Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:8:CentOS
ardana-mq
ardana-mq-8.0+git.1605176800.52cccfa.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ardana-mq-8.0+git.1605176800.52cccfa.obscpio of Package ardana-mq
07070100000000000081A40000000000000000000000015FAD0DE00000007E000000000000000000000000000000000000003000000000ardana-mq-8.0+git.1605176800.52cccfa/.gitreview[gerrit] host=gerrit.suse.provo.cloud port=29418 project=ardana/mq-ansible.git defaultremote=ardana defaultbranch=stable/pike 07070100000001000081A40000000000000000000000015FAD0DE00000000C000000000000000000000000000000000000003300000000ardana-mq-8.0+git.1605176800.52cccfa/.rsync-filter- ardana-ci 07070100000002000081A40000000000000000000000015FAD0DE00000279F000000000000000000000000000000000000002D00000000ardana-mq-8.0+git.1605176800.52cccfa/LICENSE Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 07070100000003000081A40000000000000000000000015FAD0DE0000002A6000000000000000000000000000000000000002F00000000ardana-mq-8.0+git.1605176800.52cccfa/README.md (c) Copyright 2015 Hewlett Packard Enterprise Development LP (c) Copyright 2017 SUSE LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. README ====== TODO: Fill in README for rabbitmq playbooks here. 07070100000004000081A40000000000000000000000015FAD0DE000000721000000000000000000000000000000000000003A00000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-change.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Change/update users access for RabbitMQ. - include: rabbitmq-configure-users.yml - hosts: FND-RMQ max_fail_percentage: 0 gather_facts: no roles: - rabbitmq tasks: - include: roles/rabbitmq/tasks/create-working-dirs.yml # Check whether the user has updated the list of RabbitMQ plugins. - include: roles/rabbitmq/tasks/check-plugins.yml # Check whether we are transitioning to TLS. - include: roles/rabbitmq/tasks/check-tls.yml # Write TLS certificates to disk. # Note: We always take details from CP here as during TLS transition in # particular TLS to 'off' we may not have all cert data required. - include: roles/rabbitmq/tasks/write-tls-files.yml when: (rabbitmq_cp.tls_enabled | bool) # Only one of these will operate depending on the state of # ardana_notify_rabbitmq_major_change.changed set during configure # above. - include: _rabbitmq-minor-change.yml - include: _rabbitmq-major-change.yml - hosts: FND-RMQ max_fail_percentage: 0 gather_facts: no roles: - rabbitmq tasks: # Clear all persisted facts relating to RabbitMQ. - include: roles/rabbitmq/tasks/clear-persistant-facts.yml 07070100000005000081A40000000000000000000000015FAD0DE0000013D0000000000000000000000000000000000000004000000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-major-change.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _rabbitmq-neutron-setup.yml # RabbitMQ 3.4.3-3.6.0 workaround rule. - hosts: FND-RMQ gather_facts: no max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: - name: rabbitmq | _rabbitmq-major-change | Set fact rabbitmq_major_change set_fact: _rabbitmq_major_change: "{{ ((ardana_notify_rabbitmq_major_change | default(false)) and ardana_notify_rabbitmq_major_change.changed) }}" # Stop messages entering a node by blocking the '*_listener' ports. Need # to make the cluster go silent to reduce the likelihood of getting an # Erlang Mnesia held lock (OTP-13284). - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (ardana_notify_rabbitmq_workaround_required | default(false)) and ardana_notify_rabbitmq_workaround_required.changed and (_rabbitmq_major_change | bool) # Take the cluster down to a single node for a major configuration change. - hosts: FND-RMQ:!{{ rabbitmq_primary_hostname | default('FND-RMQ--first-member') }} gather_facts: no max_fail_percentage: 0 # IMPORTANT: This is performed one host at a time as we must keep quorum as # we take the cluster down. serial: 1 roles: - iptables - rabbitmq tasks: # Stop messages entering a node by blocking the '*_listener' ports. Need # to do this here to stop traffic entering a node that we are # reconfiguring. This gives early indication to the proxy to move any vips # pointing at the node. - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (_rabbitmq_major_change | bool) - include: roles/rabbitmq/tasks/stop.yml when: (_rabbitmq_major_change | bool) - hosts: "{{ rabbitmq_primary_hostname | default('FND-RMQ--first-member') }}" gather_facts: no max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: # Stop messages entering a node by blocking the '*_listener' ports. Need # to do this here to stop traffic entering a node that we are # reconfiguring. This gives early indication to the proxy to move any vips # pointing at the node. - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (_rabbitmq_major_change | bool) # We do not reset the node as it the only node left form a cluster so we # must maintain its database. - include: roles/rabbitmq/tasks/stop.yml vars: rabbitmq_do_not_reset_node: true when: (not ((ardana_notify_rabbitmq_restart_required | default(false)) and ardana_notify_rabbitmq_restart_required.changed)) and (_rabbitmq_major_change | bool) # At this point we are in the situation where the only running node is the # rabbitmq primary. # Next steps are: # * Write any new config to the system. # * Upgrade all nodes by installing the latest packages if required. # NOTE: This will cause the primary node to be restarted, and perform # the Erlang Mnesia schema change. # * Start all nodes - this will trigger join cluster. # * Remove block on '*_listener' ports. - hosts: FND-RMQ gather_facts: no max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: - include: roles/rabbitmq/tasks/write-configuration.yml when: (_rabbitmq_major_change | bool) - include: roles/rabbitmq/tasks/_write-rabbitmq-env-config.yml when: (_rabbitmq_major_change | bool) - include: roles/rabbitmq/tasks/install.yml when: ((ardana_notify_rabbitmq_restart_required | default(false)) and ardana_notify_rabbitmq_restart_required.changed) and (_rabbitmq_major_change | bool) - include: roles/rabbitmq/tasks/start.yml when: (_rabbitmq_major_change | bool) # Remove block on '*_listener' ports. - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (_rabbitmq_major_change | bool) 07070100000006000081A40000000000000000000000015FAD0DE0000010C5000000000000000000000000000000000000004000000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-minor-change.