Merge "Compartmentalizing RabbitMQ"

etc/openstack_deploy/user_secrets.yml

@@ -15,7 +15,6 @@
 
 
 ## Rabbitmq Options
-rabbitmq_password:
 rabbitmq_cookie_token:
 
 ## Tokens
@@ -32,17 +31,21 @@ keystone_container_mysql_password:
 keystone_auth_admin_token:
 keystone_auth_admin_password:
 keystone_service_password:
+keystone_rabbitmq_password:
 
 ## Ceilometer Options:
 ceilometer_container_db_password:
 ceilometer_service_password:
 ceilometer_telemetry_secret:
+ceilometer_rabbitmq_password:
 
 ## Cinder Options
 cinder_container_mysql_password:
 cinder_service_password:
 cinder_v2_service_password:
 cinder_profiler_hmac_key:
+cinder_rabbitmq_password:
+
 ## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user
 #cinder_ceph_client_uuid:
 
@@ -50,6 +53,7 @@ cinder_profiler_hmac_key:
 glance_container_mysql_password:
 glance_service_password:
 glance_profiler_hmac_key:
+glance_rabbitmq_password:
 
 ## Heat Options
 heat_stack_domain_admin_password:
@@ -60,6 +64,7 @@ heat_auth_encryption_key:
 heat_service_password:
 heat_cfn_service_password:
 heat_profiler_hmac_key:
+heat_rabbitmq_password:
 
 ## Horizon Options
 horizon_container_mysql_password:
@@ -68,6 +73,7 @@ horizon_secret_key:
 ## Neutron Options
 neutron_container_mysql_password:
 neutron_service_password:
+neutron_rabbitmq_password:
 
 ## Nova Options
 nova_container_mysql_password:
@@ -77,6 +83,7 @@ nova_service_password:
 nova_v3_service_password:
 nova_v21_service_password:
 nova_s3_service_password:
+nova_rabbitmq_password:
 
 ## Swift Options:
 swift_service_password:

playbooks/inventory/group_vars/hosts.yml

@@ -46,7 +46,6 @@ lxc_container_caches:
 
 
 ## RabbitMQ
-rabbitmq_userid: openstack
 rabbitmq_cluster_name: openstack
 rabbitmq_port: 5672
 rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
@@ -91,6 +90,8 @@ ceilometer_service_tenant_name: service
 ceilometer_service_adminuri: "{{ ceilometer_service_proto }}://{{ internal_lb_vip_address }}:{{ ceilometer_service_port }}"
 ceilometer_service_adminurl: "{{ ceilometer_service_adminuri }}/"
 ceilometer_service_region: "{{ service_region }}"
+ceilometer_rabbitmq_userid: ceilometer
+ceilometer_rabbitmq_vhost: /ceilometer
 
 
 ## Nova

playbooks/roles/os_ceilometer/defaults/main.yml

@@ -36,6 +36,11 @@ ceilometer_db_port: 27017
 ceilometer_connection_string: "{{ ceilometer_db_type }}://{{ ceilometer_database_user }}:{{ ceilometer_container_db_password }}@{{ ceilometer_db_ip }}:{{ ceilometer_db_port }}/{{ ceilometer_database_name }}"
 
 
+## RabbitMQ info
+ceilometer_rabbitmq_userid: ceilometer
+ceilometer_rabbitmq_vhost: /ceilometer
+
+
 #Ceilometer services info
 ceilometer_role_name: admin
 ceilometer_api_host_address: 0.0.0.0

playbooks/roles/os_ceilometer/tasks/ceilometer_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ ceilometer_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - ceilometer-rabbitmq
+    - ceilometer-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ ceilometer_rabbitmq_userid }}"
+    password: "{{ ceilometer_rabbitmq_password }}"
+    vhost: "{{ ceilometer_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - ceilometer-rabbitmq
+    - ceilometer-rabbitmq-user

playbooks/roles/os_ceilometer/tasks/ceilometer_pre_install.yml

@@ -100,3 +100,7 @@
   tags:
     - sudoers
     - ceilometer-sudoers
+
+- include: ceilometer_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['ceilometer_api'][0]

