openstack/openstack-ansible-rabbitmq_server
Code Issues Proposed changes

Merge "Use sysctl ini-like config file"

Browse Source
This commit is contained in:
Zuul
2022-02-11 18:38:02 +00:00
committed by Gerrit Code Review
parent 9355e52547 e707eecdd8
commit 5956b05381
7 changed files with 101 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@@ -228,6 +228,9 @@ rabbitmq_collect_statistics_interval: 5000
# RabbitMQ Management service bind address # RabbitMQ Management service bind address
rabbitmq_management_bind_address: 0.0.0.0 rabbitmq_management_bind_address: 0.0.0.0
rabbitmq_management_bind_tcp_port: 15672
rabbitmq_management_bind_tls_port: 15671
rabbitmq_management_ssl: true
# RabbitMQ Management rates mode # RabbitMQ Management rates mode
rabbitmq_management_rates_mode: basic rabbitmq_management_rates_mode: basic

15
releasenotes/notes/rabbitmq_ini_config-dcf95fe46a37ff2c.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
features:
- |
New variables that provide better control over RabbitMQ management
interface have been implemented:
* rabbitmq_management_bind_tcp_port
* rabbitmq_management_bind_tls_port
* rabbitmq_management_ssl
upgrade:
- |
RabbitMQ was migrated to the new-style config, which resides in
``/etc/rabbitmq/rabbitmq.conf``. Old config ``rabbitmq.config`` will be
removed during upgrade.

12
tasks/rabbitmq_post_install.yml
View File

@@ -30,13 +30,21 @@
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "{{ rabbit_system_user_name }}" owner: "{{ rabbit_system_user_name }}"
group: "{{ rabbit_system_group_name }}" group: "{{ rabbit_system_group_name }}"
mode: "{{ item.mode | default('0640') }}"
with_items: with_items:
- { src: "rabbitmq.config.j2", dest: "/etc/rabbitmq/rabbitmq.config" } - { src: "rabbitmq.conf.j2", dest: "/etc/rabbitmq/rabbitmq.conf" }
- { src: "rabbitmq-server.j2", dest: "/etc/default/rabbitmq-server" } - { src: "advanced.config.j2", dest: "/etc/rabbitmq/advanced.config" }
- { src: "rabbitmq-server.j2", dest: "/etc/default/rabbitmq-server", mode: "0644" }
- { src: "rabbitmq-env.j2", dest: "/etc/rabbitmq/rabbitmq-env.conf" } - { src: "rabbitmq-env.j2", dest: "/etc/rabbitmq/rabbitmq-env.conf" }
tags: tags:
- rabbitmq-config - rabbitmq-config
# TODO(noonedeadpunk): Remove after Z release
- name: Remove old rabbitmq config
file:
path: /etc/rabbitmq/rabbitmq.config
state: absent
- name: Apply resource limits (systemd) - name: Apply resource limits (systemd)
template: template:
src: "limits.conf.j2" src: "limits.conf.j2"

3
templates/advanced.config.j2 Normal file
View File

@@ -0,0 +1,3 @@
[
{mnesia, [{dump_log_write_threshold, {{ mnesia_dump_log_write_threshold }} }]}
].

4
templates/rabbitmq-env.j2
View File

@@ -4,7 +4,3 @@
NODENAME=rabbit@{{ ansible_facts['hostname'] }} NODENAME=rabbit@{{ ansible_facts['hostname'] }}
RABBITMQ_IO_THREAD_POOL_SIZE={{ rabbitmq_async_threads }} RABBITMQ_IO_THREAD_POOL_SIZE={{ rabbitmq_async_threads }}
RABBITMQ_SERVER_ERL_ARGS="+P {{ rabbitmq_process_limit }}" RABBITMQ_SERVER_ERL_ARGS="+P {{ rabbitmq_process_limit }}"
{% if (rabbitmq_management_bind_address != '0.0.0.0') %}
export ERL_EPMD_ADDRESS={{ rabbitmq_management_bind_address }}
{% endif %}