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _rabbitmq-neutron-setup.yml # RabbitMQ 3.4.3-3.6.0 workaround rule. - hosts: FND-RMQ gather_facts: no max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: - include: roles/rabbitmq/tasks/write-configuration.yml when: (not ((ardana_notify_rabbitmq_major_change | default(false)) and ardana_notify_rabbitmq_major_change.changed)) - include: roles/rabbitmq/tasks/_write-rabbitmq-env-config.yml when: (not ((ardana_notify_rabbitmq_major_change | default(false)) and ardana_notify_rabbitmq_major_change.changed)) - name: rabbitmq | _rabbitmq-minor-change | Set fact rabbitmq_minor_change set_fact: _rabbitmq_minor_change: "{{ (not ((ardana_notify_rabbitmq_major_change | default(false)) and ardana_notify_rabbitmq_major_change.changed)) and (((ardana_notify_rabbitmq_reset_required | default(false)) and ardana_notify_rabbitmq_reset_required.changed) or ((ardana_notify_rabbitmq_restart_required | default(false)) and ardana_notify_rabbitmq_restart_required.changed)) }}" # Stop messages entering a node by blocking the '*_listener' ports. Need # to make the cluster go silent to reduce the likelihood of getting an # Erlang Mnesia held lock (OTP-13284). - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (_rabbitmq_minor_change | bool) - hosts: FND-RMQ gather_facts: no max_fail_percentage: 0 # IMPORTANT: This is performed one host at a time to keep cluster running. serial: 1 roles: - iptables - rabbitmq tasks: # Stop messages entering a node by blocking the '*_listener' ports. Need # to do this here to stop traffic entering a node that we are # reconfiguring. This gives early indication to the proxy to move any vips # pointing at the node. - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (_rabbitmq_minor_change | bool) - include: roles/rabbitmq/tasks/stop.yml when: (_rabbitmq_minor_change | bool) - include: roles/rabbitmq/tasks/install.yml when: (_rabbitmq_minor_change | bool) and ((ardana_notify_rabbitmq_restart_required | default(false)) and ardana_notify_rabbitmq_restart_required.changed) - include: roles/rabbitmq/tasks/start.yml when: (_rabbitmq_minor_change | bool) # Remove block on '*_listener' ports. - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (not ((ardana_notify_rabbitmq_workaround_required | default(false)) and ardana_notify_rabbitmq_workaround_required.changed)) and (_rabbitmq_minor_change | bool) # RabbitMQ 3.4.3-3.6.0 workaround rule. - hosts: FND-RMQ gather_facts: no max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" when: (ardana_notify_rabbitmq_workaround_required | default(false)) and ardana_notify_rabbitmq_workaround_required.changed and (_rabbitmq_minor_change | bool) 07070100000007000081A40000000000000000000000015FAD0DE0000002ED000000000000000000000000000000000000004100000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-neutron-setup.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: FND-RMQ:&NEU-* roles: - neutron-common tasks: - include: roles/neutron-common/tasks/_create_iptables_lockfile.yml 07070100000008000081A40000000000000000000000015FAD0DE0000004DC000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-upgrade-packages.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Validate play and lock any configuration required. - include: _rabbitmq-validate.yml - hosts: FND-RMQ max_fail_percentage: 0 gather_facts: no roles: - rabbitmq tasks: # Sets-up 'check-upgraded-pkgs' value. - include: roles/ardana-upgrade-tools/tasks/pkg-query.yml # based on the result of 'check-upgraded-pkgs' # ardana_notify_rabbitmq_major_change.changed may be set here to determine # which upgrade is run in _rabbitmq_change below. - include: roles/rabbitmq/tasks/check-upgraded-pkgs.yml # Change the RabbitMQ configuration. - include: _rabbitmq-change.yml 07070100000009000081A40000000000000000000000015FAD0DE00000036D000000000000000000000000000000000000003C00000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-validate.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: FND-RMQ max_fail_percentage: 0 roles: - rabbitmq - role: validate-cluster-limit validate_cluster_limit_verb_hosts: "{{ rabbitmq_cp.group_name }}" tasks: - include: roles/rabbitmq/tasks/lock_config.yml 0707010000000A000041ED0000000000000000000000045FAD0DE000000000000000000000000000000000000000000000002F00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci0707010000000B000041ED0000000000000000000000035FAD0DE000000000000000000000000000000000000000000000003700000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project0707010000000C000041ED0000000000000000000000035FAD0DE000000000000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model0707010000000D000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data0707010000000E000081A40000000000000000000000015FAD0DE00000092A000000000000000000000000000000000000005A00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/control_plane.