diff --git a/ansible/library/kolla_toolbox.py b/ansible/library/kolla_toolbox.py index 4d9dd1c02f..276661df29 100644 --- a/ansible/library/kolla_toolbox.py +++ b/ansible/library/kolla_toolbox.py @@ -45,6 +45,11 @@ options: - The extra variables used by the module required: False type: str or dict + user: + description: + - The user to execute Ansible inside kolla_toolbox with + required: False + type: str api_version: description: - The version of the API for docker-py to use when contacting Docker @@ -132,6 +137,7 @@ def main(): module_extra_vars=dict(type='json'), api_version=dict(required=False, type='str', default='auto'), timeout=dict(required=False, type='int', default=180), + user=dict(required=False, type='str'), ) module = AnsibleModule(argument_spec=specs, bypass_checks=True) client = get_docker_client()( @@ -144,6 +150,9 @@ def main(): module.fail_json(msg='kolla_toolbox container is not running.') kolla_toolbox = kolla_toolbox[0] + kwargs = {} + if 'user' in module.params: + kwargs['user'] = module.params['user'] # NOTE(mgoddard): Docker 1.12 has API version 1.24, and was installed by # kolla-ansible bootstrap-servers on Rocky and earlier releases. This API @@ -158,7 +167,7 @@ def main(): environment = {"ANSIBLE_STDOUT_CALLBACK": "json", "ANSIBLE_LOAD_CALLBACK_PLUGINS": "True"} job = client.exec_create(kolla_toolbox, command_line, - environment=environment) + environment=environment, **kwargs) json_output = client.exec_start(job) try: @@ -192,7 +201,7 @@ def main(): # Remove Ansible's internal variables from returned fields. ret.pop('_ansible_no_log', None) else: - job = client.exec_create(kolla_toolbox, command_line) + job = client.exec_create(kolla_toolbox, command_line, **kwargs) output = client.exec_start(job) for exp in [JSON_REG, NON_JSON_REG]: diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 96a2b26a88..2da793ba33 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -340,6 +340,16 @@ notify: - Restart cron container +- name: Ensure RabbitMQ Erlang cookie exists + become: true + copy: + content: "{{ rabbitmq_cluster_cookie }}" + dest: "{{ node_config_directory }}/kolla-toolbox/rabbitmq-erlang.cookie" + mode: "0660" + when: enable_rabbitmq | bool + notify: + - Restart kolla-toolbox container + - name: Ensuring config directories have correct owner and permission become: true file: diff --git a/ansible/roles/common/templates/kolla-toolbox.json.j2 b/ansible/roles/common/templates/kolla-toolbox.json.j2 index 7f0dc05193..1f7a56a9f1 100644 --- a/ansible/roles/common/templates/kolla-toolbox.json.j2 +++ b/ansible/roles/common/templates/kolla-toolbox.json.j2 @@ -1,6 +1,13 @@ { "command": "sleep infinity", - "config_files": [], + "config_files": [ + {% if enable_rabbitmq | bool %}{ + "source": "{{ container_config_directory }}/rabbitmq-erlang.cookie", + "dest": "/var/lib/rabbitmq/.erlang.cookie", + "owner": "rabbitmq", + "perm": "0600" + }{% endif %} + ], "permissions": [ { "path": "/var/log/kolla/ansible.log", diff --git a/ansible/roles/service-rabbitmq/defaults/main.yml b/ansible/roles/service-rabbitmq/defaults/main.yml new file mode 100644 index 0000000000..df99fac879 --- /dev/null +++ b/ansible/roles/service-rabbitmq/defaults/main.yml @@ -0,0 +1,25 @@ +--- +# Role to ensure RabbitMQ configuration exists for a service. + +# Host to delegate task execution to. +service_rabbitmq_delegate_host: "{{ inventory_hostname }}" + +# Whether to run the task on only one host. +service_rabbitmq_run_once: true + +# Condition on which to run the task. +service_rabbitmq_when: true + +# Number of retries for each task. +service_rabbitmq_retries: 5 + +# Delay between task retries. +service_rabbitmq_delay: 10 + +# List of RabbitMQ users to create. Each item should contain the following +# fields: +# 'user' +# 'password' +# 'vhost' +# Virtual hosts in this list will also be created. +service_rabbitmq_users: [] diff --git a/ansible/roles/service-rabbitmq/tasks/main.yml b/ansible/roles/service-rabbitmq/tasks/main.yml new file mode 100644 index 0000000000..d429537e4e --- /dev/null +++ b/ansible/roles/service-rabbitmq/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- block: + - name: "{{ project_name }} | Ensure RabbitMQ vhosts exist" + kolla_toolbox: + module_name: rabbitmq_vhost + module_args: + name: "{{ item }}" + user: rabbitmq + loop: "{{ service_rabbitmq_users | map(attribute='vhost') | unique | reject('equalto', '/') | list }}" + register: service_rabbitmq_result + until: service_rabbitmq_result is success + retries: "{{ service_rabbitmq_retries }}" + delay: "{{ service_rabbitmq_delay }}" + + - name: "{{ project_name }} | Ensure RabbitMQ users exist" + kolla_toolbox: + module_name: rabbitmq_user + module_args: + user: "{{ item.user }}" + password: "{{ item.password }}" + update_password: always + vhost: "{{ item.vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + user: rabbitmq + loop: "{{ service_rabbitmq_users }}" + loop_control: + label: + user: "{{ item.user }}" + vhost: "{{ item.vhost }}" + register: service_rabbitmq_result + until: service_rabbitmq_result is success + retries: "{{ service_rabbitmq_retries }}" + delay: "{{ service_rabbitmq_delay }}" + + become: true + when: service_rabbitmq_when | bool + delegate_to: "{{ service_rabbitmq_delegate_host }}" + run_once: "{{ service_rabbitmq_run_once }}" + tags: + - service-rabbitmq