Merge "Add configurable rabbitmq monitoring user"
This commit is contained in:
commit
3a16dd574d
@ -492,6 +492,7 @@ enable_kibana: "{{ 'yes' if enable_central_logging | bool else 'no' }}"
|
|||||||
####################
|
####################
|
||||||
rabbitmq_hipe_compile: "no"
|
rabbitmq_hipe_compile: "no"
|
||||||
rabbitmq_user: "openstack"
|
rabbitmq_user: "openstack"
|
||||||
|
rabbitmq_monitoring_user: ""
|
||||||
rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
|
rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
|
||||||
outward_rabbitmq_user: "openstack"
|
outward_rabbitmq_user: "openstack"
|
||||||
|
|
||||||
|
@ -5,12 +5,14 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
],
|
],
|
||||||
"users": [
|
"users": [
|
||||||
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if project_name == 'outward_rabbitmq' %},
|
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
|
||||||
|
{"name": "{{ role_rabbitmq_monitoring_user }}", "password": "{{ role_rabbitmq_monitoring_password }}", "tags": "monitoring"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
|
||||||
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
|
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
],
|
],
|
||||||
"permissions": [
|
"permissions": [
|
||||||
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if project_name == 'outward_rabbitmq' %},
|
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
|
||||||
|
{"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
|
||||||
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
|
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
],
|
],
|
||||||
|
@ -180,6 +180,8 @@
|
|||||||
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}',
|
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}',
|
||||||
role_rabbitmq_groups: rabbitmq,
|
role_rabbitmq_groups: rabbitmq,
|
||||||
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}',
|
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}',
|
||||||
|
role_rabbitmq_monitoring_password: '{{ rabbitmq_monitoring_password }}',
|
||||||
|
role_rabbitmq_monitoring_user: '{{ rabbitmq_monitoring_user }}',
|
||||||
role_rabbitmq_password: '{{ rabbitmq_password }}',
|
role_rabbitmq_password: '{{ rabbitmq_password }}',
|
||||||
role_rabbitmq_port: '{{ rabbitmq_port }}',
|
role_rabbitmq_port: '{{ rabbitmq_port }}',
|
||||||
role_rabbitmq_user: '{{ rabbitmq_user }}',
|
role_rabbitmq_user: '{{ rabbitmq_user }}',
|
||||||
|
@ -208,6 +208,7 @@ qdrouterd_password:
|
|||||||
# RabbitMQ options
|
# RabbitMQ options
|
||||||
####################
|
####################
|
||||||
rabbitmq_password:
|
rabbitmq_password:
|
||||||
|
rabbitmq_monitoring_password:
|
||||||
rabbitmq_cluster_cookie:
|
rabbitmq_cluster_cookie:
|
||||||
outward_rabbitmq_password:
|
outward_rabbitmq_password:
|
||||||
outward_rabbitmq_cluster_cookie:
|
outward_rabbitmq_cluster_cookie:
|
||||||
|
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Kolla-Ansible now supports creating a monitoring
|
||||||
|
user for RabbitMQ.
|
||||||
|
As an operator I want to be able to monitor the status
|
||||||
|
of RabbitMQ by collecting metrics such as queue length,
|
||||||
|
message rates (globally and per channel), and information
|
||||||
|
about resource usage on the host, such as memory use,
|
||||||
|
open file descriptors and the state of the cluster. Whilst
|
||||||
|
it is possible to gather all of this information using
|
||||||
|
the OpenStack RabbitMQ user configured by Kolla Ansible,
|
||||||
|
this user has write access to the OpenStack vhost. This
|
||||||
|
feature adds a monitoring user which has access to all of
|
||||||
|
the information described above, but does not have write
|
||||||
|
access. An example of a service which may use the
|
||||||
|
monitoring user is the RabbitMQ plugin for the Monasca
|
||||||
|
Agent. As not all users will configure monitoring, by
|
||||||
|
default the monitoring user is disabled. To create it,
|
||||||
|
the user should override the rabbitmq_monitoring_user
|
||||||
|
variable.
|
Loading…
x
Reference in New Issue
Block a user