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 control-planes: - name: cp1 control-plane-prefix: cp1 failure-zones: - AZ1 common-service-components: - lifecycle-manager-target load-balancers: - provider: ip-cluster name: lb components: - default roles: - internal - admin - provider: ip-cluster name: extlb external-name: myardana-cp1.test components: - default roles: - public clusters: - name: cluster0 cluster-prefix: c0 server-role: - SERVER1-ROLE member-count: 1 allocation-policy: strict service-components: - lifecycle-manager-target - lifecycle-manager - rabbitmq - keystone-api - mysql - ip-cluster - name: cp2 uses: - from: cp1 service-components: - all control-plane-prefix: cp2 failure-zones: - AZ1 - AZ2 - AZ3 common-service-components: - lifecycle-manager-target load-balancers: - provider: ip-cluster name: lb components: - default roles: - internal - admin clusters: - name: cluster1 cluster-prefix: c1 server-role: - SERVER2-ROLE - SERVER3-ROLE - SERVER4-ROLE member-count: 3 allocation-policy: strict service-components: - ntp-server - rabbitmq - ip-cluster 0707010000000F000081A40000000000000000000000015FAD0DE00000051E000000000000000000000000000000000000005B00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/network_groups.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 network-groups: - name: ARDANA hostname-suffix: ardana component-endpoints: - lifecycle-manager - lifecycle-manager-target - name: MANAGEMENT hostname-suffix: mgmt hostname: true tags: - neutron.networks.vxlan - neutron.networks.vlan: provider-physical-network: physnet1 # tls-component-endpoints: # - barbican-api component-endpoints: - default # routes: # - default load-balancers: - lb - extlb - name: EXTERNAL-VM tags: - neutron.l3_agent.external_network_bridge 07070100000010000081A40000000000000000000000015FAD0DE000000378000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/regions.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 regions: - name: region1 includes: - control-plane: cp1 services: - all - name: region2 includes: - control-plane: cp2 services: - all 07070100000011000081A40000000000000000000000015FAD0DE0000006C9000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/servers.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 baremetal: netmask: 255.255.255.0 subnet: 192.168.110.0 server-interface: eth2 servers: - id: server1 ip-addr: 192.168.110.3 role: SERVER1-ROLE server-group: RACK1 mac-addr: a4:93:0c:4f:7c:73 nic-mapping: VAGRANT ilo-ip: 192.168.109.3 ilo-password: password ilo-user: admin - id: server2 ip-addr: 192.168.110.4 role: SERVER2-ROLE server-group: RACK1 mac-addr: b2:72:8d:ac:7c:6f nic-mapping: VAGRANT ilo-ip: 192.168.109.4 ilo-password: password ilo-user: admin - id: server3 ip-addr: 192.168.110.5 role: SERVER3-ROLE server-group: RACK2 mac-addr: 8a:8e:64:55:43:76 nic-mapping: VAGRANT ilo-ip: 192.168.109.5 ilo-password: password ilo-user: admin - id: server4 ip-addr: 192.168.110.6 role: SERVER4-ROLE server-group: RACK3 mac-addr: 9a:9e:64:55:43:67 nic-mapping: VAGRANT ilo-ip: 192.168.109.5 ilo-password: password ilo-user: admin 07070100000012000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests07070100000013000081ED0000000000000000000000015FAD0DE0000004A8000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/change-input-model.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # cd ~/ardana-ci-tests if [ -d ardana-input-model ]; then cd ardana-input-model git checkout $1 cd ../ else git clone -b $1 http://git.suse.provo.cloud/ardana/ardana-input-model fi cp -r ardana-input-model/2.0/services/ ~/openstack/ardana/services/ cd ~/ardana git add -A git commit -m "My config" cd ~/openstack/ardana/ansible/ ansible-playbook -i hosts/localhost config-processor-run.yml -e encrypt="" \ -e rekey="" ansible-playbook -i hosts/localhost ready-deployment.yml cd ~/scratch/ansible/next/ardana/ansible 07070100000014000081A40000000000000000000000015FAD0DE0000004D3000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/change-repo.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: FND-RMQ tasks: - name: create 192_168_10_3_79_ardana_sources.list become: yes file: path: /etc/apt/sources.list.d/192_168_10_3_79_ardana_sources.list state: touch - name: change apt-repo become: yes lineinfile: dest: /etc/apt/sources.list.d/192_168_10_3_79_ardana_sources.list line: "deb [arch=amd64] http://apt.suse.provo.cloud/apt/hlinux-deejay.us.rdlabs.hpecorp.net/hLinuxArchive/{{ repo }} cattleprod main contrib non-free" - name: install aptitude become: yes apt: name: aptitude update_cache: yes 07070100000015000081A40000000000000000000000015FAD0DE0000005C4000000000000000000000000000000000000005000000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/check-persistent-cache.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: FND-RMQ roles: - rabbitmq tasks: - name: ardana-ci | check-persistent-state | fail if facts are defined fail: msg: "fact cache hasnt been cleared" when: (ardana_notify_rabbitmq_reset_required is defined and ardana_notify_rabbitmq_reset_required.changed) or (ardana_notify_rabbitmq_restart_required.changed and ardana_notify_rabbitmq_restart_required is defined) or (ardana_notify_rabbitmq_stop_forced is defined and ardana_notify_rabbitmq_stop_forced.changed) or (ardana_notify_rabbitmq_major_change is defined and ardana_notify_rabbitmq_major_change.changed) or (ardana_notify_rabbitmq_workaround_required is defined and ardana_notify_rabbitmq_workaround_required.changed) 07070100000016000081ED0000000000000000000000015FAD0DE0000002BD000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/check-user.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # sudo rabbitmqctl list_users | grep stack exit $? 07070100000017000081ED0000000000000000000000015FAD0DE00000036A000000000000000000000000000000000000003F00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/copy.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # cp ~/ardana-ci-tests/$1 ~/scratch/ansible/next/ardana/ansible if [ -n "$2" ] then ansible-playbook -i hosts/verb_hosts $1 -e $2 else ansible-playbook -i hosts/verb_hosts $1 fi rm ~/scratch/ansible/next/ardana/ansible/$1 07070100000018000081A40000000000000000000000015FAD0DE00000033E000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/pwd_change_cp1.