From: Larry Smith Jr Date: Sun, 21 May 2017 01:23:32 +0000 (-0400) Subject: Merge pull request #12 from mrlesmithjr/enhancements/issues-9-10-11 X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=e21afd9063945e9825e4fe541244bc788a15590f;hp=3a55d2ab8ab3a399faaf25c4f46e7f2ea142edc6;p=github%2Ffretlink%2Fansible-rabbitmq.git Merge pull request #12 from mrlesmithjr/enhancements/issues-9-10-11 Enhancements/issues 9 10 11 --- diff --git a/README.md b/README.md index 99c019d..b3b03ad 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Role Name ========= -Installs rabbitmq https://www.rabbitmq.com/ (Configurable...HA and Clustering ready) +An [Ansible] role to install/configure [RabbitMQ] Build Status ------------ @@ -11,67 +11,30 @@ Build Status Requirements ------------ -Ensure hostnames are resolvable prior to clustering...either update /etc/hosts or ensure DNS is working. +Ensure hostnames are resolvable prior to clustering...either update /etc/hosts +or ensure DNS is working. Vagrant ------- Spin up a 3 node HA Cluster for testing... Install Ansible role on your host: -```` +``` sudo ansible-galaxy install -r requirements.yml -f -```` +``` Now spin up your environment... -```` +``` vagrant up -```` +``` When you are done testing, tear it all down... -```` +``` ./cleanup.sh -```` +``` Role Variables -------------- -```` ---- -# defaults file for ansible-rabbitmq -rabbitmq_config_ha: false #defines if rabbitmq ha should be configured...define here or in group_vars/group -rabbitmq_enable_clustering: false #defines if setting up a rabbitmq cluster...define here or in group_vars/group -rabbitmq_erlang_cookie: 'LSKNKBELKPSTDBBCHETL' #define erlang cookie for cluster...define here or in group_vars/group -rabbitmq_erlang_cookie_file: '/var/lib/rabbitmq/.erlang.cookie' -rabbitmq_config: - - queue_name: logstash - durable: true - exchange_name: logstash - type: direct - routing_key: logstash - tags: 'ha-mode=all,ha-sync-mode=automatic' -rabbitmq_debian_repo: 'deb http://www.rabbitmq.com/debian/ testing main' -rabbitmq_debian_repo_key: 'http://www.rabbitmq.com/rabbitmq-signing-key-public.asc' -rabbitmq_master: [] #defines the inventory host that should be considered master...define here or in group_vars/group -rabbitmq_redhat_repo_key: 'https://www.rabbitmq.com/rabbitmq-signing-key-public.asc' -rabbitmq_redhat_package: 'rabbitmq-server-{{ rabbitmq_redhat_version }}-1.noarch.rpm' -rabbitmq_redhat_url: 'http://www.rabbitmq.com/releases/rabbitmq-server/v{{ rabbitmq_redhat_version }}' -rabbitmq_redhat_version: '3.6.1' -rabbitmq_users: #define admin user to create in order to login to WebUI - - name: rabbitmqadmin - password: rabbitmqadmin - vhost: / - configure_priv: '.*' - read_priv: '.*' - write_priv: '.*' - tags: 'administrator' #define comma separated list of tags to assign to user....management,policymaker,monitoring,administrator...required for management plugin. https://www.rabbitmq.com/management.html -```` - -example... -group_vars/rabbitmq-cluster-nodes -```` ---- -rabbitmq_enable_clustering: true -rabbitmq_config_ha: false -rabbitmq_master: ans-test-1 -```` +[Role Defaults](./defaults/main.yml) Dependencies ------------ @@ -81,33 +44,7 @@ None Example Playbook ---------------- -```` ---- -- hosts: all - become: true - vars: - - pri_domain_name: 'test.vagrant.local' - roles: - tasks: - - name: updating /etc/hosts - lineinfile: - dest: /etc/hosts - regexp: "^{{ hostvars[item].ansible_ssh_host }} {{ item }} {{ item }}.{{ pri_domain_name }}" - line: "{{ hostvars[item].ansible_ssh_host }} {{ item }} {{ item }}.{{ pri_domain_name }}" - state: present - with_items: "{{ groups['all'] }}" - -- hosts: all - become: true - vars: - - rabbitmq_config_ha: true - - rabbitmq_enable_clustering: true - - pri_domain_name: 'test.vagrant.local' - - rabbitmq_master: 'node0' - roles: - - role: ansible-rabbitmq - tasks: -```` +[Example Playbook](./playbook.yml) License ------- @@ -118,6 +55,11 @@ Author Information ------------------ Larry Smith Jr. -- @mrlesmithjr +- [@mrlesmithjr] - http://everythingshouldbevirtual.com - mrlesmithjr [at] gmail.com + +[@mrlesmithjr]: + +[Ansible]: +[RabbitMQ]: diff --git a/defaults/main.yml b/defaults/main.yml index ad22ead..90d7fb5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,28 +1,49 @@ --- # defaults file for ansible-rabbitmq -rabbitmq_config: - - queue_name: 'logstash' - durable: true - exchange_name: logstash - type: 'direct' - routing_key: 'logstash' - tags: 'ha-mode=all,ha-sync-mode=automatic' -rabbitmq_config_ha: false #defines if rabbitmq ha should be configured...define here or in group_vars/group +rabbitmq_config: [] + # - queue_name: 'logstash' + # durable: true + # exchange_name: logstash + # type: 'direct' + # routing_key: 'logstash' + # tags: 'ha-mode=all,ha-sync-mode=automatic' + +# Defines if rabbitmq ha should be configured +rabbitmq_config_ha: false + +rabbitmq_config_service: false + rabbitmq_debian_repo: 'deb http://www.rabbitmq.com/debian/ testing main' rabbitmq_debian_repo_key: 