openstack-ansible-rabbitmq_.../defaults/main.yml
Jesse Pretorius 83affc627f Use in-repo GPG keys
We make remote network hits to get the GPG keys which are quite
unreliable, and apt_key does not support using a proxy properly [1]
so let's store them inside the role and use them.

The implementation here matches that which was done in the
galera_client role in I520ccbadf3320b0d07fc83e3dbec9ea2bd16ec83

[1] https://github.com/ansible/ansible/issues/31691

Change-Id: I2715c904975b7940af72bd422904e748d3bae953
2018-12-18 12:00:59 +00:00

158 lines
5.4 KiB
YAML

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache Options
cache_timeout: 600
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
rabbitmq_package_state: "latest"
# Inventory group containing the hosts for the cluster
rabbitmq_host_group: "rabbitmq_all"
# The local address used for the rabbitmq cluster node
rabbitmq_node_address: "{{ ansible_host }}"
# Hosts file entries (set this to an empty list to disable /etc/hosts generation
# for the rabbitmq cluster nodes)
rabbitmq_hosts_entries: >-
{{ groups[rabbitmq_host_group] | map('extract', hostvars) | list |
json_query(
"[].{address: rabbitmq_node_address || ansible_host , hostnames: [ansible_hostname, ansible_fqdn] }"
)
}}
rabbitmq_primary_cluster_node: "{{ hostvars[groups[rabbitmq_host_group][0]]['ansible_hostname'] }}"
# Upgrading the RabbitMQ package requires shutting down the cluster. This variable makes upgrading
# the version an explicit action.
rabbitmq_upgrade: false
# If the user does not want to upgrade but needs to rerun the playbooks for any reason the
# upgrade/version state can be ignored by setting `rabbitmq_ignore_version_state=true`
rabbitmq_ignore_version_state: false
rabbitmq_package_url: "{{ _rabbitmq_package_url }}"
rabbitmq_package_version: "{{ _rabbitmq_package_version }}"
rabbitmq_release_version: "{{ _rabbitmq_release_version }}"
rabbitmq_package_sha256: "{{ _rabbitmq_package_sha256 }}"
rabbitmq_package_path: "{{ _rabbitmq_package_path }}"
# Set the gpg keys needed to be imported
# This should be a list of dicts, with each dict
# giving a set of arguments to the applicable
# package module. The following is an example for
# systems using the apt package manager.
# rabbitmq_gpg_keys:
# - id: '0xC2E73424D59097AB'
# keyserver: 'hkp://keyserver.ubuntu.com:80'
# validate_certs: no
rabbitmq_gpg_keys: "{{ _rabbitmq_gpg_keys | default([]) }}"
# Set the URL for the RabbitMQ repository
rabbitmq_repo_url: "{{ _rabbitmq_repo_url | default(null) }}"
# Set the repo information for the RabbitMQ repository
rabbitmq_repo: "{{ _rabbitmq_repo | default({}) }}"
# Set the URL for the Erlang repository
rabbitmq_erlang_repo_url: "{{ _rabbitmq_erlang_repo_url | default(null) }}"
# Set the repo information for the Erlang repository
rabbitmq_erlang_repo: "{{ _rabbitmq_erlang_repo | default({}) }}"
# Set the elang version used on the deployment
rabbitmq_erlang_version_spec: "{{ _rabbitmq_erlang_version_spec | default(null) }}"
# Choose file, distro, external_repo for rabbitmq_install_method.
rabbitmq_install_method: "{{ _rabbitmq_install_method }}"
# Name of the rabbitmq cluster
rabbitmq_cluster_name: rabbitmq_cluster1
# Specify a partition recovery strategy (autoheal | pause_minority | ignore)
rabbitmq_cluster_partition_handling: pause_minority
# Rabbitmq open file limits
rabbitmq_ulimit: 65536
# Configure rabbitmq plugins
rabbitmq_plugins:
- name: rabbitmq_management
state: enabled
# RabbitMQ SSL support
rabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem
rabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key
rabbitmq_ssl_ca_cert: /etc/rabbitmq/rabbitmq-ca.pem
# Set rabbitmq_ssl_self_signed_regen to true if you want to generate a new
# SSL certificate for RabbitMQ when this playbook runs. You can also change
# the subject of the self-signed certificate here if you prefer.
rabbitmq_ssl_self_signed_regen: false
rabbitmq_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ ansible_hostname }}"
# Define user-provided SSL certificates in:
# /etc/openstack_deploy/user_variables.yml
#rabbitmq_user_ssl_cert: <path to cert on ansible deployment host>
#rabbitmq_user_ssl_key: <path to cert on ansible deployment host>
#rabbitmq_user_ssl_ca_cert: <path to cert on ansible deployment host>
# RabbitMQ erlang VM parameters
rabbitmq_async_threads: 128
rabbitmq_process_limit: 1048576
# RabbitMQ collect statistics interval
rabbitmq_collect_statistics_interval: 5000
# RabbitMQ Management rates mode
rabbitmq_management_rates_mode: basic
# Precompile RabbitMQ with HiPE
rabbitmq_hipe_compile: False
# Disable non-TLS listeners
rabbitmq_disable_non_tls_listeners: False
# RabbitMQ policies
# Used to tune performance characteristics of OpenStack messaging
#
# Example override that uses HA queues only for telemetry and sets message
# expiry for RPC messages
#
# rabbitmq_policies:
# - name: "heat_rpc_expire"
# pattern: '^heat-engine-listener\\.'
# tags: "expires=3600000"
# priority: 1
# - name: "results_expire"
# pattern: '^results\\.'
# tags: "expires=3600000"
# priority: 1
# - name: "tasks_expire"
# pattern: '^results\\.'
# tags: "expires=3600000"
# priority: 1
# - name: "ha-notif"
# pattern: '^(event|metering|notifications)\.'
# tags: "ha-sync-mode=automatic"
# priority: 0
#
rabbitmq_policies:
- name: "HA"
pattern: '^(?!amq\.).*'
tags: "ha-mode=all"