2c27b7771e
Presently all services use the single root virtual host within RabbitMQ and while this is “OK” for small to mid sized deployments however it would be better to divide services into logical resource groups within RabbitMQ which will bring with it additional security. This change set provides OSAD better compartmentalization of consumer services that use RabbitMQ. UpgradeImpact DocImpact Change-Id: I6f9d07522faf133f3c1c84a5b9046a55d5789e52 Implements: blueprint compartmentalize-rabbitmq
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Ensure Rabbitmq vhost
|
|
rabbitmq_vhost:
|
|
name: "{{ keystone_rabbitmq_vhost }}"
|
|
state: "present"
|
|
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
|
tags:
|
|
- keystone-rabbitmq
|
|
- keystone-rabbitmq-vhost
|
|
|
|
- name: Ensure rabbitmq user
|
|
rabbitmq_user:
|
|
user: "{{ keystone_rabbitmq_userid }}"
|
|
password: "{{ keystone_rabbitmq_password }}"
|
|
vhost: "{{ keystone_rabbitmq_vhost }}"
|
|
configure_priv: ".*"
|
|
read_priv: ".*"
|
|
write_priv: ".*"
|
|
state: "present"
|
|
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
|
tags:
|
|
- keystone-rabbitmq
|
|
- keystone-rabbitmq-user
|