Configure RabbitMQ user tags in nova-cell role
The RabbitMQ 'openstack' user has the 'administrator' tag assigned via the RabbitMQ definitions.json file. Since the Train release, the nova-cell role also configures the RabbitMQ user, but omits the tag. This causes the tag to be removed from the user, which prevents it from accessing the management UI and API. This change adds support for configuring user tags to the service-rabbitmq role, and sets the administrator tag by default. Change-Id: I7a5d6fe324dd133e0929804d431583e5b5c1853d Closes-Bug: #1875786
This commit is contained in:
parent
12a0ffa305
commit
869e3f21c2
@ -161,6 +161,8 @@ nova_cell_rpc_port: "{{ om_rpc_port }}"
|
||||
nova_cell_rpc_group_name: "{{ om_rpc_group }}"
|
||||
nova_cell_rpc_transport: "{{ om_rpc_transport }}"
|
||||
nova_cell_rpc_vhost: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else om_rpc_vhost }}"
|
||||
nova_cell_rpc_tags:
|
||||
- "administrator"
|
||||
|
||||
nova_cell_notify_user: "{{ nova_cell_rpc_user }}"
|
||||
nova_cell_notify_password: "{{ nova_cell_rpc_password }}"
|
||||
@ -168,6 +170,7 @@ nova_cell_notify_port: "{{ nova_cell_rpc_port }}"
|
||||
nova_cell_notify_group_name: "{{ nova_cell_rpc_group_name }}"
|
||||
nova_cell_notify_transport: "{{ nova_cell_rpc_transport }}"
|
||||
nova_cell_notify_vhost: "{{ nova_cell_rpc_vhost }}"
|
||||
nova_cell_notify_tags: "{{ nova_cell_rpc_tags }}"
|
||||
|
||||
# External Rabbit users should override these
|
||||
nova_cell_rpc_transport_url: "{{ nova_cell_rpc_transport }}://{% for host in groups[nova_cell_rpc_group_name] %}{{ nova_cell_rpc_user }}:{{ nova_cell_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_rpc_vhost }}"
|
||||
@ -178,10 +181,12 @@ nova_cell_rpc_rabbitmq_users:
|
||||
- user: "{{ nova_cell_rpc_user }}"
|
||||
password: "{{ nova_cell_rpc_password }}"
|
||||
vhost: "{{ nova_cell_rpc_vhost }}"
|
||||
tags: "{{ nova_cell_rpc_tags }}"
|
||||
nova_cell_notify_rabbitmq_users:
|
||||
- user: "{{ nova_cell_notify_user }}"
|
||||
password: "{{ nova_cell_notify_password }}"
|
||||
vhost: "{{ nova_cell_notify_vhost }}"
|
||||
tags: "{{ nova_cell_notify_tags }}"
|
||||
|
||||
####################
|
||||
# Docker
|
||||
|
@ -21,5 +21,6 @@ service_rabbitmq_delay: 10
|
||||
# 'user'
|
||||
# 'password'
|
||||
# 'vhost'
|
||||
# 'tags'
|
||||
# Virtual hosts in this list will also be created.
|
||||
service_rabbitmq_users: []
|
||||
|
@ -22,6 +22,7 @@
|
||||
vhost: "{{ item.vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
tags: "{{ item.tags | default([]) | join(',') }}"
|
||||
write_priv: ".*"
|
||||
user: rabbitmq
|
||||
loop: "{{ service_rabbitmq_users }}"
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes an issue with RabbitMQ where tags would be removed from the
|
||||
``openstack`` user after deploying Nova. This prevents the user from
|
||||
accessing the RabbitMQ management UI. `LP#1875786
|
||||
<https://launchpad.net/bugs/1875786>`__
|
Loading…
Reference in New Issue
Block a user