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- rmq_keystone_password: value: "mynewpassword" metadata: - clusters: - cluster0 component: keystone consumes: rabbitmq consuming-cp: cp1 cp: cp1 version: '2.0' 07070100000019000081A40000000000000000000000015FAD0DE000000355000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/pwd_change_cp2.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- rmq_keystone_password: rmq_keystone_password: value: "mynewpassword" metadata: - clusters: - cluster1 component: keystone consumes: rabbitmq consuming-cp: cp2 cp: cp2 version: '2.0' 0707010000001A000081ED0000000000000000000000015FAD0DE000000359000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/remove-rabbit.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # cd ~/scratch/ansible/next/ardana/ansible ansible-playbook rabbitmq-remove.yml --limit *cp1* ansible-playbook rabbitmq-remove.yml --limit *cp2* source ~/ardana-ci-tests/copy.bash remove-sources.list.yml 0707010000001B000081A40000000000000000000000015FAD0DE0000002F6000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/remove-sources.list.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: FND-RMQ tasks: - name: delete sources.list become: yes shell: rm -f /etc/apt/sources.list.d/* 0707010000001C000081A40000000000000000000000015FAD0DE000004AD9000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/test-plan.yaml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: remove-rabbit logfile: testsuite-remove.log prefix: remove exec: - remove-rabbit.bash - name: Update conf file change logfile: test6-update-conf-all.log prefix: update-conf-all exec: - update-conf.bash '/rabbitmq_top/{s/^/#/}' ./rabbitmq/main.yml - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=hos2.0.2_ga-0 ### TODO: Although Ardana doesn't have mitaka release, we keep this section for ### futher investigation in the future. # currently dont have a way to use old service defs # due to older changes not being compatible with multi-cp # in future comment this out and set mitaka release #- name: change service definitions # logfile: testsuite-upgrade.log # prefix: update-service-def # exec: # - change-input-model.bash kilo_release_branch - name: deploy rabbit 3.4.3 logfile: testsuite-upgrade.log prefix: deploy-3.4 playbooks: - rabbitmq-deploy.yml - name: create-user logfile: testsuite-upgrade.log prefix: create-user exec: - sudo rabbitmqctl add_user stack stack - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2015/hos3.0_alpha-0 - name: test major upgrade limit 3.5.4 logfile: testsuite-upgrade.log prefix: upgrade playbooks: - rabbitmq-upgrade.yml --limit *cp1* - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: Validate cache is clear logfile: testsuite-clear-cache prefix: validate-cache exec: - copy.bash check-persistent-cache.yml - name: Validate db exists logfile: testsuite-upgrade prefix: validate-db exec: - check-user.bash # can only run bash scripts on one hosts current - name: test rabbitmq-server version logfile: testsuite-upgrade.log prefix: upgrade exec: - validate-upgrade.bash 3.5.4-3.1 # workaround: can not run full upgrade after running with limit - name: remove-rabbit logfile: testsuite-remove.log prefix: remove exec: - remove-rabbit.bash - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2016/hos2.0.2_ga-0 - name: deploy rabbit 3.4.3 logfile: testsuite-upgrade.log prefix: deploy-3.4 playbooks: - rabbitmq-deploy.yml - name: create-user logfile: testsuite-upgrade.log prefix: create-user exec: - sudo rabbitmqctl add_user stack stack - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2015/hos3.0_alpha-0 ######### - name: test major upgrade 3.5.4 no errlang change logfile: testsuite-upgrade.log prefix: upgrade playbooks: - rabbitmq-upgrade.yml - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2016/hos2.1.6_ga-0 - name: test major upgrade 3.6.1 - errlang major logfile: testsuite-upgrade.log prefix: upgrade playbooks: - rabbitmq-upgrade.yml --limit *cp1* - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: Validate cache is clear logfile: testsuite-clear-cache prefix: validate-cache exec: - copy.bash check-persistent-cache.yml - name: Validate db exists logfile: testsuite-upgrade prefix: validate-db exec: - check-user.bash - name: test rabbitmq-server version logfile: testsuite-upgrade.log prefix: upgrade exec: - validate-upgrade.bash 3.6.1-1+hlinux2 # workaround: can not run full upgrade after running with limit - name: remove-rabbit logfile: testsuite-remove.log prefix: remove exec: - remove-rabbit.bash - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2015/hos3.0_alpha-0 - name: deploy rabbit 3.5.4 logfile: testsuite-upgrade.log prefix: deploy-3.5 playbooks: - rabbitmq-deploy.yml - name: create-user logfile: testsuite-upgrade.log prefix: create-user exec: - sudo rabbitmqctl add_user stack stack - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2016/hos2.1.6_ga-0 ######## - name: test major upgrade 3.6.1 logfile: testsuite-upgrade.log prefix: upgrade playbooks: - rabbitmq-upgrade.yml - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2016/hos4.0_beta-3 - name: test minor upgrade no erlang change logfile: testsuite-upgrade.log prefix: upgrade playbooks: - rabbitmq-upgrade.yml --limit *cp1* - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: Validate cache is clear logfile: testsuite-clear-cache prefix: validate-cache exec: - copy.bash check-persistent-cache.yml - name: Validate db exists logfile: testsuite-upgrade prefix: validate-db exec: - check-user.bash - name: test rabbitmq-server version logfile: testsuite-upgrade.log prefix: upgrade exec: - validate-upgrade.bash 3.6.3-1+hpelinux1 # workaround: can not run