From 32f6503bfbb79943884f29f121648ce09874da26 Mon Sep 17 00:00:00 2001 From: ace Date: Wed, 8 Feb 2023 01:38:33 +0300 Subject: [PATCH] initial commit --- README.md | 134 +++++++++++++++++++++++++++++++ defaults/main.yml | 68 ++++++++++++++++ handlers/main.yaml | 7 ++ meta/main.yaml | 15 ++++ tasks/Debian/install.yaml | 33 ++++++++ tasks/RedHat/install.yaml | 19 +++++ tasks/configure-cluster.yaml | 14 ++++ tasks/configure.yaml | 8 ++ tasks/ha_policy.yaml | 13 +++ tasks/main.yaml | 4 + tasks/plugins.yaml | 21 +++++ tasks/rabbitmq.yaml | 31 +++++++ tasks/users.yaml | 18 +++++ tasks/vhosts.yaml | 14 ++++ templates/erlang.cookie.j2 | 1 + templates/rabbitmq.conf.j2 | 8 ++ templates/rabbitmq.list.j2 | 2 + templates/rabbitmq.repo.j2 | 151 +++++++++++++++++++++++++++++++++++ 18 files changed, 561 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yaml create mode 100644 meta/main.yaml create mode 100644 tasks/Debian/install.yaml create mode 100644 tasks/RedHat/install.yaml create mode 100644 tasks/configure-cluster.yaml create mode 100644 tasks/configure.yaml create mode 100644 tasks/ha_policy.yaml create mode 100644 tasks/main.yaml create mode 100644 tasks/plugins.yaml create mode 100644 tasks/rabbitmq.yaml create mode 100644 tasks/users.yaml create mode 100644 tasks/vhosts.yaml create mode 100644 templates/erlang.cookie.j2 create mode 100644 templates/rabbitmq.conf.j2 create mode 100644 templates/rabbitmq.list.j2 create mode 100644 templates/rabbitmq.repo.j2 diff --git a/README.md b/README.md new file mode 100644 index 0000000..edc2844 --- /dev/null +++ b/README.md @@ -0,0 +1,134 @@ +# RabbitMQ Ansible Role + +## Version + +Set the `rabbitmq_version` and `erlang_version` variables to define the version of RabbitMQ and Erlang to install. + +```yaml +rabbitmq_version: 3.9.8 +erlang_version: 24.1.3 +``` + +## Users + +Set the `rabbitmq_users` variable to define an array of present users. + +```yaml +rabbitmq_users: +- user: admin + password: admin + tags: administrator +``` + +| parameter | required | default | choices | comments | +| -------------- | -------- | ------- | ------- | -------- | +| configure_priv | no | .* | | | +| password | yes | | | | +| read_priv | no | .* | | | +| tags | no | | | | +| user | yes | | | | +| vhost | no | / | | | +| write_priv | no | .* | | | + +### Remove Users + +Set the `rabbitmq_users_absent` variable to define an array of absent users. + +```yaml +rabbitmq_users_absent: +- guest +``` + +## Policies + +Set the `rabbitmq_policies` variable to define policies + +```yaml +rabbitmq_policies: +- name: HA + pattern: .* + tags: + ha-mode: exactly + ha-params: 2 +``` + +## Virtual Hosts + +Set the `rabbitmq_vhosts` variable to define an array of present virtual hosts. + +```yaml +rabbitmq_vhosts: +- /one +- name: /two + node: rabbit + tracing: no +``` + +| parameter | required | default | choices | comments | +| ---------- | -------- | ------- | -------------------------------- | -------- | +| name | yes | | | | +| node | no | rabbit | | | +| tracing | no | no | | | + +### Remove Virtual Hosts + +Set the `rabbitmq_vhosts_absent` variable to define an array of absent virtual hosts. + +```yaml +rabbitmq_vhosts_absent: +- /vhost +``` + +## Plugins + +Set the `rabbitmq_plugins` variable to define an array of enabled plugins. + +```yaml +rabbitmq_plugins: +- rabbitmq_management +- name: rabbitmq_delayed_message_exchange + url: http://www.rabbitmq.com/community-plugins/v3.6.x/rabbitmq_delayed_message_exchange-0.0.1.ez +``` + +| parameter | required | default | choices | comments | +| --------- | -------- | ------- | ------- | ------------------- | +| name | yes | | | | +| url | no | | | Installs the plugin | + +### Disable Plugins + +Set the `rabbitmq_plugins_disabled` variable to disable plugins. + +```yaml +rabbitmq_plugins_disabled: +- rabbitmq_management +``` + +## Configuration + +Set the `rabbitmq_conf` variable to define the configuration. + +```yaml +rabbitmq_conf: | + option = value +``` + +## Cluster + +Set the `rabbitmq_cluster` variable to enable clustering. + +```yaml +rabbitmq_cluster: yes +``` + +### Erlang Cookie + +Set the `rabbitmq_erlang_cookie` variable to define the Erlang cookie. + +```yaml +rabbitmq_erlang_cookie: g9avtqdzdm2p5oe9 +``` + +## License + +MIT diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..5dfd2ae --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,68 @@ +--- +rabbitmq_nodename: "rabbit@{{ ansible_hostname }}" + +rabbitmq_cluster: False + +rabbitmq_cluster_master: "rabbit@{{ hostvars[ansible_play_hosts.0].ansible_hostname }}" + +rabbitmq_erlang_cookie_file: /var/lib/rabbitmq/.erlang.cookie + +rabbitmq_plugin_dir: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version.split('-').0 }}/plugins" + +rabbitmq_plugins: +- rabbitmq_management + +rabbitmq_plugins_enabled: [] +rabbitmq_plugins_disabled: [] + +rabbitmq_users: +- user: admin + password: admin + tags: administrator + +rabbitmq_users_absent: +- guest + +rabbitmq_vhosts: [] + +rabbitmq_vhosts_absent: [] + +rabbitmq_policies: {} + +rabbitmq_rhel_version: 3.9.8 +rabbitmq_rhel_package: rabbitmq-server +erlang_rhel_version: "{{ '24.1.3' if ansible_distribution_major_version == '8' else '23.3.4.8' if ansible_distribution_major_version == '7' }}" +erlang_rhel_package: erlang + +rabbitmq_debian_version: 3.9.8-1 +rabbitmq_debian_package: rabbitmq-server +erlang_debian_version: 1:24.1.3-1rmq1ppa1~ubuntu20.04.1 +erlang_debian_package: + - erlang-base + - erlang-asn1 + - erlang-crypto + - erlang-eldap + - erlang-ftp + - erlang-inets + - erlang-mnesia + - erlang-os-mon + - erlang-parsetools + - erlang-public-key + - erlang-runtime-tools + - erlang-snmp + - erlang-ssl + - erlang-syntax-tools + - erlang-tftp + - erlang-tools + - erlang-xmerl + +rabbitmq_debian_apt_key: + - name: com.rabbitmq.team.gpg + url: https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA + keyring: /etc/apt/trusted.gpg.d/com.rabbitmq.team.gpg + - name: net.launchpad.ppa.rabbitmq.erlang.gpg + url: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xf77f1eda57ebb1cc + keyring: /etc/apt/trusted.gpg.d/net.launchpad.ppa.rabbitmq.erlang.gpg + - name: io.packagecloud.rabbitmq.gpg + url: https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey + keyring: /etc/apt/trusted.gpg.d/io.packagecloud.rabbitmq.gpg diff --git a/handlers/main.yaml b/handlers/main.yaml new file mode 100644 index 0000000..9643941 --- /dev/null +++ b/handlers/main.yaml @@ -0,0 +1,7 @@ +- block: + - name: Restart RabbitMQ server + throttle: 1 + ansible.builtin.systemd: + state: restarted + daemon_reload: yes + name: rabbitmq-server diff --git a/meta/main.yaml b/meta/main.yaml new file mode 100644 index 0000000..2aa467b --- /dev/null +++ b/meta/main.yaml @@ -0,0 +1,15 @@ +--- +galaxy_info: + description: RabbitMQ + license: MIT + min_ansible_version: 1.2 + platforms: + - name: EL + versions: + - 7 + - 8 + galaxy_tags: + - rabbitmq + - cluster + +dependencies: [] diff --git a/tasks/Debian/install.yaml b/tasks/Debian/install.yaml new file mode 100644 index 0000000..0fbc170 --- /dev/null +++ b/tasks/Debian/install.yaml @@ -0,0 +1,33 @@ +--- +- name: Add gpg keys for rabbitmq + ansible.builtin.apt_key: + url: "{{ item.url }}" + keyring: "{{ item.keyring }}" + loop: "{{ rabbitmq_debian_apt_key }}" + +- name: Enable https transport for apt + apt: + name: apt-transport-https + update_cache: yes + +- name: Add rabbitmq.list to sources + template: + src: "rabbitmq.list.j2" + dest: /etc/apt/sources.list.d/rabbitmq.list + +- name: Install deps packages + apt: + name: + - socat + - logrotate + update_cache: yes + +- name: Install erlang {{ erlang_debian_version }} + apt: + name: "{{ erlang_debian_package }}" + update_cache: yes + +- name: Install rabbitmq {{ rabbitmq_debian_version }} + apt: + name: "{{ rabbitmq_debian_package}}={{ rabbitmq_debian_version }}" + update_cache: yes diff --git a/tasks/RedHat/install.yaml b/tasks/RedHat/install.yaml new file mode 100644 index 0000000..9d5c909 --- /dev/null +++ b/tasks/RedHat/install.yaml @@ -0,0 +1,19 @@ +--- +- name: Add rabbitmq.repo to yum.repos.d + template: + src: "rabbitmq.repo.j2" + dest: /etc/yum.repos.d/rabbitmq.repo + +- name: Install deps packages + yum: + name: + - socat + - logrotate + +- name: Install erlang {{ erlang_rhel_version }} + yum: + name: "{{ erlang_rhel_package }}-{{ erlang_rhel_version }}" + +- name: Install rabbitmq {{ rabbitmq_rhel_version }} + yum: + name: "{{ rabbitmq_rhel_package }}-{{ rabbitmq_rhel_version }}" diff --git a/tasks/configure-cluster.yaml b/tasks/configure-cluster.yaml new file mode 100644 index 0000000..d654f89 --- /dev/null +++ b/tasks/configure-cluster.yaml @@ -0,0 +1,14 @@ +--- +- name: Add rabbitmq cluster hosts + lineinfile: + dest: /etc/hosts + line: "{{ hostvars[item].rabbitmq_cluster_ip_address | default(hostvars[item].ansible_default_ipv4.address) }} {{ hostvars[item].ansible_hostname }}" + with_items: "{{ ansible_play_hosts }}" + +- name: Set erlang cookie + template: + src: erlang.cookie.j2 + dest: "{{ rabbitmq_erlang_cookie_file }}" + owner: rabbitmq + group: rabbitmq + mode: 0400 diff --git a/tasks/configure.yaml b/tasks/configure.yaml new file mode 100644 index 0000000..20f271f --- /dev/null +++ b/tasks/configure.yaml @@ -0,0 +1,8 @@ +--- +- name: Configure rabbitmq + template: + src: rabbitmq.conf.j2 + dest: /etc/rabbitmq/rabbitmq.conf + notify: + - Restart RabbitMQ server + when: rabbitmq_conf is defined or rabbitmq_cluster diff --git a/tasks/ha_policy.yaml b/tasks/ha_policy.yaml new file mode 100644 index 0000000..77c391a --- /dev/null +++ b/tasks/ha_policy.yaml @@ -0,0 +1,13 @@ +--- +- name: Set policies + rabbitmq_policy: + apply_to: "{{ item.apply_to | default(omit) }}" + name: "{{ item.name | default('default_policy') }}" + pattern: "{{ item.pattern | default(omit) }}" + priority: "{{ item.priority | default(omit) }}" + state: "{{ item.state | default(omit) }}" + node: "{{ item.node | default(omit) }}" + vhost: "{{ item.vhost | default(omit) }}" + args: + tags: "{{ item.tags | default(omit) }}" + loop: "{{ rabbitmq_policies }}" diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..0cd970e --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- include: rabbitmq.yaml + tags: + - rabbitmq diff --git a/tasks/plugins.yaml b/tasks/plugins.yaml new file mode 100644 index 0000000..4ce9527 --- /dev/null +++ b/tasks/plugins.yaml @@ -0,0 +1,21 @@ +--- +- name: Install rabbitmq plugins + get_url: + url: "{{ item.url }}" + dest: "{{ rabbitmq_plugin_dir }}" + with_items: "{{ rabbitmq_plugins }}" + when: item.url is defined + +- name: Disable rabbitmq plugins + rabbitmq_plugin: + names: "{{ rabbitmq_plugins_disabled | join(',') }}" + state: disabled + +- name: Set enabled rabbitmq plugins + set_fact: + rabbitmq_plugins_enabled: "{{ rabbitmq_plugins_enabled + [ item.name | default(item) ] }}" + with_items: "{{ rabbitmq_plugins }}" + +- name: Enable rabbitmq plugins + rabbitmq_plugin: + names: "{{ rabbitmq_plugins_enabled | join(',') }}" diff --git a/tasks/rabbitmq.yaml b/tasks/rabbitmq.yaml new file mode 100644 index 0000000..1e071fa --- /dev/null +++ b/tasks/rabbitmq.yaml @@ -0,0 +1,31 @@ +--- +- name: Include rabbitmq installation tasks + include: "{{ ansible_os_family }}/install.yaml" + +- include: configure.yaml + +- include: configure-cluster.yaml + when: rabbitmq_cluster + +- name: Start rabbitmq server + service: + name: rabbitmq-server + enabled: True + state: started + +- block: + - include: vhosts.yaml + - include: ha_policy.yaml + - include: users.yaml + when: + - rabbitmq_cluster + - ansible_hostname == hostvars[ansible_play_hosts.0].ansible_hostname + +- block: + - include: vhosts.yaml + - include: ha_policy.yaml + - include: users.yaml + when: + - not rabbitmq_cluster + +- include: plugins.yaml diff --git a/tasks/users.yaml b/tasks/users.yaml new file mode 100644 index 0000000..b7cf56e --- /dev/null +++ b/tasks/users.yaml @@ -0,0 +1,18 @@ +--- +- name: Remove rabbitmq users + rabbitmq_user: + user: "{{ item }}" + state: absent + with_items: "{{ rabbitmq_users_absent }}" + +- name: Add rabbitmq users + rabbitmq_user: + user: "{{ item.user }}" + password: "{{ item.password }}" + vhost: "{{ item.vhost | default('/') }}" + configure_priv: "{{ item.configure_priv | default('.*') }}" + read_priv: "{{ item.read_priv | default('.*') }}" + write_priv: "{{ item.write_priv | default('.*') }}" + tags: "{{ item.tags | default('') }}" + no_log: true + with_items: "{{ rabbitmq_users }}" diff --git a/tasks/vhosts.yaml b/tasks/vhosts.yaml new file mode 100644 index 0000000..338a668 --- /dev/null +++ b/tasks/vhosts.yaml @@ -0,0 +1,14 @@ +--- +- name: Remove rabbitmq virtual hosts + rabbitmq_vhost: + name: "{{ item }}" + state: absent + with_items: "{{ rabbitmq_vhosts_absent }}" + +- name: Add rabbitmq virtual hosts + rabbitmq_vhost: + name: "{{ item.name | default(item) }}" + node: "{{ item.node | default('rabbit') }}" + state: present + tracing: "{{ item.tracing | default(False) }}" + with_items: "{{ rabbitmq_vhosts }}" diff --git a/templates/erlang.cookie.j2 b/templates/erlang.cookie.j2 new file mode 100644 index 0000000..edd141f --- /dev/null +++ b/templates/erlang.cookie.j2 @@ -0,0 +1 @@ +{{ rabbitmq_erlang_cookie }} diff --git a/templates/rabbitmq.conf.j2 b/templates/rabbitmq.conf.j2 new file mode 100644 index 0000000..7ea3a20 --- /dev/null +++ b/templates/rabbitmq.conf.j2 @@ -0,0 +1,8 @@ +{% if rabbitmq_conf is defined %} +{{ rabbitmq_conf }} +{% endif %} +{% if rabbitmq_cluster %} +{% for host in ansible_play_hosts %} +cluster_formation.classic_config.nodes.{{ loop.index }} = rabbit@{{ hostvars[host].ansible_hostname }} +{% endfor %} +{% endif %} diff --git a/templates/rabbitmq.list.j2 b/templates/rabbitmq.list.j2 new file mode 100644 index 0000000..b9ef3f0 --- /dev/null +++ b/templates/rabbitmq.list.j2 @@ -0,0 +1,2 @@ +deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu {{ ansible_distribution_release }} main +deb https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/ {{ ansible_distribution_release }} main diff --git a/templates/rabbitmq.repo.j2 b/templates/rabbitmq.repo.j2 new file mode 100644 index 0000000..32f3570 --- /dev/null +++ b/templates/rabbitmq.repo.j2 @@ -0,0 +1,151 @@ +{%- if ansible_distribution_major_version == '7' %} +[rabbitmq_erlang] +name=rabbitmq_erlang +baseurl=https://packagecloud.io/rabbitmq/erlang/el/7/$basearch +repo_gpgcheck=1 +gpgcheck=1 +enabled=1 +# PackageCloud's repository key and RabbitMQ package signing key +gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey + https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 + +[rabbitmq_erlang-source] +name=rabbitmq_erlang-source +baseurl=https://packagecloud.io/rabbitmq/erlang/el/7/SRPMS +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 + +## +## RabbitMQ server +## + +[rabbitmq_server] +name=rabbitmq_server +baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/$basearch +repo_gpgcheck=1 +gpgcheck=1 +enabled=1 +# PackageCloud's repository key and RabbitMQ package signing key +gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey + https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 + +[rabbitmq_server-source] +name=rabbitmq_server-source +baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/SRPMS +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +{%- endif %} +{%- if ansible_distribution_major_version == '8' %} +[rabbitmq_erlang] +name=rabbitmq_erlang +baseurl=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/rpm/el/8/$basearch +repo_gpgcheck=1 +enabled=1 +# Cloudsmith's repository key and RabbitMQ package signing key +gpgkey=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key + https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc +gpgcheck=1 +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +pkg_gpgcheck=1 +autorefresh=1 +type=rpm-md + +[rabbitmq_erlang-noarch] +name=rabbitmq_erlang-noarch +baseurl=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/rpm/el/8/noarch +repo_gpgcheck=1 +enabled=1 +# Cloudsmith's repository key and RabbitMQ package signing key +gpgkey=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key + https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc +gpgcheck=1 +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +pkg_gpgcheck=1 +autorefresh=1 +type=rpm-md + +[rabbitmq_erlang-source] +name=rabbitmq_erlang-source +baseurl=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/rpm/el/8/SRPMS +repo_gpgcheck=1 +enabled=1 +gpgkey=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key +gpgcheck=0 +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +pkg_gpgcheck=1 +autorefresh=1 +type=rpm-md + + +## +## RabbitMQ Server +## + +[rabbitmq_server] +name=rabbitmq_server +baseurl=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/rpm/el/8/$basearch +repo_gpgcheck=1 +enabled=1 +# Cloudsmith's repository key and RabbitMQ package signing key +gpgkey=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key + https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc +gpgcheck=1 +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +pkg_gpgcheck=1 +autorefresh=1 +type=rpm-md + +[rabbitmq_server-noarch] +name=rabbitmq_server-noarch +baseurl=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/rpm/el/8/noarch +repo_gpgcheck=1 +enabled=1 +# Cloudsmith's repository key and RabbitMQ package signing key +gpgkey=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key + https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc +gpgcheck=1 +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +pkg_gpgcheck=1 +autorefresh=1 +type=rpm-md + +[rabbitmq_server-source] +name=rabbitmq_server-source +baseurl=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/rpm/el/8/SRPMS +repo_gpgcheck=1 +enabled=1 +gpgkey=https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key +gpgcheck=0 +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 +pkg_gpgcheck=1 +autorefresh=1 +type=rpm-md +{%- endif %}