Add configurable rabbitmq monitoring user
As an operator I want to be able to monitor the status of RabbitMQ by collecting metrics such as queue length, message rates (globally and per channel), and information about resource usage on the host, such as memory use, open file descriptors and the state of the cluster. Whilst it is possible to gather all of this information using the OpenStack RabbitMQ user configured by Kolla Ansible, this user has write access to the OpenStack vhost. This feature adds a monitoring user which has access to all of the information described above, but does not have write access. An example of a service which may use the monitoring user is the RabbitMQ plugin for the Monasca Agent. As not all users will configure monitoring, by default the monitoring user is disabled. To create it, the user should override the rabbitmq_monitoring_user variable. Implements: blueprint add-monitoring-user-for-rabbit Change-Id: Ie895ddc59dda1c38faab6305163d9bed6710ff9d
This commit is contained in:
parent
214866350a
commit
245cd42694
@ -469,6 +469,7 @@ enable_kibana: "{{ 'yes' if enable_central_logging | bool else 'no' }}"
|
|||||||
####################
|
####################
|
||||||
rabbitmq_hipe_compile: "no"
|
rabbitmq_hipe_compile: "no"
|
||||||
rabbitmq_user: "openstack"
|
rabbitmq_user: "openstack"
|
||||||
|
rabbitmq_monitoring_user: ""
|
||||||
rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
|
rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
|
||||||
outward_rabbitmq_user: "openstack"
|
outward_rabbitmq_user: "openstack"
|
||||||
|
|
||||||
|
@ -5,12 +5,14 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
],
|
],
|
||||||
"users": [
|
"users": [
|
||||||
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if project_name == 'outward_rabbitmq' %},
|
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
|
||||||
|
{"name": "{{ role_rabbitmq_monitoring_user }}", "password": "{{ role_rabbitmq_monitoring_password }}", "tags": "monitoring"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
|
||||||
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
|
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
],
|
],
|
||||||
"permissions": [
|
"permissions": [
|
||||||
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if project_name == 'outward_rabbitmq' %},
|
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
|
||||||
|
{"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
|
||||||
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
|
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
],
|
],
|
||||||
|
@ -180,6 +180,8 @@
|
|||||||
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}',
|
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}',
|
||||||
role_rabbitmq_groups: rabbitmq,
|
role_rabbitmq_groups: rabbitmq,
|
||||||
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}',
|
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}',
|
||||||
|
role_rabbitmq_monitoring_password: '{{ rabbitmq_monitoring_password }}',
|
||||||
|
role_rabbitmq_monitoring_user: '{{ rabbitmq_monitoring_user }}',
|
||||||
role_rabbitmq_password: '{{ rabbitmq_password }}',
|
role_rabbitmq_password: '{{ rabbitmq_password }}',
|
||||||
role_rabbitmq_port: '{{ rabbitmq_port }}',
|
role_rabbitmq_port: '{{ rabbitmq_port }}',
|
||||||
role_rabbitmq_user: '{{ rabbitmq_user }}',
|
role_rabbitmq_user: '{{ rabbitmq_user }}',
|
||||||
|
@ -197,6 +197,7 @@ qdrouterd_password:
|
|||||||
# RabbitMQ options
|
# RabbitMQ options
|
||||||
####################
|
####################
|
||||||
rabbitmq_password:
|
rabbitmq_password:
|
||||||
|
rabbitmq_monitoring_password:
|
||||||
rabbitmq_cluster_cookie:
|
rabbitmq_cluster_cookie:
|
||||||
outward_rabbitmq_password:
|
outward_rabbitmq_password:
|
||||||
outward_rabbitmq_cluster_cookie:
|
outward_rabbitmq_cluster_cookie:
|
||||||
|
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Kolla-Ansible now supports creating a monitoring
|
||||||
|
user for RabbitMQ.
|
||||||
|
As an operator I want to be able to monitor the status
|
||||||
|
of RabbitMQ by collecting metrics such as queue length,
|
||||||
|
message rates (globally and per channel), and information
|
||||||
|
about resource usage on the host, such as memory use,
|
||||||
|
open file descriptors and the state of the cluster. Whilst
|
||||||
|
it is possible to gather all of this information using
|
||||||
|
the OpenStack RabbitMQ user configured by Kolla Ansible,
|
||||||
|
this user has write access to the OpenStack vhost. This
|
||||||
|
feature adds a monitoring user which has access to all of
|
||||||
|
the information described above, but does not have write
|
||||||
|
access. An example of a service which may use the
|
||||||
|
monitoring user is the RabbitMQ plugin for the Monasca
|
||||||
|
Agent. As not all users will configure monitoring, by
|
||||||
|
default the monitoring user is disabled. To create it,
|
||||||
|
the user should override the rabbitmq_monitoring_user
|
||||||
|
variable.
|
Loading…
Reference in New Issue
Block a user