├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── README.md ├── Vagrantfile ├── defaults └── main.yml ├── files └── rabbitmq.list ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── configuration.yml ├── federation.yml ├── install │ ├── debian.yml │ ├── main.yml │ └── redhat.yml ├── main.yml ├── plugins.yml └── vhost.yml ├── templates ├── rabbitmq-env.conf.j2 └── rabbitmq.config.j2 └── vagrant ├── files ├── rabbitmq_cacert.pem ├── rabbitmq_server_cert.pem └── rabbitmq_server_key.pem ├── roles └── rabbitmq ├── site.yml ├── standalone.yml └── test_standalone.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .*.sw* 2 | .vagrant/ 3 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | before_install: 5 | - sudo apt-get update -qq 6 | install: 7 | # Install Ansible. 8 | - pip install ansible 9 | 10 | # Create an inventory file for testing. 11 | - "printf 'rabbit-standalone ansible_ssh_host=localhost' > inventory" 12 | script: 13 | # Check the role/playbook's syntax. 14 | - "ansible-playbook -i inventory vagrant/site.yml --syntax-check" 15 | 16 | # NOTE(retr0h): Testing standalone until we can test a cluster with travis. 17 | - "ansible-playbook -vvvv -i inventory vagrant/standalone.yml --connection=local --sudo" 18 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | This project adheres to [Semantic Versioning](http://semver.org/). 5 | This change log follow the convention proposed by [Kepp a CHANGELOG](http://keepachangelog.com/). 6 | 7 | ## [Unreleased][unreleased] 8 | 9 | ### Added 10 | 11 | - New option to configure permission for users 12 | 13 | ### Changed 14 | 15 | - Travis now uses the last Ansible 16 | 17 | ### Fixed 18 | 19 | - URL of the signing key for Debian updated 20 | - Fixed the JSON generation for rabbitmq_parameter. It seems that [#237](https://github.com/ansible/ansible-modules-extras/commit/e8391d69855b42d8108fd921f7d6375714494a0e) did not fix it after all... 21 | 22 | ## [1.4.0] - 2014-11-20 23 | 24 | ### Added 25 | 26 | - Simple Travis-CI support 27 | - Test to ensure the default configuration listen to the good port 28 | 29 | ### Changed 30 | 31 | - Update the tasks directory layout to be more idiomatic 32 | 33 | ### Fixed 34 | 35 | - item.vhost silently changed to item.name breaking the API involuntary. 36 | 37 | ## [1.3.0] - 2014-11-16 38 | 39 | ### Added 40 | 41 | - Add support for Redhat 42 | 43 | ### Changed 44 | 45 | - Allow the test to run with TLS by adding dummy certificates 46 | - Allow a more flexible naming for the X.509 certificates 47 | 48 | ## [1.2.0] - 2014-11-06 49 | 50 | ### Added 51 | 52 | - Add the possibility to define the VM to use for testing from the command line 53 | 54 | ### Changed 55 | 56 | - Switch the default VM used for test to one from Vagrant cloud 57 | - Support the default Debian package instead of the one distributed by RabbitMQ 58 | - Reorganise and clean the code for to help future change (new OS/distrib, 59 | clustering) 60 | 61 | ## [1.1.0] - 2014-10-30 62 | 63 | ### Added 64 | 65 | - Add the possibility to use non default node name. See the new field `node` in 66 | the `rabbitmq_vhost_definitions` and `rabbitmq_users_definitions` variables. 67 | This field is optional. 68 | - Add the possibility to generate a `rabbitmq-env.conf` file in the RabbitMQ 69 | configuration folder. See the `rabbitmq_conf_env` hash. 70 | 71 | ## 1.0.0 - 2014-10-26 72 | 73 | Initial version number 74 | 75 | [unreleased]: https://github.com/Mayeu/ansible-playbook-rabbitmq/compare/v1.4.0...HEAD 76 | [1.4.0]: https://github.com/Mayeu/ansible-playbook-rabbitmq/compare/1.3.0...1.4.0 77 | [1.3.0]: https://github.com/Mayeu/ansible-playbook-rabbitmq/compare/1.2.0...1.3.0 78 | [1.2.0]: https://github.com/Mayeu/ansible-playbook-rabbitmq/compare/1.1.0...1.2.0 79 | [1.1.0]: https://github.com/Mayeu/ansible-playbook-rabbitmq/compare/1.0.0...1.1.0 80 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # UNMAINTAINED 2 | 3 | This playbook is not maintained anymore. I ma not using it since a long time, 4 | nor do I have time to maintain it. 5 | 6 | Feel free to fork if you wish. If you want I can even advertise your fork here. 7 | 8 | # Rabbitmq Playbook 9 | 10 | Playbook to install and configure rabbitmq. Will come with various 11 | configuration tweaking later on. 12 | 13 | If you wish to discuss modifications, or help to support more platforms, open 14 | an issue. 