Merge "Configure RabbitMQ user tags in nova-cell role"

2020-05-17 12:26:56 +00:00 · 2020-05-17 12:26:56 +00:00 · c07ee9af4f
commit c07ee9af4f
parent 1fe174829d 869e3f21c2
4 changed files with 14 additions and 0 deletions
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@ -161,6 +161,8 @@ nova_cell_rpc_port: "{{ om_rpc_port }}"
 nova_cell_rpc_group_name: "{{ om_rpc_group }}"
 nova_cell_rpc_transport: "{{ om_rpc_transport }}"
 nova_cell_rpc_vhost: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else om_rpc_vhost }}"
+nova_cell_rpc_tags:
+  - "administrator"

 nova_cell_notify_user: "{{ nova_cell_rpc_user }}"
 nova_cell_notify_password: "{{ nova_cell_rpc_password }}"
@ -168,6 +170,7 @@ nova_cell_notify_port: "{{ nova_cell_rpc_port }}"
 nova_cell_notify_group_name: "{{ nova_cell_rpc_group_name }}"
 nova_cell_notify_transport: "{{ nova_cell_rpc_transport }}"
 nova_cell_notify_vhost: "{{ nova_cell_rpc_vhost }}"
+nova_cell_notify_tags: "{{ nova_cell_rpc_tags }}"

 # External Rabbit users should override these
 nova_cell_rpc_transport_url: "{{ nova_cell_rpc_transport }}://{% for host in groups[nova_cell_rpc_group_name] %}{{ nova_cell_rpc_user }}:{{ nova_cell_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_rpc_vhost }}"
@ -178,10 +181,12 @@ nova_cell_rpc_rabbitmq_users:
  - user: "{{ nova_cell_rpc_user }}"
    password: "{{ nova_cell_rpc_password }}"
    vhost: "{{ nova_cell_rpc_vhost }}"
+    tags: "{{ nova_cell_rpc_tags }}"
 nova_cell_notify_rabbitmq_users:
  - user: "{{ nova_cell_notify_user }}"
    password: "{{ nova_cell_notify_password }}"
    vhost: "{{ nova_cell_notify_vhost }}"
+    tags: "{{ nova_cell_notify_tags }}"

 ####################
 # Docker
--- a/ansible/roles/service-rabbitmq/defaults/main.yml
+++ b/ansible/roles/service-rabbitmq/defaults/main.yml
@ -21,5 +21,6 @@ service_rabbitmq_delay: 10
 # 'user'
 # 'password'
 # 'vhost'
+# 'tags'
 # Virtual hosts in this list will also be created.
 service_rabbitmq_users: []
--- a/ansible/roles/service-rabbitmq/tasks/main.yml
+++ b/ansible/roles/service-rabbitmq/tasks/main.yml
@ -22,6 +22,7 @@
          vhost: "{{ item.vhost }}"
          configure_priv: ".*"
          read_priv: ".*"
+          tags: "{{ item.tags | default([]) | join(',') }}"
          write_priv: ".*"
        user: rabbitmq
      loop: "{{ service_rabbitmq_users }}"
--- a/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml
+++ b/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue with RabbitMQ where tags would be removed from the
+    ``openstack`` user after deploying Nova. This prevents the user from
+    accessing the RabbitMQ management UI. `LP#1875786
+    <https://launchpad.net/bugs/1875786>`__