70
templates/rabbitmq.conf.j2 Normal file
View File

@@ -0,0 +1,70 @@
collect_statistics_interval = {{ rabbitmq_collect_statistics_interval }}
{% for key, value in rabbitmq_port_bindings.items() %}
{% if 'tcp' in key %}
{% set _opt = 'tcp' %}
{% elif 'ssl' in key %}
{% set _opt = 'ssl' %}
{% endif %}
{% for _key, _value in value.items() %}
listeners.{{ _opt }}.{{ loop.index }} = {{ _key }}:{{ _value }}
{% endfor %}
{% endfor %}
ssl_options.certfile = {{ rabbitmq_ssl_cert }}
ssl_options.keyfile = {{ rabbitmq_ssl_key }}
{% if rabbitmq_user_ssl_ca_cert is defined -%}
ssl_options.cacertfile = {{ rabbitmq_ssl_ca_cert }}
{% endif %}
ssl_options.honor_cipher_order = true
ssl_options.honor_ecc_order = true
{% if "tlsv1.3" not in rabbitmq_ssl_tls_versions %}
ssl_options.client_renegotiation = false
ssl_options.secure_renegotiate = true
{% endif %}
{% for version in rabbitmq_ssl_tls_versions %}
ssl_options.versions.{{ loop.index }} = {{ version }}
{% endfor %}
{% for cipher in rabbitmq_ssl_ciphers %}
ssl_options.ciphers.{{ loop.index }} = {{ cipher }}
{% endfor %}
ssl_options.verify = {{ rabbitmq_ssl_verify | lower }}
ssl_options.fail_if_no_peer_cert = {{ rabbitmq_ssl_fail_if_no_peer_cert | lower }}
{% if rabbitmq_memory_high_watermark is float %}
{% set watermark_type = 'relative' %}
{% else %}
{% set watermark_type = 'absolute' %}
{% endif %}
vm_memory_high_watermark.{{ watermark_type }} = {{ rabbitmq_memory_high_watermark }}
cluster_partition_handling = {{ rabbitmq_cluster_partition_handling }}
# Management plugin configuration
{% if rabbitmq_management_ssl %}
management.ssl.ip = {{ rabbitmq_management_bind_address }}
management.ssl.port = {{ rabbitmq_management_bind_tls_port }}
management.ssl.certfile = {{ rabbitmq_ssl_cert }}
management.ssl.keyfile = {{ rabbitmq_ssl_key }}
{% if rabbitmq_user_ssl_ca_cert is defined -%}
management.ssl.cacertfile = {{ rabbitmq_ssl_ca_cert }}
{% endif %}
management.ssl.honor_cipher_order = true
management.ssl.honor_ecc_order = true
{% if "tlsv1.3" not in rabbitmq_ssl_tls_versions %}
management.ssl.client_renegotiation = false
management.ssl.secure_renegotiate = true
{% endif %}
{% for version in rabbitmq_ssl_tls_versions %}
management.ssl.versions.{{ loop.index }} = {{ version }}
{% endfor %}
{% for cipher in rabbitmq_ssl_ciphers %}
management.ssl.ciphers.{{ loop.index }} = {{ cipher }}
{% endfor %}
management.ssl.verify = {{ rabbitmq_ssl_verify | lower }}
management.ssl.fail_if_no_peer_cert = {{ rabbitmq_ssl_fail_if_no_peer_cert | lower }}
{% else %}
management.tcp.ip = {{ rabbitmq_management_bind_address }}
management.tcp.port = {{ rabbitmq_management_bind_tcp_port }}
{% endif %}

66
templates/rabbitmq.config.j2
View File

@@ -1,66 +0,0 @@
[
{ rabbit, [
{ loopback_users, [] },
{% for key, value in rabbitmq_port_bindings.items() %}
{ {{ key }}, [
{% for _key, _value in value.items() %}
{ "{{ _key }}", {{ _value | int }} }{% if not loop.last -%},{%- endif %}
{% endfor %}
]
},
{% endfor %}
{ collect_statistics_interval, {{ rabbitmq_collect_statistics_interval }} },
{ ssl_options, [
{ certfile, "{{ rabbitmq_ssl_cert }}" },
{ keyfile, "{{ rabbitmq_ssl_key }}" },
{ honor_cipher_order, true},
{ honor_ecc_order, true},
{% if "tlsv1.3" not in rabbitmq_ssl_tls_versions %}
{ client_renegotiation, {{ rabbitmq_ssl_client_renegotiation | lower }} },
{ secure_renegotiate, {{ rabbitmq_ssl_secure_renegotiate | lower }} },
{% endif %}
{% if rabbitmq_user_ssl_ca_cert is defined -%}
{ cacertfile, "{{ rabbitmq_ssl_ca_cert }}" },
{% endif %}
{ versions, [
{% for version in rabbitmq_ssl_tls_versions %}
'{{ version }}'{% if not loop.last -%},{%- endif %}
{% endfor %}
]
},
{% if rabbitmq_ssl_ciphers | length > 0 %}
{ ciphers, [
{% for cipher in rabbitmq_ssl_ciphers %}
"{{ cipher }}"{% if not loop.last -%},{%- endif %}
{% endfor %}
]
},
{% endif %}
{ verify, {{ rabbitmq_ssl_verify | lower }} },
{ fail_if_no_peer_cert, {{ rabbitmq_ssl_fail_if_no_peer_cert | lower }} }
]
},
{ vm_memory_high_watermark, {{ rabbitmq_memory_high_watermark }} }
{%- if rabbitmq_cluster_partition_handling != 'ignore' -%}
,
{ cluster_partition_handling, {{ rabbitmq_cluster_partition_handling }} }
{%- endif -%}
{%- if rabbitmq_hipe_compile | bool -%}
,
{ hipe_compile, true }
{% endif %}
]
},
{ rabbitmq_management, [
{ rates_mode, {{ rabbitmq_management_rates_mode }} },
{ listener, [{ip, "{{ rabbitmq_management_bind_address }}" }]}
]
},
{kernel, [
{inet_dist_use_interface, { {{ rabbitmq_management_bind_address|replace('.',',') }} } }
]},
{mnesia, [{dump_log_write_threshold, {{ mnesia_dump_log_write_threshold }} }]}
].