15 | 16 | ## Installation 17 | 18 | Use Ansible galaxy to install this playbook: 19 | 20 | $ ansible-galaxy install Mayeu.RabbitMQ,1.4.0 21 | 22 | The `master` branch should currently be considered instable. Please avoid using 23 | it for something else than test purpose :) 24 | 25 | ## Supported system 26 | 27 | Currently only Debian Jessie and Wheezy on amd64 are supported. Patch welcome 28 | to support other distribution or OS. 29 | 30 | ## Semantic versioning 2.0.0 31 | 32 | Starting with the commit 33 | [67c608826a140868a71854ce3129b5f3d67ddcce](https://github.com/Mayeu/ansible-playbook-rabbitmq/commit/67c608826a140868a71854ce3129b5f3d67ddcce), 34 | this playbook use semantic versioning. Following the specification, and since 35 | the playbook is used in production and I want to avoid breaking the 36 | compatibility, the first version number is 1.0.0 37 | 38 | The public API defined in the semantic versioning correspond to the settings 39 | available to the user. Breaking the API (incrementing from `X.Y.Z` to 40 | `(X+1).Y.Z`) in this context mean that the user need to change variable name 41 | for its playbook to run. 42 | 43 | Any new feature added (from `X.Y.Z` to `X.(Y+1).Z`) should have a working 44 | default value that need no user interaction by default. If a feature addition 45 | require user interaction, then it is not a minor upgrade, but a major one. 46 | 47 | ## Role Variables 48 | 49 | ### Installation 50 | 51 | |Name|Type|Description|Default| 52 | |----|----|-----------|-------| 53 | `rabbitmq_os_package`|Bool|When true uses the default package proposed by the OS or distribution instead of the one distributed by RabbitMQ.|`false`| 54 | 55 | 56 | ### Environment 57 | 58 | |Name|Type|Description|Default| 59 | |----|----|-----------|-------| 60 | `rabbitmq_conf_env`|Hash|Set environment variable|undef| 61 | 62 | Exemple: 63 | 64 | ```yaml 65 | rabbitmq_conf_env: 66 | RABBITMQ_ROCKS: correct 67 | ``` 68 | 69 | Will generate: 70 | 71 | ``` 72 | RABBITMQ_ROCKS="correct" 73 | ``` 74 | 75 | ### Certificate 76 | 77 | |Name|Type|Description|Default| 78 | |----|----|-----------|-------| 79 | `rabbitmq_cacert`|String|Path of the CA certificate file.|`files/rabbitmq_cacert.pem` 80 | `rabbitmq_server_key`|String|Path of the SSL key file.|`files/rabbitmq_server_key.pem` 81 | `rabbitmq_server_cert`|String|Path of the SSL certificate file.|`files/rabbitmq_server_cert.pem` 82 | `rabbitmq_ssl`|Boolean|Define if we need to use SSL|`true` 83 | 84 | ### Default configuration file 85 | 86 | |Name|Type|Description|Default| 87 | |----|----|-----------|-------| 88 | `rabbitmq_conf_tcp_listeners_address`|String|listening address for the tcp interface|`''` 89 | `rabbitmq_conf_tcp_listeners_port`|Integer|listening port for the tcp interface|`5672` 90 | `rabbitmq_conf_ssl_listeners_address`|String|listening address for the ssl interface|`'0.0.0.0'` 91 | `rabbitmq_conf_ssl_listeners_port`|Integer|listening port for the ssl interface|`5671` 92 | `rabbitmq_conf_ssl_options_cacertfile`|String|Path the CA certificate|`"/etc/rabbitmq/ssl/cacert.pem"` 93 | `rabbitmq_conf_ssl_options_certfile`|String|Path to the server certificate|`"/etc/rabbitmq/ssl/server_cert.pem"` 94 | `rabbitmq_conf_ssl_options_keyfile`|String|Path to the private key file|`"/etc/rabbitmq/ssl/server_key.pem"` 95 | `rabbitmq_conf_ssl_options_fail_if_no_peer_cert`|Boolean|Value of the `fail_if_no_peer_cert` SSL option|`"true"` 96 | 97 | ### Plugins 98 | 99 | |Name|Type|Description|Default| 100 | |----|----|-----------|-------| 101 | `rabbitmq_new_only`|String|Add