'https://www.rabbitmq.com/rabbitmq-release-signing-key.asc' -rabbitmq_enable_clustering: false #defines if setting up a rabbitmq cluster...define here or in group_vars/group -rabbitmq_erlang_cookie: 'LSKNKBELKPSTDBBCHETL' #define erlang cookie for cluster...define here or in group_vars/group + +# Defines if setting up a rabbitmq cluster +rabbitmq_enable_clustering: false + rabbitmq_erlang_cookie_file: '/var/lib/rabbitmq/.erlang.cookie' -rabbitmq_master: [] #defines the inventory host that should be considered master...define here or in group_vars/group + +rabbitmq_listen_port: 5672 +rabbitmq_listeners: [] + # - '127.0.0.1' + # - '::1' + +# Defines the inventory host that should be considered master +rabbitmq_master: [] + rabbitmq_redhat_repo_key: 'https://www.rabbitmq.com/rabbitmq-signing-key-public.asc' rabbitmq_redhat_package: 'rabbitmq-server-{{ rabbitmq_redhat_version }}-1.noarch.rpm' rabbitmq_redhat_url: 'http://www.rabbitmq.com/releases/rabbitmq-server/v{{ rabbitmq_redhat_version }}' rabbitmq_redhat_version: '3.6.1' -rabbitmq_users: #define admin user to create in order to login to WebUI + +# Define admin user to create in order to login to WebUI +rabbitmq_users: - name: 'rabbitmqadmin' password: 'rabbitmqadmin' vhost: '/' configure_priv: '.*' read_priv: '.*' write_priv: '.*' - tags: 'administrator' #define comma separated list of tags to assign to user....management,policymaker,monitoring,administrator...required for management plugin. https://www.rabbitmq.com/management.html + # Define comma separated list of tags to assign to user: + # management,policymaker,monitoring,administrator + # required for management plugin. + # https://www.rabbitmq.com/management.html + tags: 'administrator' diff --git a/handlers/main.yml b/handlers/main.yml index 259ce1c..4fdafe5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,3 +4,4 @@ service: name: "rabbitmq-server" state: restarted + become: true diff --git a/playbook.yml b/playbook.yml index 1968320..4936577 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,25 +1,12 @@ --- -- hosts: all - become: true +- hosts: rabbitmq_cluster vars: - pri_domain_name: 'test.vagrant.local' - roles: - tasks: - - name: updating /etc/hosts - lineinfile: - dest: /etc/hosts - regexp: "^{{ hostvars[item].ansible_ssh_host }} {{ item }} {{ item }}.{{ pri_domain_name }}" - line: "{{ hostvars[item].ansible_ssh_host }} {{ item }} {{ item }}.{{ pri_domain_name }}" - state: present - with_items: "{{ groups['all'] }}" - -- hosts: all - become: true - vars: - pri_domain_name: 'test.vagrant.local' - rabbitmq_config_ha: true + etc_hosts_add_all_hosts: true + etc_hosts_pri_dns_name: '{{ pri_domain_name }}' + pri_domain_name: 'vagrant.local' rabbitmq_enable_clustering: true - rabbitmq_master: 'node0' + rabbitmq_master: "{{ groups['rabbitmq_cluster'][0] }}" roles: + - role: ansible-etc-hosts - role: ansible-rabbitmq tasks: diff --git a/requirements.yml b/requirements.yml index a1f51cb..ce92d72 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,2 +1,3 @@ --- +- src: https://github.com/mrlesmithjr/ansible-etc-hosts.git - src: https://github.com/mrlesmithjr/ansible-rabbitmq.git diff --git a/tasks/config.yml b/tasks/config.yml new file mode 100644 index 0000000..9ea5da2 --- /dev/null +++ b/tasks/config.yml @@ -0,0 +1,7 @@ +--- +- name: config | Configuring RabbitMQ + template: + src: "etc/rabbitmq/rabbitmq.config.j2" + dest: "/etc/rabbitmq/rabbitmq.config" + become: true + notify: "restart rabbitmq-server" diff --git a/tasks/debian.yml b/tasks/debian.yml index a031ead..b25d39b 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -3,22 +3,26 @@ apt_key: url: "{{ rabbitmq_debian_repo_key }}" state: present + become: true - name: debian | adding RabbitMQ repo apt_repository: repo: "{{ rabbitmq_debian_repo }}" state: present register: "rabbitmq_repo_added" + become: true - name: debian | updating apt cache apt: update_cache: yes + become: true when: rabbitmq_repo_added.changed - name: debian | installing RabbitMQ server apt: name: "{{ item }}" state: present + become: true with_items: - rabbitmq-server @@ -26,6 +30,7 @@ rabbitmq_plugin: names: rabbitmq_management state: enabled + become: true notify: restart rabbitmq-server - name: debian | ensuring that the RabbitMQ service is running @@ -33,3 +38,4 @@ name: rabbitmq-server state: started enabled: yes + become: true diff --git a/tasks/fedora.yml b/tasks/fedora.yml index 3d92963..6ac9c03 100644 --- a/tasks/fedora.yml +++ b/tasks/fedora.yml @@ -3,6 +3,7 @@ dnf: name: "{{ item }}" state: present + become: true with_items: - wget @@ -10,30 +11,36 @@ dnf: name: "erlang" state: present + become: true - name: fedora | adding RabbitMQ public GPG key rpm_key: key: "{{ rabbitmq_redhat_repo_key }}" state: present + become: true - name: fedora | downloading RabbitMQ get_url: url: "{{ rabbitmq_redhat_url }}/{{ rabbitmq_redhat_package }}" dest: "/opt/{{ rabbitmq_redhat_package }}" + become: true - name: fedora | installing RabbitMQ dnf: name: "/opt/{{ rabbitmq_redhat_package }}" state: present + become: true - name: fedora | starting and enabling RabbitMQ service service: name: "rabbitmq-server" state: started enabled: yes + become: true - name: fedora | enabling the RabbitMQ Management Console rabbitmq_plugin: names: rabbitmq_management state: enabled notify: restart rabbitmq-server + become: true diff --git a/tasks/main.yml b/tasks/main.yml index bd82f93..1da06c4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,19 +3,30 @@ when: ansible_os_family == "Debian" - include: redhat.yml - when: ansible_distribution == "CentOS" or ansible_distribution == "Red Hat Enterprise Linux" + when: > + ansible_distribution == "CentOS" or + ansible_distribution == "Red Hat Enterprise Linux" - include: fedora.yml when: ansible_distribution == "Fedora" +- include: config.yml + when: rabbitmq_config_service + - name: checking to see if already clustered stat: path=/etc/rabbitmq/clustered register: clustered - include: rabbitmq_clustering.yml - when: rabbitmq_enable_clustering and (clustered.stat.exists != True) + when: > + rabbitmq_enable_clustering and + not clustered['stat']['exists'] - include: rabbitmq_ha_config.yml - when: rabbitmq_config_ha and rabbitmq_enable_clustering + when: > + rabbitmq_config_ha and + rabbitmq_enable_clustering and + rabbitmq_config is defined - include: rabbitmq_users.yml + when: rabbitmq_users is defined diff --git a/tasks/rabbitmq_clustering.yml b/tasks/rabbitmq_clustering.yml index 5134c50..9e48590 100644 --- a/tasks/rabbitmq_clustering.yml +++ b/tasks/rabbitmq_clustering.yml @@ -1,21 +1,30 @@ --- - name: rabbitmq_clustering | stopping rabbitmq app command: rabbitmqctl stop_app - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | resetting rabbitmq app command: rabbitmqctl reset - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | stopping rabbitmq-server service: name: rabbitmq-server state: stopped + become: true -#- name: grabbing erlang cookie -# shell: cat /var/lib/rabbitmq/.erlang.cookie -# register: rabbitmq_erlang_cookie -# when: inventory_hostname == "{{ rabbitmq_master }}" +- name: rabbitmq_clustering | Capturing Erlang Cookie On Master + command: "cat {{ rabbitmq_erlang_cookie_file }}" + become: true + register: "rabbitmq_erlang_cookie" + when: inventory_hostname == rabbitmq_master + +- name: rabbitmq_clustering | Setting Erlang Cookie Of Master on Non-Master + set_fact: + rabbitmq_erlang_cookie: "{{ hostvars[rabbitmq_master]['rabbitmq_erlang_cookie']['stdout'] }}" + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | copy erlang cookie template: @@ -24,49 +33,62 @@ owner: rabbitmq group: rabbitmq mode: 0400 - backup: yes #backing up in case the need to recover -# when: inventory_hostname != "{{ rabbitmq_master }}" + # backing up in case the need to recover + backup: yes + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | restarting rabbitmq-server on master service: name: rabbitmq-server state: restarted - when: inventory_hostname == "{{ rabbitmq_master }}" + become: true + when: inventory_hostname == rabbitmq_master - name: rabbitmq_clustering | starting rabbitmq app on master command: rabbitmqctl start_app register: cluster_master - when: inventory_hostname == "{{ rabbitmq_master }}" + become: true + when: inventory_hostname == rabbitmq_master - name: rabbitmq_clustering | sending sigterm to any running rabbitmq processes shell: pkill -u rabbitmq || true - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | restarting rabbitmq-server service: name: rabbitmq-server state: restarted - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | stopping rabbitmq app command: rabbitmqctl stop_app - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | resetting rabbitmq app command: rabbitmqctl reset - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | joining rabbitmq cluster command: rabbitmqctl join_cluster "rabbit@{{ hostvars[rabbitmq_master]['ansible_hostname'] }}" register: cluster_joined - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | starting rabbitmq app command: rabbitmqctl start_app - when: inventory_hostname != "{{ rabbitmq_master }}" + become: true + when: inventory_hostname != rabbitmq_master - name: rabbitmq_clustering | marking as clustered file: path: /etc/rabbitmq/clustered state: touch - when: cluster_master.changed or cluster_joined.changed + become: true + when: > + cluster_master['changed'] or + cluster_joined['changed'] diff --git a/tasks/rabbitmq_ha_config.yml b/tasks/rabbitmq_ha_config.yml index 8811b6d..bf74957 100644 --- a/tasks/rabbitmq_ha_config.yml +++ b/tasks/rabbitmq_ha_config.yml @@ -6,39 +6,46 @@ - name: rabbitmq_ha_config | install rabbitMQ admin shell: wget http://guest:guest@localhost:15672/cli/rabbitmqadmin - when: not rabbitmqadmin_check.stat.exists + become: true + when: not rabbitmqadmin_check['stat']['exists'] - name: rabbitmq_ha_config | moving the rabbitMQ Admin shell: mv rabbitmqadmin /usr/sbin - when: not rabbitmqadmin_check.stat.exists + become: true + when: not rabbitmqadmin_check['stat']['exists'] - name: rabbitmq_ha_config | making executable rabbitMQ Admin shell: chmod +x /usr/sbin/rabbitmqadmin notify: restart rabbitmq-server - when: not rabbitmqadmin_check.stat.exists + become: true + when: not rabbitmqadmin_check['stat']['exists'] - name: rabbitmq_ha_config | creating queue(s) - command: rabbitmqadmin declare queue name={{ item.queue_name }} durable={{ item.durable|lower }} + command: rabbitmqadmin declare queue name={{ item['queue_name'] }} durable={{ item['durable']|lower }} run_once: true + become: true with_items: "{{ rabbitmq_config }}" - name: rabbitmq_ha_config | setting up ha on queue(s) rabbitmq_policy: name: "ha-all" - pattern: "{{ item.queue_name }}" - tags: "{{ item.tags }}" + pattern: "{{ item['queue_name'] }}" + tags: "{{ item['tags'] }}" state: present run_once: true + become: true with_items: "{{ rabbitmq_config }}" - name: rabbitmq_ha_config | creating exchange(s) - command: rabbitmqadmin declare exchange name={{ item.exchange_name }} type={{ item.type }} + command: rabbitmqadmin declare exchange name={{ item['exchange_name'] }} type={{ item['type'] }} run_once: true + become: true with_items: "{{ rabbitmq_config }}" - when: item.exchange_name is defined + when: item['exchange_name'] is defined - name: rabbitmq_ha_config | creating binding(s) - command: rabbitmqadmin declare binding source={{ item.exchange_name }} destination_type="queue" destination={{ item.queue_name }} routing_key={{ item.routing_key }} + command: rabbitmqadmin declare binding source={{ item['exchange_name'] }} destination_type="queue" destination={{ item['queue_name'] }} routing_key={{ item['routing_key'] }} run_once: true + become: true with_items: "{{ rabbitmq_config }}" - when: item.exchange_name is defined + when: item['exchange_name'] is defined diff --git a/tasks/rabbitmq_users.yml b/tasks/rabbitmq_users.yml index 8bce8b2..98e45e2 100644 --- a/tasks/rabbitmq_users.yml +++ b/tasks/rabbitmq_users.yml @@ -1,27 +1,34 @@ --- - name: rabbitmq_users | creating rabbitmq users rabbitmq_user: - name: "{{ item.name }}" - password: "{{ item.password }}" - vhost: "{{ item.vhost }}" - configure_priv: "{{ item.configure_priv }}" - read_priv: "{{ item.read_priv }}" - write_priv: "{{ item.write_priv }}" - tags: "{{ item.tags }}" + name: "{{ item['name'] }}" + password: "{{ item['password'] }}" + vhost: "{{ item['vhost'] }}" + configure_priv: "{{ item['configure_priv'] }}" + read_priv: "{{ item['read_priv'] }}" + write_priv: "{{ item['write_priv'] }}" + tags: "{{ item['tags'] }}" state: present + become: true with_items: "{{ rabbitmq_users }}" - when: (rabbitmq_enable_clustering is defined and not rabbitmq_enable_clustering) or rabbitmq_enable_clustering is not defined + when: > + (rabbitmq_enable_clustering is defined and + not rabbitmq_enable_clustering) or + rabbitmq_enable_clustering is not defined - name: rabbitmq_users | creating rabbitmq users rabbitmq_user: - name: "{{ item.name }}" - password: "{{ item.password }}" - vhost: "{{ item.vhost }}" - configure_priv: "{{ item.configure_priv }}" - read_priv: "{{ item.read_priv }}" - write_priv: "{{ item.write_priv }}" - tags: "{{ item.tags }}" + name: "{{ item['name'] }}" + password: "{{ item['password'] }}" + vhost: "{{ item['vhost'] }}" + configure_priv: "{{ item['configure_priv'] }}" + read_priv: "{{ item['read_priv'] }}" + write_priv: "{{ item['write_priv'] }}" + tags: "{{ item['tags'] }}" state: present run_once: yes + become: true with_items: "{{ rabbitmq_users }}" - when: (rabbitmq_enable_clustering is defined and rabbitmq_enable_clustering) + when: > + rabbitmq_enable_clustering is defined and + rabbitmq_enable_clustering diff --git a/tasks/redhat.yml b/tasks/redhat.yml index 484597d..afa714c 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -3,6 +3,7 @@ yum: name: "{{ item }}" state: present + become: true with_items: - epel-release - wget @@ -11,30 +12,36 @@ yum: name: "erlang" state: present + become: true - name: redhat | adding RabbitMQ public GPG key rpm_key: key: "{{ rabbitmq_redhat_repo_key }}" state: present + become: true - name: redhat | downloading RabbitMQ get_url: url: "{{ rabbitmq_redhat_url }}/{{ rabbitmq_redhat_package }}" dest: "/opt/{{ rabbitmq_redhat_package }}" + become: true - name: redhat | installing RabbitMQ yum: name: "/opt/{{ rabbitmq_redhat_package }}" state: present + become: true - name: redhat | starting and enabling RabbitMQ service service: name: "rabbitmq-server" state: started enabled: yes + become: true - name: redhat | enabling the RabbitMQ Management Console rabbitmq_plugin: names: rabbitmq_management state: enabled notify: restart rabbitmq-server + become: true diff --git a/templates/etc/rabbitmq/rabbitmq.config b/templates/etc/rabbitmq/rabbitmq.config new file mode 100644 index 0000000..221da01 --- /dev/null +++ b/templates/etc/rabbitmq/rabbitmq.config @@ -0,0 +1,677 @@ +%% -*- mode: erlang -*- +%% ---------------------------------------------------------------------------- +%% RabbitMQ Sample Configuration File. +%% +%% See http://www.rabbitmq.com/configure.html for details. +%% ---------------------------------------------------------------------------- +[ + {rabbit, + [%% + %% Network Connectivity + %% ==================== + %% + + %% By default, RabbitMQ will listen on all interfaces, using + %% the standard (reserved) AMQP port. + %% + %% {tcp_listeners, [5672]}, + + %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. + %% For example, to listen only on localhost for both IPv4 and IPv6: + %% + %% {tcp_listeners, [{"127.0.0.1", 5672}, + %% {"::1", 5672}]}, + + %% SSL listeners are configured in the same fashion as TCP listeners, + %% including the option to control the choice of interface. + %% + %% {ssl_listeners, [5671]}, + + %% Number of Erlang processes that will accept connections for the TCP + %% and SSL listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection + %% and SSL handshake), in milliseconds. + %% + %% {handshake_timeout, 10000}, + + %% Log levels (currently just used for connection logging). + %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing + %% order of verbosity. Defaults to 'info'. + %% + %% {log_levels, [{connection, info}, {channel, info}]}, + + %% Set to 'true' to perform reverse DNS lookups when accepting a + %% connection. Hostnames will then be shown instead of IP addresses + %% in rabbitmqctl and the management plugin. + %% + %% {reverse_dns_lookups, true}, + + %% + %% Security / AAA + %% ============== + %% + + %% The default "guest" user is only permitted to access the server + %% via a loopback interface (e.g. localhost). + %% {loopback_users, [<<"guest">>]}, + %% + %% Uncomment the following line if you want to allow access to the + %% guest user from anywhere on the network. + %% {loopback_users, []}, + + %% Configuring SSL. + %% See http://www.rabbitmq.com/ssl.html for full documentation. + %% + %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, + %% {certfile, "/path/to/server/cert.pem"}, + %% {keyfile, "/path/to/server/key.pem"}, + %% {verify, verify_peer}, + %% {fail_if_no_peer_cert, false}]}, + + %% Choose the available SASL mechanism(s) to expose. + %% The two default (built in) mechanisms are 'PLAIN' and + %% 'AMQPLAIN'. Additional mechanisms can be added via + %% plugins. + %% + %% See http://www.rabbitmq.com/authentication.html for more details. + %% + %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, + + %% Select an authentication database to use. RabbitMQ comes bundled + %% with a built-in auth-database, based on mnesia. + %% + %% {auth_backends, [rabbit_auth_backend_internal]}, + + %% Configurations supporting the rabbitmq_auth_mechanism_ssl and + %% rabbitmq_auth_backend_ldap plugins. + %% + %% NB: These options require that the relevant plugin is enabled. + %% See http://www.rabbitmq.com/plugins.html for further details. + + %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to + %% authenticate a user based on the client's SSL certificate. + %% + %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms + %% list with the entry 'EXTERNAL'. + %% + %% {auth_mechanisms, ['EXTERNAL']}, + + %% The rabbitmq_auth_backend_ldap plugin allows the broker to + %% perform authentication and authorisation by deferring to an + %% external LDAP server. + %% + %% For more information about configuring the LDAP backend, see + %% http://www.rabbitmq.com/ldap.html. + %% + %% Enable the LDAP auth backend by adding to or replacing the + %% auth_backends entry: + %% + %% {auth_backends, [rabbit_auth_backend_ldap]}, + + %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and + %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp + %% configuration section later in this file and the README in + %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further + %% details. + %% + %% To use the SSL cert's CN instead of its DN as the username + %% + %% {ssl_cert_login_from, common_name}, + + %% SSL handshake timeout, in milliseconds. + %% + %% {ssl_handshake_timeout, 5000}, + + %% Password hashing implementation. Will only affect newly + %% created users. To recalculate hash for an existing user + %% it's necessary to update her password. + %% + %% {password_hashing_module, rabbit_password_hashing_sha256}, + + %% Configuration entry encryption. + %% See http://www.rabbitmq.com/configure.html#configuration-encryption + %% + %% To specify the passphrase in the configuration file: + %% + %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} + %% + %% To specify the passphrase in an external file: + %% + %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} + %% + %% To make the broker request the passphrase when it starts: + %% + %% {config_entry_decoder, [{passphrase, prompt}]} + %% + %% To change encryption settings: + %% + %% {config_entry_decoder, [{cipher, aes_cbc256}, + %% {hash, sha512}, + %% {iterations, 1000}]} + + %% + %% Default User / VHost + %% ==================== + %% + + %% On first start RabbitMQ will create a vhost and a user. These + %% config items control what gets created. See + %% http://www.rabbitmq.com/access-control.html for further + %% information about vhosts and access