump rabbitmq & erlang versions
Change-Id: Ibf87ccb4554ab7d765d542f5fae3cd857dbf5733
2019-10-22 18:20:52 +03:00
Jonathan Rosser 0fb7cc475b Fix detection of rabbitmq restart
The bind address and port can be overriden to be different from
the role defaults, so we must check the actual configured values
rather than assume the defaults.

Change-Id: I61a7b7ec91a6e89f2ab060c2853c7f2d17ce1906
2019-07-11 13:45:13 +00:00
Mohammed Naser 961ea18059 el7: switch to external_repo install_method
This patch changes the default deployment back to using the
RabbitMQ external repositories.  This restores the behaviour
to the same as the old and ships the 3.7.x series.

We deploy without HiPE by default however our testing is doing
it with HiPE.  This patch drops it so we can actually test
behaviour that we deploy by default.

Change-Id: I49747e104f118ef1fb2bdeb329c92d2f5fb66c56
2019-06-16 16:45:01 +00:00
Mohammed Naser c41b570bc8 apt: converge upload + apt_key tasks
This patch uses a feature of apt_key that allows us to send
a payload containing the key data directly without having
to upload it beforehand.

Change-Id: I4d0ce755461ae27018015dd63581ba9b64cf5122
2019-06-11 17:49:56 -04:00
Mohammed Naser b12b7545c4 Revert "add gentoo support to rabbitmq role"
This reverts commit 13e493c77a.

Change-Id: Ie483be38c923196385b5788197afb780cb2d9845
2019-06-11 16:58:35 -04:00
Mohammed Naser aae0f5dbc0 yum: drop packaging workaround
The workaround for the missing unit file is no longer necessary
as the fix has been merged upstream.  This patch removes that
extra change.

Change-Id: I95c72e9ccb2a96f1956b0b4b8d82ec8d80b29fa9
2019-06-11 16:48:51 -04:00
Jonathan Rosser 8edc262751 Remove deprecated use of tests as filters
Change-Id: I5678e5fb009ee329e1d8eb60859f6f5eae83baa4
2019-05-12 17:08:28 +00:00
Zuul e907f84e1d Merge "Do not configure openstack policies by default" 2019-03-19 14:56:05 +00:00
Jean-Philippe Evrard 442a3207b2 Do not configure openstack policies by default
We have in the past provided "safe defaults" in the role, because
this role is focused on a rabbitmq server for openstack.
Nowadays, this role is used outside OpenStack-Ansible, and should be
made more independant of it.

Having default policies is a problem because it forces users to define
an empty policy as an override, or their own policy, overriding the existing
"safe default".

This provides a boolean, defaulting to false, to conditionally add the
openstack queues policies. If set to true, we'll apply the "previous behaviour"
to automatically deploy the "safe defaults", which is adding
`rabbitmq_openstack_policies` to the user defined ``rabbitmq_policies``.

Depends-On: https://review.openstack.org/640300
Change-Id: I0bf6e1829ade63052c0c7efe81afb0b765857687
2019-03-01 11:05:00 +01:00
Zuul 282b5e1fe5 Merge "add gentoo support to rabbitmq role" 2019-02-26 14:40:24 +00:00