plugins as new, without deactivating other plugins|`'no'` 102 | `rabbitmq_plugins`|String|List|List of plugins to activate|`[]` 103 | 104 | ### Vhost 105 | 106 | |Name|Type|Description|Default| 107 | |----|----|-----------|-------| 108 | `rabbitmq_vhost_definitions`|List|Define the list of vhost to create|`[]` 109 | `rabbitmq_users_definitions`|List of hash|Define the users, and associated vhost and password (see below)|`[]` 110 | 111 | Defining the vhosts configuration 112 | 113 | ```yaml 114 | rabbitmq_vhost_definitions: 115 | - name: vhost1 116 | node: node_name #Optional, defaults to "rabbit" 117 | tracing: yes #Optional, defaults to "no" 118 | ``` 119 | 120 | Defining the users configuration: 121 | 122 | ```yaml 123 | rabbitmq_users_definitions: 124 | - vhost: vhost1 125 | user: user1 126 | password: password1 127 | node: node_name # Optional, defaults to "rabbit" 128 | configure_priv: "^resource.*" # Optional, defaults to ".*" 129 | read_priv: "^$" # Disallow reading. 130 | write_priv: "^$" # Disallow writing. 131 | - vhost: vhost1 132 | user: user2 133 | password: password2 134 | force: no 135 | tags: # Optional, user tags 136 | - administrator 137 | ``` 138 | 139 | ### Federation 140 | 141 | |Name|Type|Description|Default| 142 | |----|----|-----------|-------| 143 | `rabbitmq_federation`|Boolean|Define if we need to setup federation|`false` 144 | `rabbitmq_federation_configuration`|List of hashes|Define all the federation we need to setup|Not defined 145 | `rabbitmq_policy_configuration`|List of hashes|Define all the federation we need to setup|Not defined 146 | 147 | Defining the federation upstream configuration: 148 | 149 | ```yaml 150 | rabbitmq_federation_upstream: 151 | - name: upstream name 152 | vhost: local vhost to federate 153 | value: json description of the federation 154 | local_username: the local username for the federation 155 | ``` 156 | 157 | See the [RabbitMQ documentation](http://www.rabbitmq.com/federation.html) for 158 | the possible JSON value. 159 | 160 | Defining the policy configuration: 161 | 162 | ```yaml 163 | rabbitmq_policy_configuration: 164 | - name: name of the policy 165 | vhost: vhost where the policy will be applied 166 | pattern: pattern of the policy 167 | tags: description of the policy in dict form # exemple: "ha-mode=all" 168 | ``` 169 | 170 | ## Files required 171 | 172 | You have to put the needed certificates in your `files/` folder, for example: 173 | 174 | files/ 175 | |- cacert.crt 176 | |- myserver_key.key 177 | |- myserver_cert.crt 178 | 179 | And then configure the role: 180 | 181 | ```yaml 182 | rabbitmq_cacert: files/cacert.crt 183 | rabbitmq_server_key: files/myserver_key.key 184 | rabbitmq_server_cert: files/myserver_cert.crt 185 | ``` 186 | 187 | ## Testing 188 | 189 | There is some tests that try to provision a VM using Vagrant. Just launch them 190 | with: 191 | 192 | $ vagrant up # for test with Debian jessie 193 | $ export VAGRANT_BOX_NAME='chef/centos-6.5' vagrant up # for test with Centos 194 | 195 | You can change the VM used during test by setting the `VAGRANT_BOX_NAME` env 196 | variable to something else than `deb/jessie`. 197 | 198 | ## License 199 | 200 | BSD 201 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | BOX_NAME = ENV['VAGRANT_BOX_NAME'] || 'debian/jessie64' 2 | 3 | Vagrant.configure('2') do |config| 4 | config.vm.box = BOX_NAME 5 | config.vm.provision 'ansible' do |ansible| 6 | ansible.playbook = 'vagrant/site.yml' 7 | ansible.limit = 'all' 8 | ansible.sudo = true 9 | ansible.host_key_checking = false 10 | end 11 | 12 | config.vm.define 'rabbit-standalone' do |c| 13 | c.vm.host_name = 'rabbit-standalone' 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ################ 3 | # Playbook control 4 | # ################ 5 | 6 | # Take the package given by the OS/distrib 7 | rabbitmq_os_package: false 8 | 9 | # Plugins 10 | rabbitmq_plugins: [] 11 | rabbitmq_new_only: 'no' 12 | 13 | # VHOST 14 | rabbitmq_vhost_definitions: [] 15 | rabbitmq_users_definitions: [] 16 | 17 | # Avoid setting up federation 18 | rabbitmq_federation: false 19 | 20 | # defaults file for rabbitmq 21 | rabbitmq_cacert : "files/rabbitmq_cacert.pem" 22 | rabbitmq_server_key : "files/rabbitmq_server_key.pem" 23 | rabbitmq_server_cert: "files/rabbitmq_server_cert.pem" 24 | rabbitmq_ssl : true 25 | 26 | # ###################### 27 | # RabbitMQ Configuration 28 | # ###################### 29 | 30 | # rabbitmq TCP configuration 31 | rabbitmq_conf_tcp_listeners_address: '' 32 | rabbitmq_conf_tcp_listeners_port: 5672 33 | 34 | # rabbitmq SSL configuration 35 | rabbitmq_conf_ssl_listeners_address : '0.0.0.0' 36 | rabbitmq_conf_ssl_listeners_port : 5671 37 | rabbitmq_conf_ssl_options_cacertfile : "/etc/rabbitmq/ssl/{{ rabbitmq_cacert | basename }}" 38 | rabbitmq_conf_ssl_options_certfile : "/etc/rabbitmq/ssl/{{ rabbitmq_server_cert | basename }}" 39 | rabbitmq_conf_ssl_options_keyfile : "/etc/rabbitmq/ssl/{{ rabbitmq_server_key | basename }}" 40 | rabbitmq_conf_ssl_options_fail_if_no_peer_cert: "true" 41 | 42 | rabbitmq_env: false 43 | -------------------------------------------------------------------------------- /files/rabbitmq.list: -------------------------------------------------------------------------------- 1 | # Official repository of rabbitmq 2 | deb http://www.rabbitmq.com/debian/ testing main 3 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for rabbitmq 3 | - name: restart rabbitmq-server 4 | service: name=rabbitmq-server state=restarted enabled=yes 5 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Mayeu 4 | description: RabbitMQ is a complete and highly reliable enterprise messaging system based on the emerging AMQP standard. 5 | license: BSD 6 | min_ansible_version: 1.4 7 | # 8 | # Below are all platforms currently available. Just uncomment 9 | # the ones that apply to your role. If you don't see your 10 | # platform on this list, let us know and we'll get it added! 11 | # 12 | platforms: 13 | #- name: EL 14 | # versions: 15 | # - all 16 | # - 5 17 | # - 6 18 | #- name: GenericUNIX 19 | # versions: 20 | # - all 21 | # - any 22 | #- name: Fedora 23 | # versions: 24 | # - all 25 | # - 16 26 | # - 17 27 | # - 18 28 | # - 19 29 | # - 20 30 | #- name: opensuse 31 | # versions: 32 | # - all 33 | # - 12.1 34 | # - 12.2 35 | # - 12.3 36 | # - 13.1 37 | # - 13.2 38 | #- name: GenericBSD 39 | # versions: 40 | # - all 41 | # - any 42 | #- name: FreeBSD 43 | # versions: 44 | # - all 45 | # - 8.0 46 | # - 8.1 47 | # - 8.2 48 | # - 8.3 49 | # - 8.4 50 | # - 9.0 51 | # - 9.1 52 | # - 9.1 53 | # - 9.2 54 | #- name: Ubuntu 55 | # versions: 56 | # - all 57 | # - lucid 58 | # - maverick 59 | # - natty 60 | # - oneiric 61 | # - precise 62 | # - quantal 63 | # - raring 64 | # - saucy 65 | # - trusty 66 | #- name: SLES 67 | # versions: 68 | # - all 69 | # - 10SP3 70 | # - 10SP4 71 | # - 11 72 | # - 11SP1 73 | # - 11SP2 74 | # - 11SP3 75 | #- name: GenericLinux 76 | # versions: 77 | # - all 78 | # - any 79 | - name: Debian 80 | versions: 81 | # - all 82 | # - etch 83 | # - lenny 84 | # - squeeze 85 | - wheezy 86 | - jessie 87 | # 88 | # Below are all categories currently available. Just as with 89 | # the platforms above, uncomment those that apply to your role. 90 | # 91 | categories: 92 | #- cloud 93 | #- cloud:ec2 94 | #- cloud:gce 95 | #- cloud:rax 96 | #- database 97 | #- database:nosql 98 | #- database:sql 99 | #- development 100 | #- monitoring 101 | - networking 102 | #- packaging 103 | #- system 104 | #- web 105 | dependencies: [] 106 | # List your role dependencies here, one per line. Only 107 | # dependencies available via galaxy should be listed here. 108 | # Be sure to remove the '[]' above if you add dependencies 109 | # to this list. 110 | -------------------------------------------------------------------------------- /tasks/configuration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create the ssl folder for rabbitmq 3 | file: 4 | path=/etc/rabbitmq/ssl/ 5 | owner=rabbitmq 6 | group=rabbitmq 7 | mode=0750 8 | state=directory 9 | when: rabbitmq_ssl 10 | 11 | - name: copy the ssl certificates 12 | copy: 13 | src={{ item.src }} 14 | dest={{ item.dest }} 15 | owner=rabbitmq 16 | group=rabbitmq 17 | mode=0640 18 | backup=yes 19 | with_items: 20 | - src: "{{ rabbitmq_cacert }}" 21 | dest: "{{ rabbitmq_conf_ssl_options_cacertfile }}" 22 | - src: "{{ rabbitmq_server_key }}" 23 | dest: "{{ rabbitmq_conf_ssl_options_keyfile }}" 24 | - src: "{{ rabbitmq_server_cert }}" 25 | dest: "{{ rabbitmq_conf_ssl_options_certfile }}" 26 | when: rabbitmq_ssl 27 | 28 | - name: generate the configuration of rabbitmq 29 | template: 30 | src=rabbitmq.config.j2 31 | dest=/etc/rabbitmq/rabbitmq.config 32 | owner=rabbitmq 33 | group=rabbitmq 34 | mode=0644 35 | backup=yes 36 | notify: restart rabbitmq-server 37 | 38 | - name: generate environment-specific configuration 39 | template: 40 | src=rabbitmq-env.conf.j2 41 | dest=/etc/rabbitmq/rabbitmq-env.conf 42 | owner=rabbitmq 43 | group=rabbitmq 44 | mode=0644 45 | backup=yes 46 | notify: restart rabbitmq-server 47 | when: rabbitmq_conf_env is defined 48 | -------------------------------------------------------------------------------- /tasks/federation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: active the federation plugin 3 | rabbitmq_plugin: 4 | names=rabbitmq_federation 5 | new_only=yes 6 | register: federation_plugin 7 | 8 | - name: restart RabbitMQ to be able to setup federation 9 | service: 10 | name=rabbitmq-server 11 | state=restarted 12 | when: federation_plugin.changed 13 | 14 | - name: set the federation-upstream parameter 15 | rabbitmq_parameter: 16 | component=federation-upstream 17 | name={{ item.name }} 18 | vhost={{ item.vhost | default('/', false) }} 19 | value=" {{ item.value }} " 20 | with_items: rabbitmq_federation_configuration 21 | 22 | - name: set the policy for the federation 23 | rabbitmq_policy: 24 | name={{ item.name }} 25 | vhost={{ item.vhost | default('/', false) }} 26 | pattern={{ item.pattern }} 27 | tags={{ item.tags }} 28 | with_items: rabbitmq_policy_configuration 29 | 30 | - name: get the version of rabbitmq 31 | shell: rabbitmqctl status | awk '{print $NF}' 32 | register: rabbitmq_version 33 | 34 | # local-username is no longer required with 3.3.0 35 | # http://www.rabbitmq.com/release-notes/README-3.3.0.txt 36 | - name: set the local username for the federation 37 | rabbitmq_parameter: 38 | component=federation 39 | name=local-username 40 | value='"{{ item.local_username | default( 'guest', false ) }}"' 41 | vhost={{ item.vhost | default( '/', false) }} 42 | with_items: rabbitmq_federation_configuration 43 | when: rabbitmq_version.stdout | version_compare('3.3.0', '<') 44 | -------------------------------------------------------------------------------- /tasks/install/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # RabbitMQ official install 4 | - name: "add the official rabbitmq repository's key" 5 | apt_key: url=https://www.rabbitmq.com/rabbitmq-release-signing-key.asc 6 | when: not rabbitmq_os_package 7 | 8 | - name: add the official rabbitmq repository 9 | copy: 10 | src=rabbitmq.list 11 | dest=/etc/apt/sources.list.d/ 12 | backup=yes 13 | register: aptrepo 14 | when: not rabbitmq_os_package 15 | 16 | - name: install rabbitmq-server 17 | apt: name=rabbitmq-server update_cache=yes 18 | 19 | - name: enable rabbitmq-server to survive reboot 20 | service: name=rabbitmq-server enabled=yes 21 | -------------------------------------------------------------------------------- /tasks/install/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Debian install 3 | - include: debian.yml 4 | when: ansible_os_family == 'Debian' 5 | 6 | - include: redhat.yml 7 | when: ansible_os_family == 'RedHat' 8 | -------------------------------------------------------------------------------- /tasks/install/redhat.yml: -------------------------------------------------------------------------------- 