3f55994bb7
- Introduced `letsencrypt_managed_certs` variable to handle whether letsencrypt will generate internal, external or both certificates. - Updated certificate generation logic to use `letsencrypt_managed_certs` conditionally, replacing the previous `enable_letsencrypt` boolean. - Adjusted tasks and templates to support internal/external certificate management based on the new variable. - Enhanced Let's Encrypt script (`letsencrypt-lego-run.sh.j2`) to handle both internal and external certificates depending on VIP configurations. - Refined HAProxy configuration templates to correctly map certificates based on TLS settings and new management logic. Closes-bug: #2076331 Change-Id: Id80c7823fcc5d934b7369c7c0722cd78188e2ccf Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io>
108 lines
4.5 KiB
YAML
108 lines
4.5 KiB
YAML
---
|
|
rabbitmq_services:
|
|
rabbitmq:
|
|
container_name: "{{ project_name }}"
|
|
group: "{{ role_rabbitmq_groups }}"
|
|
enabled: true
|
|
image: "{{ rabbitmq_image_full }}"
|
|
bootstrap_environment:
|
|
KOLLA_BOOTSTRAP:
|
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
|
RABBITMQ_CLUSTER_COOKIE: "{{ role_rabbitmq_cluster_cookie }}"
|
|
RABBITMQ_LOG_DIR: "/var/log/kolla/{{ project_name }}"
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
|
RABBITMQ_CLUSTER_COOKIE: "{{ role_rabbitmq_cluster_cookie }}"
|
|
RABBITMQ_LOG_DIR: "/var/log/kolla/{{ project_name }}"
|
|
volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
|
|
dimensions: "{{ rabbitmq_dimensions }}"
|
|
healthcheck: "{{ rabbitmq_healthcheck }}"
|
|
haproxy:
|
|
rabbitmq_management:
|
|
enabled: "{{ enable_rabbitmq }}"
|
|
mode: "http"
|
|
port: "{{ rabbitmq_management_port }}"
|
|
host_group: "rabbitmq"
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
rabbitmq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}rabbitmq"
|
|
rabbitmq_tag: "{{ openstack_tag }}"
|
|
rabbitmq_image_full: "{{ rabbitmq_image }}:{{ rabbitmq_tag }}"
|
|
rabbitmq_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
rabbitmq_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
rabbitmq_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
rabbitmq_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
rabbitmq_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
rabbitmq_healthcheck_test: ["CMD-SHELL", "healthcheck_rabbitmq"]
|
|
rabbitmq_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
rabbitmq_healthcheck:
|
|
interval: "{{ rabbitmq_healthcheck_interval }}"
|
|
retries: "{{ rabbitmq_healthcheck_retries }}"
|
|
start_period: "{{ rabbitmq_healthcheck_start_period }}"
|
|
test: "{% if rabbitmq_enable_healthchecks | bool %}{{ rabbitmq_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ rabbitmq_healthcheck_timeout }}"
|
|
|
|
rabbitmq_default_volumes:
|
|
- "{{ node_config_directory }}/{{ project_name }}/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "{{ rabbitmq_datadir_volume }}:/var/lib/rabbitmq/"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
rabbitmq_extra_volumes: "{{ default_extra_volumes }}"
|
|
|
|
####################
|
|
# Message-Broker
|
|
####################
|
|
rabbitmq_pid_file: "/var/lib/rabbitmq/mnesia/rabbitmq.pid"
|
|
rabbitmq_server_additional_erl_args: "+S 2:2 +sbwt none +sbwtdcpu none +sbwtdio none"
|
|
# Dict of TLS options for RabbitMQ. Keys will be prefixed with 'ssl_options.'.
|
|
rabbitmq_tls_options: {}
|
|
# To avoid split-brain
|
|
rabbitmq_cluster_partition_handling: "pause_minority"
|
|
# For consistency use "when-synced", for availability use "always"
|
|
# The rabbitmq default for ha queues is "when-synced"
|
|
# More details see:
|
|
# https://www.rabbitmq.com/ha.html#promoting-unsynchronised-mirrors
|
|
rabbitmq_ha_promote_on_shutdown: "always"
|
|
# The number of rabbitmq replicas should follow this advice:
|
|
# https://www.rabbitmq.com/ha.html#replication-factor
|
|
# This means, if you have three rabbit nodes, we request two
|
|
# replicas of all queues and exchanges.
|
|
# Note: this assumes an odd number of rabbitmq nodes.
|
|
# If no replica count is specified, replicates across all nodes with definition
|
|
# "ha-mode":"all". Otherwise, uses
|
|
# "ha-mode":"exactly","ha-params":{{ rabbitmq_ha_replica_count | int }}
|
|
rabbitmq_server_count: "{{ groups[role_rabbitmq_groups] | length }}"
|
|
rabbitmq_ha_replica_count: "{{ (rabbitmq_server_count | int // 2 + 1) }}"
|
|
# If no TTL is specified, messages will not expire
|
|
# Set max message ttl to 10 mins (more than 1 min rpc timeout)
|
|
# so we don't have queues with no consumers growing unbounded
|
|
rabbitmq_message_ttl_ms: 600000
|
|
# If no queue expiry is specified, queues will not expire
|
|
rabbitmq_queue_expiry_ms: 3600000
|
|
rabbitmq_extra_config: {}
|
|
|
|
####################
|
|
# Plugins
|
|
####################
|
|
rabbitmq_enable_prometheus_plugin: "{{ enable_prometheus }}"
|
|
rabbitmq_plugins:
|
|
- name: "rabbitmq_management"
|
|
enabled: True
|
|
- name: "rabbitmq_prometheus"
|
|
enabled: "{{ rabbitmq_enable_prometheus_plugin | bool }}"
|
|
|
|
rabbitmq_enabled_plugins: "{{ rabbitmq_plugins | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
kolla_externally_managed_cert: False
|
|
|
|
rabbitmq_version_suffix: ""
|
|
|
|
####################
|
|
# TLS
|
|
####################
|
|
rabbitmq_enable_tls_backend: "{{ rabbitmq_enable_tls }}"
|