From 442a3207b270dac88c7479e139cceefdd7280518 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Fri, 1 Mar 2019 10:54:59 +0100 Subject: [PATCH] Do not configure openstack policies by default We have in the past provided "safe defaults" in the role, because this role is focused on a rabbitmq server for openstack. Nowadays, this role is used outside OpenStack-Ansible, and should be made more independant of it. Having default policies is a problem because it forces users to define an empty policy as an override, or their own policy, overriding the existing "safe default". This provides a boolean, defaulting to false, to conditionally add the openstack queues policies. If set to true, we'll apply the "previous behaviour" to automatically deploy the "safe defaults", which is adding `rabbitmq_openstack_policies` to the user defined ``rabbitmq_policies``. Depends-On: https://review.openstack.org/640300 Change-Id: I0bf6e1829ade63052c0c7efe81afb0b765857687 --- defaults/main.yml | 4 +++- tasks/rabbitmq_post_install.yml | 2 +- tests/rabbitmq_server-overrides.yml | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 80f6cb58..bd4c036c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -151,7 +151,9 @@ rabbitmq_disable_non_tls_listeners: False # tags: "ha-sync-mode=automatic" # priority: 0 # -rabbitmq_policies: +rabbitmq_policies: [] +rabbitmq_apply_openstack_policies: False +rabbitmq_openstack_policies: - name: "HA" pattern: '^(?!(amq\.)|(.*_fanout_)|(reply_)).*' tags: "ha-mode=all" diff --git a/tasks/rabbitmq_post_install.yml b/tasks/rabbitmq_post_install.yml index b1e3d0e4..a40d8fdf 100644 --- a/tasks/rabbitmq_post_install.yml +++ b/tasks/rabbitmq_post_install.yml @@ -82,7 +82,7 @@ priority: "{{ item.priority | default(0) }}" tags: "{{ item.tags }}" register: rabbitmq_policy - with_items: "{{ rabbitmq_policies }}" + loop: "{{ (rabbitmq_apply_openstack_policies | bool) | ternary(rabbitmq_openstack_policies + rabbitmq_policies, rabbitmq_policies) }}" tags: - rabbitmq-config - rabbitmq-cluster diff --git a/tests/rabbitmq_server-overrides.yml b/tests/rabbitmq_server-overrides.yml index 3323a81f..09387684 100644 --- a/tests/rabbitmq_server-overrides.yml +++ b/tests/rabbitmq_server-overrides.yml @@ -3,3 +3,4 @@ rabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem rabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key rabbitmq_hipe_compile: True +rabbitmq_apply_openstack_policies: True