control. + %% + %% {default_vhost, <<"/">>}, + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, + + %% Tags for default user + %% + %% For more details about tags, see the documentation for the + %% Management Plugin at http://www.rabbitmq.com/management.html. + %% + %% {default_user_tags, [administrator]}, + + %% + %% Additional network and protocol related configuration + %% ===================================================== + %% + + %% Set the default AMQP heartbeat delay (in seconds). + %% + %% {heartbeat, 60}, + + %% Set the max permissible size of an AMQP frame (in bytes). + %% + %% {frame_max, 131072}, + + %% Set the max frame size the server will accept before connection + %% tuning occurs + %% + %% {initial_frame_max, 4096}, + + %% Set the max permissible number of channels per connection. + %% 0 means "no limit". + %% + %% {channel_max, 128}, + + %% Customising Socket Options. + %% + %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for + %% further documentation. + %% + %% {tcp_listen_options, [{backlog, 128}, + %% {nodelay, true}, + %% {exit_on_close, false}]}, + + %% + %% Resource Limits & Flow Control + %% ============================== + %% + %% See http://www.rabbitmq.com/memory.html for full details. + + %% Memory-based Flow Control threshold. + %% + %% {vm_memory_high_watermark, 0.4}, + + %% Alternatively, we can set a limit (in bytes) of RAM used by the node. + %% + %% {vm_memory_high_watermark, {absolute, 1073741824}}, + %% + %% Or you can set absolute value using memory units. + %% + %% {vm_memory_high_watermark, {absolute, "1024M"}}, + %% + %% Supported units suffixes: + %% + %% k, kiB: kibibytes (2^10 bytes) + %% M, MiB: mebibytes (2^20) + %% G, GiB: gibibytes (2^30) + %% kB: kilobytes (10^3) + %% MB: megabytes (10^6) + %% GB: gigabytes (10^9) + + %% Fraction of the high watermark limit at which queues start to + %% page message out to disc in order to free up memory. + %% + %% Values greater than 0.9 can be dangerous and should be used carefully. + %% + %% {vm_memory_high_watermark_paging_ratio, 0.5}, + + %% Interval (in milliseconds) at which we perform the check of the memory + %% levels against the watermarks. + %% + %% {memory_monitor_interval, 2500}, + + %% Set disk free limit (in bytes). Once free disk space reaches this + %% lower bound, a disk alarm will be set - see the documentation + %% listed above for more details. + %% + %% {disk_free_limit, 50000000}, + %% + %% Or you can set it using memory units (same as in vm_memory_high_watermark) + %% {disk_free_limit, "50MB"}, + %% {disk_free_limit, "50000kB"}, + %% {disk_free_limit, "2GB"}, + + %% Alternatively, we can set a limit relative to total available RAM. + %% + %% Values lower than 1.0 can be dangerous and should be used carefully. + %% {disk_free_limit, {mem_relative, 2.0}}, + + %% + %% Misc/Advanced Options + %% ===================== + %% + %% NB: Change these only if you understand what you are doing! + %% + + %% To announce custom properties to clients on connection: + %% + %% {server_properties, []}, + + %% How to respond to cluster partitions. + %% See http://www.rabbitmq.com/partitions.html for further details. + %% + %% {cluster_partition_handling, ignore}, + + %% Make clustering happen *automatically* at startup - only applied + %% to nodes that have just been reset or started for the first time. + %% See http://www.rabbitmq.com/clustering.html#auto-config for + %% further details. + %% + %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, + + %% Interval (in milliseconds) at which we send keepalive messages + %% to other cluster members. Note that this is not the same thing + %% as net_ticktime; missed keepalive messages will not cause nodes + %% to be considered down. + %% + %% {cluster_keepalive_interval, 10000}, + + %% Set (internal) statistics collection granularity. + %% + %% {collect_statistics, none}, + + %% Statistics collection interval (in milliseconds). + %% + %% {collect_statistics_interval, 5000}, + + %% Explicitly enable/disable hipe compilation. + %% + %% {hipe_compile, true}, + + %% Number of times to retry while waiting for Mnesia tables in a cluster to + %% become available. + %% + %% {mnesia_table_loading_retry_limit, 10}, + + %% Time to wait per retry for Mnesia tables in a cluster to become + %% available. + %% + %% {mnesia_table_loading_retry_timeout, 30000}, + + %% Size in bytes below which to embed messages in the queue index. See + %% http://www.rabbitmq.com/persistence-conf.html + %% + %% {queue_index_embed_msgs_below, 4096}, + + %% Whether or not to enable background GC. + %% + %% {background_gc_enabled, true}, + %% + %% Interval (in milliseconds) at which we run background GC. + %% + %% {background_gc_target_interval, 60000} + + ]}, + + %% ---------------------------------------------------------------------------- + %% Advanced Erlang Networking/Clustering Options. + %% + %% See http://www.rabbitmq.com/clustering.html for details + %% ---------------------------------------------------------------------------- + {kernel, + [%% Sets the net_kernel tick time. + %% Please see http://erlang.org/doc/man/kernel_app.html and + %% http://www.rabbitmq.com/nettick.html for further details. + %% + %% {net_ticktime, 60} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Management Plugin + %% + %% See http://www.rabbitmq.com/management.