full upgrade after running with limit - name: remove-rabbit logfile: testsuite-remove.log prefix: remove exec: - remove-rabbit.bash - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2016/hos2.1.6_ga-0 - name: deploy rabbit 3.6.1 logfile: testsuite-upgrade.log prefix: deploy-3.6.1 playbooks: - rabbitmq-deploy.yml - name: create-user logfile: testsuite-upgrade.log prefix: create-user exec: - sudo rabbitmqctl add_user stack stack - name: update apt repo logfile: testsuite-upgrade.log prefix: remove exec: - copy.bash change-repo.yml repo=2016/hos4.0_beta-3 - name: Update conf file change logfile: test6-update-conf-all.log prefix: update-conf-all exec: - update-conf.bash '/rabbitmq_top/{s/^#//}' ./rabbitmq/main.yml ######### - name: test minor upgrade no erlang change logfile: testsuite-upgrade.log prefix: upgrade playbooks: - rabbitmq-upgrade.yml - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Singleton Tests # Test stop start/ one rabbit /singleton cluster - name: Test stop one rabbit on singleton Cluster logfile: test1-stop.log prefix: stop-rabbit-one-singleton playbooks: - rabbitmq-stop.yml --limit=project-cp1-c0-m1-mgmt - name: Validate rabbit Down logfile: test1-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Test start one node logfile: test1-start-one.log prefix: start-rabbit-one-singleton playbooks: - rabbitmq-start.yml --limit=project-cp1-c0-m1-mgmt - name: Validate rabbit up logfile: test1-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Test stop start/ one rabbit /Multi node cluster - name: Test stop one rabbit on Multi-Node Cluster logfile: test2-stop-one-multi.log prefix: stop-rabbit-one-multi playbooks: - rabbitmq-stop.yml --limit=project-cp2-c1-m1-mgmt - name: Test start one rabbit on Multi-Node Cluster logfile: test2-start-one-multi.log prefix: start-rabbit-one-multi playbooks: - rabbitmq-start.yml --limit=project-cp2-c1-m1-mgmt - name: Validate rabbit Up logfile: test2-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Test stop start/ all rabbits in single cp /Multi node cluster # Must add flag as default case is stop on one host only # default stop will give "unsafe to stop on all hosts at once" - name: Test stop all rabbits on Multi-Node Cluster logfile: test3-stop-all-multi.log prefix: stop-rabbit-all-multi playbooks: - rabbitmq-stop.yml --limit=*cp2* -e "rabbitmq_do_not_reset_node=true" - name: Validate rabbit Down logfile: test3-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Test start all rabbits on Multi-Node Cluster logfile: test3-start-all-multi.log prefix: start-rabbit-all-multi playbooks: - rabbitmq-start.yml --limit=*cp2* - name: Validate rabbit Up logfile: test3-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Test stop start/ all rabbits in all control planes - name: Test stop all rabbits on all control planes logfile: test4-stop-all-cps.log prefix: stop-rabbit-all playbooks: - rabbitmq-stop.yml -e "rabbitmq_do_not_reset_node=true" - name: Validate rabbit Down logfile: test4-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Test start all rabbits in all control planes logfile: test4-start-all-cps.log prefix: start-rabbit-all playbooks: - rabbitmq-start.yml - name: Validate rabbit Up logfile: validate-rabbit-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Test Noop Reconfigure - name: Test Noop reconfigure logfile: test5-reconfigure-noop.log prefix: reconfigure-noop playbooks: - rabbitmq-reconfigure.yml - name: Validate cache is clear logfile: testsuite-clear-cache prefix: validate-cache exec: - copy.bash check-persistent-cache.yml - name: Validate db exists logfile: testsuite-upgrade prefix: validate-db exec: - check-user.bash # Test rabbit is up - This should test that rabbit has not restarted (TBD) - name: Validate rabbit logfile: test5-validate-up prefix: validate-rabbit exec: - validate-rabbit-up.bash - name: Update conf file change logfile: test6-update-conf-all.log prefix: update-conf-all exec: - update-conf.bash 's/{disk_free_limit, {{ rabbitmq_config.disk_free_limit }}}/{disk_free_limit, 500000000}/g' ./rabbitmq/rabbitmq.config.j2 - name: Test reconfigure conf file change logfile: test6-reconfigure-all.log prefix: reconfigure-conf-all playbooks: - rabbitmq-reconfigure.yml - name: Validate cache is clear logfile: testsuite-clear-cache prefix: validate-cache exec: - copy.bash check-persistent-cache.yml - name: Validate db exists logfile: testsuite-upgrade prefix: validate-db exec: - check-user.bash - name: Test Conf File change logfile: test7-test-conf.log prefix: test-rabbit-conf exec: - test-rabbit-conf.bash cp1 disk_free_limit 500000000 - name: Update conf file change for limit test logfile: test8-update-conf-limit.log prefix: update-conf-limited exec: - update-conf.bash 's/{disk_free_limit, 500000000}/{disk_free_limit, {{ rabbitmq_config.disk_free_limit }}}/g' ./rabbitmq/rabbitmq.config.j2 - name: Test reconfigure conf Limit to Single Control Plane logfile: test8-reconfigure-limit.log prefix: reconfigure-conf-limited playbooks: - rabbitmq-reconfigure.yml --limit=*cp1* - name: Validate cache is clear logfile: testsuite-clear-cache prefix: validate-cache exec: - copy.bash check-persistent-cache.yml - name: Validate db exists logfile: testsuite-upgrade prefix: validate-db exec: - check-user.bash # Currently exec only runs on the deployer so the second exec cannot # actually check the state of cp2 here . TBD we need a way to # run command on multiple hosts in the cluster not just on deployer # ideally this should be part of the test harness - name: Test Conf File change logfile: test8-test-conf-limited.log prefix: test-conf-limited exec: - test-rabbit-conf.bash cp1 disk_free_limit 1000000000 - test-rabbit-conf.bash cp2 disk_free_limit 500000000 - name: Test - Reset to original disk_free_limit on all cps logfile: test8-reconfigure-all.log prefix: reconfigure-conf-limited playbooks: - rabbitmq-reconfigure.yml - name: Update password for single control plane logfile: test9-update-pwd-change.log prefix: update-pwd exec: - update-pwd.bash ~/ardana-ci-tests/pwd_change_cp1.yml # Confirm with Nick what the difference is with # configure users - name: Test reconfigure password change logfile: test9-reconfigure-pwd-change.log prefix: reconfigure-password-change playbooks: - rabbitmq-reconfigure-credentials.yml - name: Test Password Change Result - Validate Rabbit up logfile: test9-validate-rabbit-up.log prefix: test-conf-limited exec: - validate-rabbit-up.bash - name: Test Pasword change Result - Validate access to keystone logfile: test9-test-rmq-access.log prefix: test-conf-limited exec: - test-rmq-access.bash cp1 rmq_keystone_user mynewpassword # TBD - We need to configure another service on the second # control plane to do this testing # # Currently only have user on one control plane because # only have a rabbit service ( ie keystone ) on one control plane # # - name: Update password for all control planes # logfile: testsuite-reconfigure-pwd-change.log # prefix: update-pwd # exec: # - update-pwd.bash ~/ardana-ci-tests/pwd_change_cp1.yml # - update-pwd.bash ~/ardana-ci-tests/pwd_change_cp2.yml #- name: Test reconfigure password change # logfile: testsuite-reconfigure-pwd-change.log # prefix: reconfigure-password-change-all # playbooks: # - rabbitmq-reconfigure-credentials.yml --limit=*cp2* #- name: Test Password change Result - Access to keystone # logfile: testsuite-reconfigure-pwd-change.log # prefix: test-conf-limited # exec: # - validate-rabbit-up.bash # Currently exec only runs this on the deplouyer so this does not really # check cp2 #- name: Test Password change Result - Password on control planes # logfile: testsuite-reconfigure-conf-change.log # prefix: test-conf-limited # exec: # - test-rmq-access.bash cp2 rmq_keystone_user mynewpassword # Reboot Tests - Single Host reboots TBD check if test harness has # long enough sleep as next test failing occassionally without sleep - name: Test reboot server2 logfile: test10-reboot.log prefix: reboot-server2 vms: - reboot: server2 - name: Test reboot server2 logfile: test10-sleep.log prefix: sleep-for-1 exec: - sleep 60 # Note here rabbit does not start on reboot so you have to explictly # start it - name: Test we are down logfile: test10-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Start rabbit on server2 logfile: test10-start-rabbit-limit.log prefix: start-on-server2 playbooks: - rabbitmq-start.yml --limit=project-cp2-c1-m1-mgmt # This is the same as the previous test just # is testing a 2nd server reboot in sequence # with the first one which can sometimes be a useful test - name: Test reboot server3 logfile: test11-reboot.log prefix: reboot-server3 vms: - reboot: server3 - name: Test reboot server3 logfile: test11-sleep.log prefix: sleep-for-1 exec: - sleep 60 # Note here rabbit does not start on reboot so you have to explictly # start it - name: Test we are down logfile: test11-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Start rabbit on server3 logfile: test11-start-rabbit.log prefix: start-on-server3 playbooks: - rabbitmq-start.yml --limit=project-cp2-c1-m2-mgmt - name: Test we are up logfile: test11-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash - name: Test reboot - Singleton rabbit cluster reboot server here logfile: test12-reboot-singleton.log prefix: reboot-singleton vms: - reboot: server1 - name: Test reboot server1 logfile: test12-sleep.log prefix: sleep-for-1 exec: - sleep 60 # Note here rabbit does not start on reboot so you have to explictly # start it - name: Test we are down logfile: test12-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Start rabbit on server1 logfile: test12-start-limited.log prefix: start-on-server1 playbooks: - rabbitmq-start.yml --limit=project-cp1-c0-m1-mgmt - name: Test we are up logfile: test12-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Test remove node - name: Test remove rabbit on server2 logfile: test13-remove.log prefix: remove-rabbit-one playbooks: - rabbitmq-remove.yml --limit=project-cp2-c1-m1-mgmt # TBD this needs to test rabbit ok on other 2 hosts - name: Test we are down on that host logfile: test13-validate-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Test depooy rabbit on server2 logfile: test13-deploy-one-limit.log prefix: deploy-rabbit-one playbooks: - rabbitmq-deploy.yml --limit=project-cp2-c1-m1-mgmt - name: Test we are up on that host logfile: test13-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # Test Blow away/disaster recovery - name: Test stop all rabbits on all control planes logfile: test13-stop-permit-multi.log prefix: stop-rabbit-all playbooks: - rabbitmq-stop.yml --limit=*cp2* -e "rabbitmq_permit_multi_stop=true" - name: Validate rabbit Down logfile: test13-validate-rabbit-down.log prefix: validate-rabbit-down exec: - validate-rabbit-down.bash - name: Validate rabbit Up on cp1 logfile: test13-validate-rabbit-up.log prefix: validate-rabbit-up playbooks: - rabbitmq-status.yml --limit=*cp1* - name: Test disaster recovery in one control planes logfile: test13-disaster-recovery.log prefix: start-rabbit-all playbooks: - rabbitmq-disaster-recovery.yml --limit=*cp2* - name: Validate rabbit Up logfile: test13-validate-up.log prefix: validate-rabbit-up exec: - validate-rabbit-up.bash # TBD - lots more tests to be done, would be useful # to be able to add upgrade in here e.g. # Test more rabbit operations # Test no op upgrade # Test upgrade # Test configure Monasca # Also we need to be able to add a pattern for checking # all hosts not just the deployer host in tests...need a mechanism # for this in the test harness 0707010000001D000081ED0000000000000000000000015FAD0DE000000515000000000000000000000000000000000000004B00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/test-rabbit-conf.