Do not configure openstack policies by default

We have in the past provided "safe defaults" in the role, because
this role is focused on a rabbitmq server for openstack.
Nowadays, this role is used outside OpenStack-Ansible, and should be
made more independant of it.

Having default policies is a problem because it forces users to define
an empty policy as an override, or their own policy, overriding the existing
"safe default".

This provides a boolean, defaulting to false, to conditionally add the
openstack queues policies. If set to true, we'll apply the "previous behaviour"
to automatically deploy the "safe defaults", which is adding
`rabbitmq_openstack_policies` to the user defined ``rabbitmq_policies``.

Depends-On: https://review.openstack.org/640300
Change-Id: I0bf6e1829ade63052c0c7efe81afb0b765857687

defaults/main.yml

@@ -151,7 +151,9 @@ rabbitmq_disable_non_tls_listeners: False
 #     tags: "ha-sync-mode=automatic"
 #     priority: 0
 #
-rabbitmq_policies:
+rabbitmq_policies: []
+rabbitmq_apply_openstack_policies: False
+rabbitmq_openstack_policies:
   - name: "HA"
     pattern: '^(?!(amq\.)|(.*_fanout_)|(reply_)).*'
     tags: "ha-mode=all"

tasks/rabbitmq_post_install.yml

@@ -82,7 +82,7 @@
     priority: "{{ item.priority | default(0) }}"
     tags: "{{ item.tags }}"
   register: rabbitmq_policy
-  with_items: "{{ rabbitmq_policies }}"
+  loop: "{{ (rabbitmq_apply_openstack_policies | bool) | ternary(rabbitmq_openstack_policies + rabbitmq_policies, rabbitmq_policies) }}"
   tags:
     - rabbitmq-config
     - rabbitmq-cluster

tests/rabbitmq_server-overrides.yml

@@ -3,3 +3,4 @@ rabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem
 rabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key
 
 rabbitmq_hipe_compile: True
+rabbitmq_apply_openstack_policies: True