1 | - name: install EPEL repository (RedHat) 2 | command: "{{ item }}" 3 | with_items: 4 | - wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 5 | - rpm -Uvh epel-release-6*.rpm 6 | 7 | - name: install rabbitmq-server dependencies (RedHat) 8 | yum: name="{{ item }}" state=present 9 | with_items: 10 | - erlang 11 | - libselinux-python 12 | 13 | - name: install rabbitmq-server (RedHat) 14 | yum: name=http://www.rabbitmq.com/releases/rabbitmq-server/v3.3.5/rabbitmq-server-3.3.5-1.noarch.rpm state=present 15 | 16 | - name: enable rabbitmq-server to survive reboot 17 | service: name=rabbitmq-server enabled=yes 18 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: install/main.yml 3 | - include: configuration.yml 4 | - include: plugins.yml 5 | - include: vhost.yml 6 | - include: federation.yml 7 | when: rabbitmq_federation 8 | -------------------------------------------------------------------------------- /tasks/plugins.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable plugins 3 | rabbitmq_plugin: 4 | names={{ rabbitmq_plugins | join(',') }} 5 | new_only={{ rabbitmq_new_only }} 6 | notify: restart rabbitmq-server 7 | when: rabbitmq_plugins != [] 8 | 9 | - name: get the list of active plugins to disable 10 | command: rabbitmq-plugins list -e -m 11 | register: result 12 | when: rabbitmq_plugins == [] 13 | 14 | - name: disable plugins if none added in the configuration 15 | rabbitmq_plugin: 16 | name={{ item }} 17 | state=disabled 18 | notify: restart rabbitmq-server 19 | with_items: result.stdout_lines 20 | when: rabbitmq_plugins == [] 21 | -------------------------------------------------------------------------------- /tasks/vhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ensure rabbitmq is runned 3 | service: name=rabbitmq-server state=started 4 | 5 | - name: add rabbitmq vhost 6 | rabbitmq_vhost: > 7 | name={{ item.name }} 8 | node={{ item.node | default('rabbit') }} 9 | tracing={{ item.tracing | default('no') }} 10 | state=present 11 | with_items: rabbitmq_vhost_definitions 12 | 13 | - name: add rabbitmq user and set privileges 14 | rabbitmq_user: 15 | user={{ item.user }} 16 | password={{ item.password }} 17 | vhost={{ item.vhost | default('/', false) }} 18 | node={{ item.node | default('rabbit') }} 19 | tags={{ (item.tags | default('')) | join(',') }} 20 | configure_priv={{ item.configure_priv | default('.*') }} 21 | read_priv={{ item.read_priv | default('.*') }} 22 | write_priv={{ item.write_priv | default('.*') }} 23 | state=present 24 | force={{ item.force|default('yes') }} 25 | with_items: rabbitmq_users_definitions 26 | 27 | - name: remove guest user (hostname) 28 | rabbitmq_user: 29 | user=guest 30 | vhost=/ 31 | node="rabbit@{{ ansible_hostname }}" 32 | state=absent 33 | register: rm_guest_hostname 34 | ignore_errors: true 35 | 36 | - name: remove guest user (default) 37 | rabbitmq_user: 38 | user=guest 39 | vhost=/ 40 | state=absent 41 | when: rm_guest_hostname|failed 42 | -------------------------------------------------------------------------------- /templates/rabbitmq-env.conf.j2: -------------------------------------------------------------------------------- 1 | {% for variable,value in rabbitmq_conf_env.iteritems() %} 2 | {{ variable|upper() }}="{{ value }}" 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /templates/rabbitmq.config.j2: -------------------------------------------------------------------------------- 1 | [ 2 | {rabbit, [ 3 | {# 4 | If there is a listenning address defined for the insecure TCP listenner, 5 | declare it. 6 | #} 7 | {% if rabbitmq_conf_tcp_listeners_address != '' %} 8 | {tcp_listeners, [{"{{ rabbitmq_conf_tcp_listeners_address }}", {{ rabbitmq_conf_tcp_listeners_port }}}]}{% if rabbitmq_ssl %}, 9 | {% endif %} 10 | {# 11 | Otherwise, shut down the listenner. 