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # e.g # test-rabbit-conf cp1 slow_query_log ON # tests if slow_query_log is set ON on cp1 and # NOT set ON elsewhere if this is run elsewhere # Currently only run on the deployer set -vx echo " $1 $2 $3" cnfstatus=0 if [[ $(hostname) == *"$1"* ]] then sudo rabbitmqctl status 2>/dev/null | awk '/$2/ {match($0, /[0-9]+/); print substr( $0, RSTART, RLENGTH )} | grep $3' if [[ $? == 1 ]] then cnfstatus=1 fi fi if [[ $(hostname) != *"$1"* ]] then sudo rabbitmqctl status 2>/dev/null | awk '/$2/ {match($0, /[0-9]+/); print substr( $0, RSTART, RLENGTH )} | grep $3' if [[ $? == 0 ]] then cnfstatus=1 fi fi exit $cnfstatus 0707010000001E000081ED0000000000000000000000015FAD0DE0000004BF000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/test-rmq-access.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Usage: test-rmq-access.bash cp1 rmq_keystone_user mynewpassword set -vx echo " $1 $2 $3" cnfstatus=0 if [[ $(hostname) == *"$1"* ]] then sudo rabbitmqctl authenticate_user $2 $3 | grep Success if [[ $? == 1 ]] then cnfstatus=1 fi fi # This test currently doesnt actually run but its # setup to assume if user is on a different cp # it wont have the same creds. (may not be what we want) if [[ $(hostname) != *"$1"* ]] then sudo rabbitmqctl authenticate_user $2 $3 | grep Success if [[ $? == 0 ]] then cnfstatus=1 fi fi exit $cnfstatus 0707010000001F000081ED0000000000000000000000015FAD0DE000000402000000000000000000000000000000000000004600000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/update-conf.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # set -vxe echo "Changing $1 in $2" pushd ~/openstack/my_cloud/config sed -e "$1" -i "$2" --follow-symlinks git add -A git commit --allow-empty -m "My Config Change" pushd ~/openstack/ardana/ansible/ ansible-playbook -i hosts/localhost config-processor-run.yml -e encrypt="" \ -e rekey="" ansible-playbook -i hosts/localhost ready-deployment.yml popd popd 07070100000020000081ED0000000000000000000000015FAD0DE000000401000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/update-pwd.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # set -evx cp $1 ~/ardana/change_credentials/ pushd ~/openstack/ardana/ansible/ # Next two lines should not be necessary but are, checking why git add -A git commit --allow-empty -m "My Config Change" ansible-playbook -i hosts/localhost config-processor-run.yml -e encrypt="" \ -e rekey="" ansible-playbook -i hosts/localhost ready-deployment.yml popd 07070100000021000081ED0000000000000000000000015FAD0DE000000373000000000000000000000000000000000000004F00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/validate-rabbit-down.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # ansible-playbook -i hosts/verb_hosts rabbitmq-status.yml rabbit_test_status=$? echo "Rabbit Test Status is $rabbit_test_status" if [ $rabbit_test_status -eq 0 ] then echo "Fail, Expected Rabbit Down!" exit 1 else echo "OK" fi 07070100000022000081ED0000000000000000000000015FAD0DE00000035C000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/validate-rabbit-up.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # ansible-playbook -i hosts/verb_hosts rabbitmq-status.yml rabbit_test_status=$? echo "Rabbit Test Status is $rabbit_test_status" if [ $rabbit_test_status -eq 0 ] then echo "Ok" else echo "Fail" exit 1 fi 07070100000023000081ED0000000000000000000000015FAD0DE000000332000000000000000000000000000000000000004B00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/validate-upgrade.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # set -vx version=`sudo dpkg -l | grep rabbitmq-server | awk '{print $3}'` if [[ $version == $1 ]] then upgradestatus=0 else upgradestatus=1 fi exit $upgradestatus 07070100000024000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000002C00000000ardana-mq-8.0+git.1605176800.52cccfa/config07070100000025000081A40000000000000000000000015FAD0DE0000004A4000000000000000000000000000000000000004000000000ardana-mq-8.0+git.1605176800.52cccfa/config/rabbit-symlinks.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # The following relative symlinks are created under the # my_cloud/config directory. --- symlinks: rabbitmq/erlang.cookie.j2: roles/rabbitmq/templates/erlang.cookie.j2 rabbitmq/rabbitmq.config.j2: roles/rabbitmq/templates/rabbitmq.config.j2 rabbitmq/rabbitmq-env.conf.j2: roles/rabbitmq/templates/rabbitmq-env.conf.j2 rabbitmq/rabbitmq-server.logrotate.j2: roles/rabbitmq/templates/rabbitmq-server.logrotate.j2 rabbitmq/main.yml: roles/rabbitmq/defaults/main.yml rabbitmq-monasca/main.yml: roles/rabbitmq-monasca/defaults/main.yml 07070100000026000081A40000000000000000000000015FAD0DE000000354000000000000000000000000000000000000004200000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-configure-users.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Configure the RabbitMQ uses that can access RabbitMQ and there user rights. - hosts: FND-RMQ max_fail_percentage: 0 roles: - rabbitmq tasks: - include: roles/rabbitmq/tasks/configure-users.yml 07070100000027000081A40000000000000000000000015FAD0DE000000AF7000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-deploy.