playbooks/roles/os_ceilometer/templates/ceilometer.conf.j2

@@ -12,8 +12,9 @@ policy_file = /etc/ceilometer/policy.json
 [oslo_messaging_rabbit]
 rpc_backend = rabbit
 rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ ceilometer_rabbitmq_userid }}
+rabbit_password = {{ ceilometer_rabbitmq_password }}
+rabbit_virtual_host = {{ ceilometer_rabbitmq_vhost }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
 [api]

playbooks/roles/os_cinder/defaults/main.yml

@@ -33,6 +33,10 @@ cinder_fatal_deprecations: False
 cinder_galera_user: cinder
 cinder_galera_database: cinder
 
+## RabbitMQ info
+cinder_rabbitmq_userid: cinder
+cinder_rabbitmq_vhost: /cinder
+
 ## Cinder User / Group
 cinder_system_user_name: cinder
 cinder_system_group_name: cinder

playbooks/roles/os_cinder/tasks/cinder_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ cinder_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - cinder-rabbitmq
+    - cinder-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ cinder_rabbitmq_userid }}"
+    password: "{{ cinder_rabbitmq_password }}"
+    vhost: "{{ cinder_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - cinder-rabbitmq
+    - cinder-rabbitmq-user

playbooks/roles/os_cinder/tasks/cinder_pre_install.yml

@@ -87,3 +87,7 @@
   tags:
     - sudoers
     - cinder-sudoers
+
+- include: cinder_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['cinder_all'][0]

playbooks/roles/os_cinder/templates/cinder.conf.j2

@@ -92,7 +92,7 @@ default_volume_type = {{ cinder_default_volume_type }}
 {% if cinder_backends is defined %}
 enabled_backends={% for backend in cinder_backends|dictsort %}{{ backend.0 }}{% if not loop.last %},{% endif %}{% endfor %}
 
-#Ceilometer configurations
+#cinder configurations
 {% if cinder_ceilometer_enabled %}
 notification_driver = cinder.openstack.common.notifier.rpc_notifier
 {% endif %}
@@ -115,8 +115,9 @@ connection = mysql://{{ cinder_galera_user }}:{{ cinder_container_mysql_password
 
 [oslo_messaging_rabbit]
 rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ cinder_rabbitmq_userid }}
+rabbit_password = {{ cinder_rabbitmq_password }}
+rabbit_virtual_host = {{ cinder_rabbitmq_vhost }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
 [oslo_concurrency]

playbooks/roles/os_glance/defaults/main.yml

@@ -47,6 +47,10 @@ glance_enable_v1_registry: True
 glance_enable_v2_api: True
 glance_enable_v2_registry: True
 
+## RabbitMQ info
+glance_rabbitmq_userid: glance
+glance_rabbitmq_vhost: /glance
+
 ## DB info
 glance_galera_database: glance
 glance_galera_user: glance

playbooks/roles/os_glance/tasks/glance_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ glance_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - glance-rabbitmq
+    - glance-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ glance_rabbitmq_userid }}"
+    password: "{{ glance_rabbitmq_password }}"
+    vhost: "{{ glance_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - glance-rabbitmq
+    - glance-rabbitmq-user

playbooks/roles/os_glance/tasks/glance_pre_install.yml

@@ -80,3 +80,7 @@
   tags:
     - glance-dirs
     - glance-logs
+
+- include: glance_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['glance_all'][0]

playbooks/roles/os_glance/templates/glance-api.conf.j2

@@ -35,8 +35,9 @@ notification_driver = {{ glance_notification_driver }}
 rpc_backend = {{ glance_rpc_backend }}
 rabbit_hosts = {{ rabbitmq_servers }}
 rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ glance_rabbitmq_userid }}
+rabbit_password = {{ glance_rabbitmq_password }}
+rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
 rabbit_notification_exchange = glance
 rabbit_notification_topic = notifications
 rabbit_durable_queues = False

playbooks/roles/os_glance/templates/glance-registry.conf.j2

@@ -20,7 +20,9 @@ limit_param_default = 25
 notification_driver = {{ glance_notification_driver }}
 rpc_backend = {{ glance_rpc_backend }}
 rabbit_hosts = {{ rabbitmq_servers }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ glance_rabbitmq_userid }}
+rabbit_password = {{ glance_rabbitmq_password }}
+rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
 {% endif %}
 