12 | #} 13 | {% else %} 14 | {tcp_listeners, []}{% if rabbitmq_ssl %}, 15 | {% endif %} 16 | {% endif %} 17 | {% if rabbitmq_ssl %} 18 | {ssl_listeners, [{"{{ rabbitmq_conf_ssl_listeners_address }}", {{ rabbitmq_conf_ssl_listeners_port }}}]}, 19 | {ssl_options, [ 20 | {cacertfile, "{{rabbitmq_conf_ssl_options_cacertfile}}"}, 21 | {certfile, "{{rabbitmq_conf_ssl_options_certfile}}"}, 22 | {keyfile, "{{rabbitmq_conf_ssl_options_keyfile}}"}, 23 | {verify, verify_peer}, 24 | {fail_if_no_peer_cert,{{rabbitmq_conf_ssl_options_fail_if_no_peer_cert}}} 25 | ]} 26 | {% endif %} 27 | ]} 28 | ]. 29 | -------------------------------------------------------------------------------- /vagrant/files/rabbitmq_cacert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICxDCCAaygAwIBAgIJAM5KL1DeZGuGMA0GCSqGSIb3DQEBBQUAMBExDzANBgNV 3 | BAMTBlRlc3RDQTAgFw0xMzExMTgxNzQzMzdaGA8yMTIzMDUyNjE3NDMzN1owETEP 4 | MA0GA1UEAxMGVGVzdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 5 | puvlObep8MgJjFIkZrDKENGShvHgMxmG/vB5Zr1NmX6MaMwAkAnhPf1KjAQBhzDg 6 | ou3U/ZbVRzelLZvZI+K4g3yofMRjWCAKO7Xt0X8TZs+zpWIkhJtiwIrUfGXSYeqn 7 | gkYk59nyg/a6N+q6Eaz7tei6Zqg08UDoJ5Scbcuq6iEvy3iv4plSljTWjFtx0nyL 8 | Qfdqw6Tre3wmPMohiZlvnGcA1AueoFBXEG+yd/tjLDJATL58YVPLCTudsYquojn/ 9 | CDEbSHA0LkAOlV6+SpL60JeQwIXZxwRmSI0TfzoIRYB0AUozDCRrqcent166nGOQ 10 | 7ef+Hj02llzR95HJAYaqvQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE 11 | AwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAhE8+nxYDnl3a0+6cIEkVi4yCo4htMzEq 12 | BzQu7IhQuE1QwpoWazrQEnq15r7pC1rXWrkZasdIaU3f8MACkiLrBba+Mb95ZOeg 13 | Rwbwaa32DYkBhRu5qkPWL/j3g6KIttwgu54sw/FWf3xJHsCfifHsMU6jftjNyzAr 14 | mP/QFmNZupbCI/lBSk6nGDxUoTqWkx8u/OuvFwVG3wib529YFPYJJ7v9vtCPJA29 15 | G0Da/hfeYJZSAuNuQf01vv/iT+wlvuDe3X9SyUTaHi1iN8zUSt95bpwqJjKsV1gD 16 | YjyaiixtrzW8oqhcIwL/OvdHisUEQ2SG7hxi5T95W0SvqRCmpMoCWg== 17 | -----END CERTIFICATE----- 18 | -------------------------------------------------------------------------------- /vagrant/files/rabbitmq_server_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC3jCCAcagAwIBAgIBATANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDEwZUZXN0 3 | Q0EwHhcNMTMxMTE4MTc0MzM3WhcNMTQxMTE4MTc0MzM3WjAjMRAwDgYDVQQDDAdj 4 | dGh1bGh1MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 5 | ggEKAoIBAQDKr6/ZMekVVoEnDIiED37dnMZ058k+rW4v605d8gV7n/7pgJlSBwqM 6 | tJkHGj/Uad0HzGDWSt4c4+glebqGKd2Jk7PoTXc4exhTHpYkKF62yDwMevhubWRi 7 | YStcv7ut+nImJn+k6Quy7lr8VBqjkim1Yd6qobb8EAMhQiFAJJO+cJHiZVHzH0l7 8 | ssXGY3+hftirUwUl7RUBbBsityL/hQsdsM4CsaYA3jK0xfBZ1iV7Ev872a3MWCwx 9 | QGZTWSl+aSEOrtBXZqlwxZqCN9DIy9PyXwAHWrWQOSeHhQIxJAlCUOHOOvA1T9RW 10 | br8aKI9jXiV495EwZUIcsOYdAyDJtbmxAgMBAAGjLzAtMAkGA1UdEwQCMAAwCwYD 11 | VR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IB 12 | AQCelHIWGfEdnDnM/wuhbLjXKaQRB8W53p7Jq+m12XM9PnGgGLmFoYWwwfE8z6aX 13 | AIARxuY4IHZyZkDtgBRs97hZ0xQuFdrw0OxaKMUhZbi3LlSWP/jrc0ahubb6wJ7M 14 | /Vm3iGSFqzBg1Ug0PdnHqAV9zlN1xy0KySo5fdO9vs5m2F1phbS0Q6cEtPzy9cFl 15 | P/Ao35TJXOrUHgDNVtKPrHmlH+3EbqWQFrMFlGcksa65xhCx3snupTlSvnxDjB7h 16 | LmWLrKzek0qkd9tHUcs16g9zwKDRBDWDQRr/Oc8vhmR+A+rYf8kewUgAu6D/7Rv/ 17 | nUg/MgDVIwFy1LFQWOIgzNRS 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /vagrant/files/rabbitmq_server_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAyq+v2THpFVaBJwyIhA9+3ZzGdOfJPq1uL+tOXfIFe5/+6YCZ 3 | UgcKjLSZBxo/1GndB8xg1kreHOPoJXm6hindiZOz6E13OHsYUx6WJChetsg8DHr4 4 | bm1kYmErXL+7rfpyJiZ/pOkLsu5a/FQao5IptWHeqqG2/BADIUIhQCSTvnCR4mVR 5 | 8x9Je7LFxmN/oX7Yq1MFJe0VAWwbIrci/4ULHbDOArGmAN4ytMXwWdYlexL/O9mt 6 | zFgsMUBmU1kpfmkhDq7QV2apcMWagjfQyMvT8l8AB1q1kDknh4UCMSQJQlDhzjrw 7 | NU/UVm6/GiiPY14lePeRMGVCHLDmHQMgybW5sQIDAQABAoIBADcuEV++GMi4Xjz1 8 | So05cr5+mgDlwYIQ0Ti2hQVKiHeZnVqQqi0MwbCA0lB+svXvRD+FQq/Ufhe7bE4X 9 | j9JKv4de8NHDlTuJN5wZbaK2YuK8LKzxJYVavsOR1K5RfJTm5ADC5mlNEORLw/WC 10 | KCZz+mrpFCe8EwcYjOGXEVpXGunzW4BCbbI+e1hZjCq2ESbRjGpyWx+2FSfsaYZ3 11 | AohUbmXidjqgNHpVWIiktO4B9RoNFubxYM+LQtrrm1YZPKycc/HlV1B/mbjwlxIL 12 | 2NuLYZlWcEvHmAIMwUxVbDN2BP9vLiK88DD8tf/PWUB/oSa/gK1vm9K59FZccgAd 13 | iHq3WwkCgYEA7Zlc0eiEW/jtYoTL7RFht1q6XCY+QNVsEki2ud8GRr23T35pCBdv 14 | AcD4TrufuNEuLkQHx+E7ZPwBfpzzAaz0J1XzueT/9u8YnPzjWerc9hJOlGAGSzjv 15 | JwMRz9oe8O3oIvZMxYSluUaz429oqEbdLSMPYmijADcmV5M+1oQG9YcCgYEA2mIk 16 | vOzm5JMHcHPsDnYEzn9NihAqf1/GRtoNIzQUuUPPpz/664cYMz+LNJcj/Enm3mXA 17 | ZZqW525uTstAyCWUEwbaPAqX6IizrSl1td02VTaGkY7wf3AZtydn9/zS/BJY/1NH 18 | zP9k7vKczDsFqyjGxI3NpjWrQaJEC3H789XTpQcCgYBeBYhTkF2AP7tAdyhzgaNX 19 | eVGx0XhlE4+WlKuqVfUX3U9C59UMXKmS2hfooBqOekh6CnXBxQFJ7udwgQ8wpI5h 20 | WoP+Ff6sauUkinY1SNlzjr8FvBIBhmAs4ewUgk4oLRzlaO3sY5do/++DmryhiplP 21 | mUYnPRzzot9LXHtLTCes1QKBgE7qtoH7Tjj9lOujSIO1TGlfAaNJ0kGzV5CVDbhS 22 | AscsZSb4bPGeITWr2d9IWv25qw9lT9Cnu66obn5U3vU09zyk9kpKPbkPZXbHC72L 23 | 0i2bBagmMmyrEu/n8p9gItJqwvSJoOHIzS24SMdY8OR4WNQAtndA38FZJSPJrhXg 24 | iJoTAoGBAMZw42U48u3RdV/bUxNFg7oU8wUTV/GndmLr9bZRG0HLMzLWdKe0ZRIC 25 | YtN9vx1zOpdIr8/ro1OFhzVgWLPz09AYw05Ubp9JFwsk3S8h9CZfo0oJ6vEHbr4Q 26 | INN8pz8jRjt2LrPolLn7+sNntrOJUEJKZftGb97fRJ9Biv3FNOVQ 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /vagrant/roles/rabbitmq: -------------------------------------------------------------------------------- 1 | ../../ -------------------------------------------------------------------------------- /vagrant/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: standalone.yml 3 | -------------------------------------------------------------------------------- /vagrant/standalone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: rabbit-standalone 3 | roles: 4 | - role: rabbitmq 5 | rabbitmq_vhost_definitions: 6 | - name: sensu 7 | rabbitmq_users_definitions: 8 | - vhost: sensu 9 | user: sensu 10 | password: placeholder 11 | tags: 12 | - administrator 13 | rabbitmq_federation: true 14 | rabbitmq_federation_configuration: 15 | - name: test 16 | vhost: sensu 17 | value: '{"uri": "amqp://server-name", "expires": 3600000}' 18 | rabbitmq_policy_configuration: 19 | - name: policy 20 | pattern: '.' 21 | vhost: sensu 22 | tags: "federation-upstream-set=all" 23 | tasks: 24 | # Flush outstanding handlers before tests. 25 | - meta: flush_handlers 26 | - include: test_standalone.yml 27 | -------------------------------------------------------------------------------- /vagrant/test_standalone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - shell: netstat -an | grep 0.0.0.0:5672.*LISTEN 3 | register: test_result 4 | ignore_errors: True 5 | - name: rabbitmq should not be listenning to the unencrypted port 6 | assert: 7 | that: 8 | - test_result|failed 9 | 10 | - shell: netstat -an | grep 0.0.0.0:5671.*LISTEN 11 | register: test_result 12 | - name: rabbitmq should be listenning to the ssl port 13 | assert: 14 | that: 15 | - test_result|success 16 | 17 | - shell: rabbitmqctl list_vhosts | grep sensu 18 | register: test_result 19 | - name: ensure the sensu vhost was added 20 | assert: 21 | that: 22 | - "{{ test_result.rc }} == 0" 23 | 24 | - shell: rabbitmqctl list_users | grep sensu 25 | register: test_result 26 | - name: ensure the sensu user was added 27 | assert: 28 | that: 29 | - "{{ test_result.rc }} == 0" 30 | 31 | - shell: rabbitmqctl list_permissions -p sensu | grep ^sensu 32 | register: test_result 33 | - name: ensure the sensu user was added to the sensu vhost 34 | assert: 35 | that: 36 | - "{{ test_result.rc }} == 0" 37 | 38 | - shell: rabbitmq-plugins list | grep 'rabbitmq_federation ' | grep '^\[E\]' | wc -l 39 | register: test_result 40 | - name: ensure federation plugin was installed 41 | assert: 42 | that: 43 | - "{{ test_result.stdout }} == 1" 44 | when: rabbitmq_federation == true 45 | 46 | - shell: rabbitmqctl list_parameters -p sensu | grep ^federation-upstream | grep test | wc -l 47 | register: test_result 48 | - name: ensure federation-upstream parameter set 49 | assert: 50 | that: 51 | - "{{ test_result.stdout }} == 1" 52 | 53 | - shell: rabbitmqctl list_policies -p sensu | grep ^sensu | grep '{"federation-upstream-set":"all"}' | wc -l 54 | register: test_result 55 | - name: ensure federation policy set 56 | assert: 57 | that: 58 | - "{{ test_result.stdout }} == 1" 59 | --------------------------------------------------------------------------------