From 869e3f21c2e929c8d6731a09e0283ced92cdbf6a Mon Sep 17 00:00:00 2001 From: Jeffrey Zhang Date: Wed, 29 Apr 2020 13:34:45 +0800 Subject: [PATCH] Configure RabbitMQ user tags in nova-cell role The RabbitMQ 'openstack' user has the 'administrator' tag assigned via the RabbitMQ definitions.json file. Since the Train release, the nova-cell role also configures the RabbitMQ user, but omits the tag. This causes the tag to be removed from the user, which prevents it from accessing the management UI and API. This change adds support for configuring user tags to the service-rabbitmq role, and sets the administrator tag by default. Change-Id: I7a5d6fe324dd133e0929804d431583e5b5c1853d Closes-Bug: #1875786 --- ansible/roles/nova-cell/defaults/main.yml | 5 +++++ ansible/roles/service-rabbitmq/defaults/main.yml | 1 + ansible/roles/service-rabbitmq/tasks/main.yml | 1 + .../notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml | 7 +++++++ 4 files changed, 14 insertions(+) create mode 100644 releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 9d52b56471..7aaa1b8268 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -161,6 +161,8 @@ nova_cell_rpc_port: "{{ om_rpc_port }}" nova_cell_rpc_group_name: "{{ om_rpc_group }}" nova_cell_rpc_transport: "{{ om_rpc_transport }}" nova_cell_rpc_vhost: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else om_rpc_vhost }}" +nova_cell_rpc_tags: + - "administrator" nova_cell_notify_user: "{{ nova_cell_rpc_user }}" nova_cell_notify_password: "{{ nova_cell_rpc_password }}" @@ -168,6 +170,7 @@ nova_cell_notify_port: "{{ nova_cell_rpc_port }}" nova_cell_notify_group_name: "{{ nova_cell_rpc_group_name }}" nova_cell_notify_transport: "{{ nova_cell_rpc_transport }}" nova_cell_notify_vhost: "{{ nova_cell_rpc_vhost }}" +nova_cell_notify_tags: "{{ nova_cell_rpc_tags }}" # External Rabbit users should override these nova_cell_rpc_transport_url: "{{ nova_cell_rpc_transport }}://{% for host in groups[nova_cell_rpc_group_name] %}{{ nova_cell_rpc_user }}:{{ nova_cell_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_rpc_vhost }}" @@ -178,10 +181,12 @@ nova_cell_rpc_rabbitmq_users: - user: "{{ nova_cell_rpc_user }}" password: "{{ nova_cell_rpc_password }}" vhost: "{{ nova_cell_rpc_vhost }}" + tags: "{{ nova_cell_rpc_tags }}" nova_cell_notify_rabbitmq_users: - user: "{{ nova_cell_notify_user }}" password: "{{ nova_cell_notify_password }}" vhost: "{{ nova_cell_notify_vhost }}" + tags: "{{ nova_cell_notify_tags }}" #################### # Docker diff --git a/ansible/roles/service-rabbitmq/defaults/main.yml b/ansible/roles/service-rabbitmq/defaults/main.yml index df99fac879..291430c866 100644 --- a/ansible/roles/service-rabbitmq/defaults/main.yml +++ b/ansible/roles/service-rabbitmq/defaults/main.yml @@ -21,5 +21,6 @@ service_rabbitmq_delay: 10 # 'user' # 'password' # 'vhost' +# 'tags' # Virtual hosts in this list will also be created. service_rabbitmq_users: [] diff --git a/ansible/roles/service-rabbitmq/tasks/main.yml b/ansible/roles/service-rabbitmq/tasks/main.yml index 45f8f021e5..ae8f87a741 100644 --- a/ansible/roles/service-rabbitmq/tasks/main.yml +++ b/ansible/roles/service-rabbitmq/tasks/main.yml @@ -22,6 +22,7 @@ vhost: "{{ item.vhost }}" configure_priv: ".*" read_priv: ".*" + tags: "{{ item.tags | default([]) | join(',') }}" write_priv: ".*" user: rabbitmq loop: "{{ service_rabbitmq_users }}" diff --git a/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml b/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml new file mode 100644 index 0000000000..ec6c1a8488 --- /dev/null +++ b/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes an issue with RabbitMQ where tags would be removed from the + ``openstack`` user after deploying Nova. This prevents the user from + accessing the RabbitMQ management UI. `LP#1875786 + `__