 [database]

playbooks/roles/os_heat/defaults/main.yml

@@ -34,6 +34,10 @@ heat_clients_heat_endpoint: publicURL
 heat_galera_user: heat
 heat_galera_database: heat
 
+## RabbitMQ info
+heat_rabbitmq_userid: heat
+heat_rabbitmq_vhost: /heat
+
 ## RPC
 heat_rpc_backend: heat.openstack.common.rpc.impl_kombu
 

playbooks/roles/os_heat/tasks/heat_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ heat_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - heat-rabbitmq
+    - heat-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ heat_rabbitmq_userid }}"
+    password: "{{ heat_rabbitmq_password }}"
+    vhost: "{{ heat_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - heat-rabbitmq
+    - heat-rabbitmq-user

playbooks/roles/os_heat/tasks/heat_pre_install.yml

@@ -88,3 +88,7 @@
   tags:
     - heat-dirs
     - heat-logs
+
+- include: heat_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['heat_all'][0]

playbooks/roles/os_heat/templates/heat.conf.j2

@@ -57,8 +57,9 @@ bind_port = {{ heat_watch_port }}
 
 [oslo_messaging_rabbit]
 rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ heat_rabbitmq_userid }}
+rabbit_password = {{ heat_rabbitmq_password }}
+rabbit_virtual_host = {{ heat_rabbitmq_vhost }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
 

playbooks/roles/os_keystone/defaults/main.yml

@@ -78,6 +78,10 @@ keystone_database_min_pool_size: 5
 keystone_database_max_pool_size: 120
 keystone_database_pool_timeout: 30
 
+## RabbitMQ info
+keystone_rabbitmq_userid: keystone
+keystone_rabbitmq_vhost: /keystone
+
 ## Role info
 keystone_role_name: admin
 keystone_default_role_name: _member_

playbooks/roles/os_keystone/tasks/keystone_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ keystone_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - keystone-rabbitmq
+    - keystone-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ keystone_rabbitmq_userid }}"
+    password: "{{ keystone_rabbitmq_password }}"
+    vhost: "{{ keystone_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - keystone-rabbitmq
+    - keystone-rabbitmq-user

playbooks/roles/os_keystone/tasks/keystone_pre_install.yml

@@ -106,3 +106,7 @@
   tags:
     - keystone-dirs
     - keystone-logs
+
+- include: keystone_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['keystone_all'][0]

playbooks/roles/os_keystone/templates/keystone.conf.j2

@@ -134,9 +134,11 @@ admin_port = {{ keystone_admin_port }}
 public_port = {{ keystone_service_port }}
 
 [oslo_messaging_rabbit]
+rabbit_port = {{ rabbitmq_port }}
+rabbit_userid = {{ keystone_rabbitmq_userid }}
+rabbit_password = {{ keystone_rabbitmq_password }}
+rabbit_virtual_host = {{ keystone_rabbitmq_vhost }}
 rabbit_hosts = {{ rabbitmq_servers }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
 
 {% if keystone_sp is defined %}
 [federation]
@@ -147,3 +149,4 @@ trusted_dashboard = {{ item }}
 {% endfor %}
 {% endif %}
 {% endif %}
+

playbooks/roles/os_neutron/defaults/main.yml

@@ -39,6 +39,10 @@ neutron_db_max_overflow: 20
 neutron_db_pool_size: 120
 neutron_db_pool_timeout: 30
 
+## RabbitMQ info
+neutron_rabbitmq_userid: neutron
+neutron_rabbitmq_vhost: /neutron
+
 ## Plugins
 neutron_plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
 # Other plugins can be added to the system by simply extending the list `neutron_plugin_base`.