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_management, + [%% Pre-Load schema definitions from the following JSON file. See + %% http://www.rabbitmq.com/management.html#load-definitions + %% + %% {load_definitions, "/path/to/schema.json"}, + + %% Log all requests to the management HTTP API to a file. + %% + %% {http_log_dir, "/path/to/access.log"}, + + %% Change the port on which the HTTP listener listens, + %% specifying an interface for the web server to bind to. + %% Also set the listener to use SSL and provide SSL options. + %% + %% {listener, [{port, 12345}, + %% {ip, "127.0.0.1"}, + %% {ssl, true}, + %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, + %% {certfile, "/path/to/cert.pem"}, + %% {keyfile, "/path/to/key.pem"}]}]}, + + %% One of 'basic', 'detailed' or 'none'. See + %% http://www.rabbitmq.com/management.html#fine-stats for more details. + %% {rates_mode, basic}, + + %% Configure how long aggregated data (such as message rates and queue + %% lengths) is retained. Please read the plugin's documentation in + %% http://www.rabbitmq.com/management.html#configuration for more + %% details. + %% + %% {sample_retention_policies, + %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, + %% {basic, [{60, 5}, {3600, 60}]}, + %% {detailed, [{10, 5}]}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Shovel Plugin + %% + %% See http://www.rabbitmq.com/shovel.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_shovel, + [{shovels, + [%% A named shovel worker. + %% {my_first_shovel, + %% [ + + %% List the source broker(s) from which to consume. + %% + %% {sources, + %% [%% URI(s) and pre-declarations for all source broker(s). + %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, + %% {declarations, []} + %% ]}, + + %% List the destination broker(s) to publish to. + %% {destinations, + %% [%% A singular version of the 'brokers' element. + %% {broker, "amqp://"}, + %% {declarations, []} + %% ]}, + + %% Name of the queue to shovel messages from. + %% + %% {queue, <<"your-queue-name-goes-here">>}, + + %% Optional prefetch count. + %% + %% {prefetch_count, 10}, + + %% when to acknowledge messages: + %% - no_ack: never (auto) + %% - on_publish: after each message is republished + %% - on_confirm: when the destination broker confirms receipt + %% + %% {ack_mode, on_confirm}, + + %% Overwrite fields of the outbound basic.publish. + %% + %% {publish_fields, [{exchange, <<"my_exchange">>}, + %% {routing_key, <<"from_shovel">>}]}, + + %% Static list of basic.properties to set on re-publication. + %% + %% {publish_properties, [{delivery_mode, 2}]}, + + %% The number of seconds to wait before attempting to + %% reconnect in the event of a connection failure. + %% + %% {reconnect_delay, 2.5} + + %% ]} %% End of my_first_shovel + ]} + %% Rather than specifying some values per-shovel, you can specify + %% them for all shovels here. + %% + %% {defaults, [{prefetch_count, 0}, + %% {ack_mode, on_confirm}, + %% {publish_fields, []}, + %% {publish_properties, [{delivery_mode, 2}]}, + %% {reconnect_delay, 2.5}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Stomp Adapter + %% + %% See http://www.rabbitmq.com/stomp.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_stomp, + [%% Network Configuration - the format is generally the same as for the broker + + %% Listen only on localhost (ipv4 & ipv6) on a specific port. + %% {tcp_listeners, [{"127.0.0.1", 61613}, + %% {"::1", 61613}]}, + + %% Listen for SSL connections on a specific port. + %% {ssl_listeners, [61614]}, + + %% Number of Erlang processes that will accept connections for the TCP + %% and SSL listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% Additional SSL options + + %% Extract a name from the client's certificate when using SSL. + %% + %% {ssl_cert_login, true}, + + %% Set a default user name and password. This is used as the default login + %% whenever a CONNECT frame omits the login and passcode headers. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, [{login, "guest"}, + %% {passcode, "guest"}]}, + + %% If a default user is configured, or you have configured use SSL client + %% certificate based authentication, you can choose to allow clients to + %% omit the CONNECT frame entirely. If set to true, the client is + %% automatically connected as the default user or user supplied in the + %% SSL certificate whenever the first frame sent on a session is not a + %% CONNECT frame. + %% + %% {implicit_connect, true} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ MQTT Adapter + %% + %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md + %% for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_mqtt, + [%% Set the default user name and password. Will be used as the default login + %% if a connecting client provides no other login details. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + + %% Enable anonymous access. If this is set to false, clients MUST provide + %% login information in order to connect. See the default_user/default_pass + %% configuration elements for managing logins without authentication. + %% + %% {allow_anonymous, true}, + + %% If you have multiple chosts, specify the one to which the + %% adapter connects. + %% + %% {vhost, <<"/">>}, + + %% Specify the exchange to which messages from MQTT clients are published. + %% + %% {exchange, <<"amq.topic">>}, + + %% Specify TTL (time to live) to control the lifetime of non-clean sessions. + %% + %% {subscription_ttl, 1800000}, + + %% Set the prefetch count (governing the maximum number of unacknowledged + %% messages that will be delivered). + %% + %% {prefetch, 10}, + + %% TCP/SSL Configuration (as per the broker configuration). + %% + %% {tcp_listeners, [1883]}, + %% {ssl_listeners, []}, + + %% Number of Erlang processes that will accept connections for the TCP + %% and SSL listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% TCP/Socket options (as per the broker configuration). + %% + %% {tcp_listen_options, [{backlog, 128}, + %% {nodelay, true}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ AMQP 1.0 Support + %% + %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md + %% for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_amqp1_0, + [%% Connections that are not authenticated with SASL will connect as this + %% account. See the README for more information. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, "guest"}, + + %% Enable protocol strict mode. See the README for more information. + %% + %% {protocol_strict_mode, false} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ LDAP Plugin + %% + %% See http://www.rabbitmq.com/ldap.html for details. + %% + %% ---------------------------------------------------------------------------- + + {rabbitmq_auth_backend_ldap, + [%% + %% Connecting to the LDAP server(s) + %% ================================ + %% + + %% Specify servers to bind to. You *must* set this in order for the plugin + %% to work properly. + %% + %% {servers, ["your-server-name-goes-here"]}, + + %% Connect to the LDAP server using SSL + %% + %% {use_ssl, false}, + + %% Specify the LDAP port to connect to + %% + %% {port, 389}, + + %% LDAP connection timeout, in milliseconds or 'infinity' + %% + %% {timeout, infinity}, + + %% Enable logging of LDAP queries. + %% One of + %% - false (no logging is performed) + %% - true (verbose logging of the logic used by the plugin) + %% - network (as true, but additionally logs LDAP network traffic) + %% + %% Defaults to false. + %% + %% {log, false}, + + %% + %% Authentication + %% ============== + %% + + %% Pattern to convert the username given through AMQP to a DN before + %% binding + %% + %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, + + %% Alternatively, you can convert a username to a Distinguished + %% Name via an LDAP lookup after binding. See the documentation for + %% full details. + + %% When converting a username to a dn via a lookup, set these to + %% the name of the attribute that represents the user name, and the + %% base DN for the lookup query. + %% + %% {dn_lookup_attribute, "userPrincipalName"}, + %% {dn_lookup_base, "DC=gopivotal,DC=com"}, + + %% Controls how to bind for authorisation queries and also to + %% retrieve the details of users logging in without presenting a + %% password (e.g., SASL EXTERNAL). + %% One of + %% - as_user (to bind as the authenticated user - requires a password) + %% - anon (to bind anonymously) + %% - {UserDN, Password} (to bind with a specified user name and password) + %% + %% Defaults to 'as_user'. + %% + %% {other_bind, as_user}, + + %% + %% Authorisation + %% ============= + %% + + %% The LDAP plugin can perform a variety of queries against your + %% LDAP server to determine questions of authorisation. See + %% http://www.rabbitmq.com/ldap.html#authorisation for more + %% information. + + %% Set the query to use when determining vhost access + %% + %% {vhost_access_query, {in_group, + %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + + %% Set the query to use when determining resource (e.g., queue) access + %% + %% {resource_access_query, {constant, true}}, + + %% Set queries to determine which tags a user has + %% + %% {tag_queries, []} + ]} +]. diff --git a/templates/etc/rabbitmq/rabbitmq.config.j2 b/templates/etc/rabbitmq/rabbitmq.config.j2 new file mode 100644 index 0000000..97ae132 --- /dev/null +++ b/templates/etc/rabbitmq/rabbitmq.config.j2 @@ -0,0 +1,9 @@ +[ + {rabbit, [ +{% if rabbitmq_listeners is not defined %} + {tcp_listeners, [{{ rabbitmq_listen_port }}]} +{% elif rabbitmq_listeners is defined %} + {tcp_listeners, [{% for item in rabbitmq_listeners %}{"{{ item }}", {{ rabbitmq_listen_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]} +{% endif %} + ]} +].