5ea3dba04e
Storing rabbit's private key in /etc/ssl/private causes problems since that directory (and the files within it) can only be accessed by root on Ubuntu systems. Storing the key within the RabbitMQ configuration directory would allow the key to be read by the 'rabbitmq' user. The key can also be set to mode 0600 as well by moving its location and changing it to be owned by the rabbitmq user. Closes-bug: 1506992 Change-Id: Iede0748b57a86b33879d759505dd8f80476b574c
71 lines
2.7 KiB
YAML
71 lines
2.7 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Defines that the role will be deployed on a host machine
|
|
is_metal: true
|
|
|
|
rabbitmq_primary_cluster_node: "{{ groups['rabbitmq_all'][0] }}"
|
|
|
|
# Upgrading the RabbitMQ package requires shutting down the cluster. This variable makes upgrading
|
|
# the version an explicit action.
|
|
rabbitmq_upgrade: false
|
|
|
|
# If the user does not want to upgrade but needs to rerun the playbooks for any reason the
|
|
# upgrade/version state can be ignored by setting `rabbitmq_ignore_version_state=true`
|
|
rabbitmq_ignore_version_state: false
|
|
|
|
rabbitmq_package_url: "https://www.rabbitmq.com/releases/rabbitmq-server/v3.5.6/rabbitmq-server_3.5.6-1_all.deb"
|
|
rabbitmq_package_version: "{{ rabbitmq_package_url.split('/')[-1].split('_')[1] }}"
|
|
rabbitmq_package_sha256: "e3c377e585c123e06c88422248915f32216641d6f7dfab50d124535c8e93010d"
|
|
rabbitmq_package_path: "/opt/rabbitmq-server.deb"
|
|
|
|
rabbitmq_apt_packages:
|
|
- erlang-nox
|
|
|
|
rabbitmq_pip_packages:
|
|
- python-memcached
|
|
- pycrypto
|
|
|
|
# Name of the rabbitmq cluster
|
|
rabbitmq_cluster_name: rabbitmq_cluster1
|
|
|
|
# Specify a partition recovery strategy (autoheal | pause_minority | ignore)
|
|
rabbitmq_cluster_partition_handling: pause_minority
|
|
|
|
# Rabbitmq open file limits
|
|
rabbitmq_ulimit: 4096
|
|
|
|
# Enable the management plugin in rabbitmq
|
|
rabbitmq_plugins:
|
|
- names: rabbitmq_management
|
|
state: enabled
|
|
|
|
# RabbitMQ SSL support
|
|
rabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem
|
|
rabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key
|
|
rabbitmq_ssl_ca_cert: /etc/rabbitmq/rabbitmq-ca.pem
|
|
|
|
# Set rabbitmq_ssl_self_signed_regen to true if you want to generate a new
|
|
# SSL certificate for RabbitMQ when this playbook runs. You can also change
|
|
# the subject of the self-signed certificate here if you prefer.
|
|
rabbitmq_ssl_self_signed_regen: false
|
|
rabbitmq_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ container_name }}"
|
|
|
|
# Define user-provided SSL certificates in:
|
|
# /etc/openstack_deploy/user_variables.yml
|
|
#rabbitmq_user_ssl_cert: <path to cert on ansible deployment host>
|
|
#rabbitmq_user_ssl_key: <path to cert on ansible deployment host>
|
|
#rabbitmq_user_ssl_ca_cert: <path to cert on ansible deployment host>
|