playbooks/roles/os_neutron/tasks/neutron_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ neutron_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - neutron-rabbitmq
+    - neutron-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ neutron_rabbitmq_userid }}"
+    password: "{{ neutron_rabbitmq_password }}"
+    vhost: "{{ neutron_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - neutron-rabbitmq
+    - neutron-rabbitmq-user

playbooks/roles/os_neutron/tasks/neutron_pre_install.yml

@@ -92,3 +92,7 @@
   tags:
     - sudoers
     - neutron-sudoers
+
+- include: neutron_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['neutron_all'][0]

playbooks/roles/os_neutron/templates/neutron.conf.j2

@@ -149,8 +149,9 @@ root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 # Messaging service
 [oslo_messaging_rabbit]
 rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ neutron_rabbitmq_userid }}
+rabbit_password = {{ neutron_rabbitmq_password }}
+rabbit_virtual_host = {{ neutron_rabbitmq_vhost }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
 # Concurrency (locking mechanisms)

playbooks/roles/os_nova/defaults/main.yml

@@ -38,6 +38,10 @@ nova_db_max_overflow: 10
 nova_db_max_pool_size: 120
 nova_db_pool_timeout: 30
 
+## RabbitMQ info
+nova_rabbitmq_userid: nova
+nova_rabbitmq_vhost: /nova
+
 ## RPC
 nova_rpc_backend: nova.openstack.common.rpc.impl_kombu
 nova_rpc_thread_pool_size: 64

playbooks/roles/os_nova/tasks/nova_messaging_setup.yml

@@ -0,0 +1,37 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ nova_rabbitmq_vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - nova-rabbitmq
+    - nova-rabbitmq-vhost
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ nova_rabbitmq_userid }}"
+    password: "{{ nova_rabbitmq_password }}"
+    vhost: "{{ nova_rabbitmq_vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+  tags:
+    - nova-rabbitmq
+    - nova-rabbitmq-user

playbooks/roles/os_nova/tasks/nova_pre_install.yml

@@ -109,3 +109,7 @@
   tags:
     - sudoers
     - nova-sudoers
+
+- include: nova_messaging_setup.yml
+  when: >
+    inventory_hostname == groups['nova_all'][0]

playbooks/roles/os_nova/templates/nova.conf.j2

@@ -226,10 +226,10 @@ lock_path = /var/lock/nova
 
 
 [oslo_messaging_rabbit]
-amqp_auto_delete = False
 rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
+rabbit_userid = {{ nova_rabbitmq_userid }}
+rabbit_password = {{ nova_rabbitmq_password }}
+rabbit_virtual_host = {{ nova_rabbitmq_vhost }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
 

playbooks/roles/os_swift/templates/proxy-server.conf.j2

@@ -144,7 +144,7 @@ use = egg:swift#xprofile
 paste.filter_factory = ceilometermiddleware.swift:filter_factory
 control_exchange = swift
 driver = messagingv2
-url = rabbit://openstack:{{ rabbitmq_password }}@{{ groups['rabbitmq_all'][0] }}
+url = rabbit://{{ ceilometer_rabbitmq_userid }}:{{ ceilometer_rabbitmq_password }}@{{ hostvars[groups['rabbitmq_all'][0]]['ansible_ssh_host'] }}:5672{{ ceilometer_rabbitmq_vhost }}
 topic = notifications
 log_level = WARN
 {% endif %}

playbooks/roles/rabbitmq_server/defaults/main.yml

@@ -38,8 +38,6 @@ rabbitmq_pip_packages:
   - python-memcached
   - pycrypto
 
-rabbitmq_userid: rabbitmq
-
 # Name of the rabbitmq cluster
 rabbitmq_cluster_name: rabbitmq_cluster1
 

playbooks/roles/rabbitmq_server/tasks/rabbitmq_post_install.yml

@@ -46,18 +46,6 @@
 - include: rabbitmq_restart.yml
   when: rabbit_config_changed|changed or rabbitmq_plugin|changed or rabbitmq_queue_mirror|changed
 
-- name: Ensure rabbitmq user
-  rabbitmq_user:
-    user: "{{ rabbitmq_userid }}"
-    password: "{{ rabbitmq_password }}"
-    vhost: "/"
-    configure_priv: ".*"
-    read_priv: ".*"
-    write_priv: ".*"
-    state: "present"
-  tags:
-    - rabbitmq-user
-
 # This is being done because the rabbitctl command used by the module
 # is not very effective at returning proper status codes for failure
 # and the module does not error detection. until we can go upstream