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _rabbitmq-neutron-setup.yml - hosts: FND-RMQ max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: - include: roles/rabbitmq/tasks/pre-configure.yml - include: roles/rabbitmq/tasks/create-working-dirs.yml # Write TLS certificates to disk. # Note: We always take details from CP here. - include: roles/rabbitmq/tasks/write-tls-files.yml when: (rabbitmq_cp.tls_enabled | bool) - include: roles/rabbitmq/tasks/write-configuration.yml # Stop messages entering a node by blocking the '*_listener' ports. Need # to do this here as the installation of RabbitMQ starts the service before # the cluster has been formed. - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" - include: roles/rabbitmq/tasks/install.yml # In deploy we check if the pre-configuration has changed if it has (by # checking 'ardana_notify_rabbitmq_reset_required.changed' or # 'ardana_notify_rabbitmq_stop_forced.changed') then we 'force_reset' to # make sure we are clean on a new run, so we remove all messages and DB # config non-gracefully. - include: roles/rabbitmq/tasks/stop.yml vars: rabbitmq_reset_option: force_reset when: ardana_notify_rabbitmq_reset_required.changed or ardana_notify_rabbitmq_stop_forced.changed - include: roles/rabbitmq/tasks/start.yml # Set-up users access for RabbitMQ. - include: rabbitmq-configure-users.yml # Set-up Monasca agent for RabbitMQ. - include: rabbitmq-monasca-configure.yml - hosts: FND-RMQ gather_facts: no max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: # Remove block on '*_listener' ports. - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" - include: roles/rabbitmq/tasks/status.yml # Clear all persisted facts relating to RabbitMQ. - include: roles/rabbitmq/tasks/clear-persistant-facts.yml 07070100000028000081A40000000000000000000000015FAD0DE0000003DB000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-disaster-recovery.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # During a disaster recovery of RabbitMQ we leave in-place the current # Monasca set-up so monitoring can see RabbitMQ state. # Note: This conviantly models the state were Monasca is not used. - include: rabbitmq-remove.yml vars: rabbitmq_monasca_remove: false - include: rabbitmq-deploy.yml vars: rabbitmq_monasca_configure: false 07070100000029000081A40000000000000000000000015FAD0DE0000003D8000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-monasca-configure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Configure the RabbitMQ Monasca agent. - hosts: FND-RMQ:&MON-AGN max_fail_percentage: 0 roles: - rabbitmq-monasca tasks: - include: roles/rabbitmq-monasca/tasks/remove.yml when: (rabbitmq_monasca_configure | bool) - include: roles/rabbitmq-monasca/tasks/configure.yml when: (rabbitmq_monasca_configure | bool) 0707010000002A000081A40000000000000000000000015FAD0DE00000036B000000000000000000000000000000000000004100000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-monasca-remove.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Configure the RabbitMQ Monasca agent. - hosts: FND-RMQ:&MON-AGN max_fail_percentage: 0 roles: - rabbitmq-monasca tasks: - include: roles/rabbitmq-monasca/tasks/remove.yml when: (rabbitmq_monasca_remove | bool) 0707010000002B000081A40000000000000000000000015FAD0DE0000002CF000000000000000000000000000000000000003F00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-post-upgrade.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: rabbitmq-reconfigure.yml vars: rabbitmq_config_lock: false 0707010000002C000081A40000000000000000000000015FAD0DE0000002D5000000000000000000000000000000000000003E00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-pre-upgrade.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _rabbitmq-upgrade-packages.yml vars: rabbitmq_config_lock: false 0707010000002D000081A40000000000000000000000015FAD0DE000000362000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-reconfigure-credentials.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Update the uses that can access RabbitMQ and there user rights. - include: rabbitmq-configure-users.yml # Update RabbitMQ Monasca agent if used as user details may have changed. - include: rabbitmq-monasca-configure.yml 0707010000002E000081A40000000000000000000000015FAD0DE00000037A000000000000000000000000000000000000003E00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-reconfigure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Validate play and lock any configuration required. - include: _rabbitmq-validate.yml # Change the RabbitMQ configuration. - include: _rabbitmq-change.yml # Reconfigure Monasca agent for RabbitMQ. - include: rabbitmq-monasca-configure.yml 0707010000002F000081A40000000000000000000000015FAD0DE0000008FA000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-remove.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # This will remove all RabbitMQ components installed by this playbook. - include: _rabbitmq-neutron-setup.yml - hosts: FND-RMQ max_fail_percentage: 0 roles: - guard-cluster - iptables - rabbitmq tasks: # We want to ensure that all IP chains related to Rabbit # are torn down at the end of this part of the remove process. # However, the iptables-{add,delete} rules have an asymmetry: # -add is idempotent (can be called multiple times), but # -delete will flag an error if the named chain does not exist. # (This design is to catch the maximal number of errors arising # during the composition of multipler playbooks that may play # with the firewall settings.) # Therefore, to manage the remove situation where an attempt to # upgrade a broken Rabbit installation has failed (potentially # leaving a firewall rule in place), we unconditionally add # the rules here so that we guarantee it is safe to attempt # to remove them at the end of the tear-down process. - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" - include: roles/rabbitmq/tasks/remove.yml - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" # Clear all persisted facts relating to RabbitMQ on the current. - include: roles/rabbitmq/tasks/clear-persistant-facts.yml # Remove the RabbitMQ monasca setup. - include: rabbitmq-monasca-remove.yml 07070100000030000081A40000000000000000000000015FAD0DE00000058D000000000000000000000000000000000000003800000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _rabbitmq-neutron-setup.yml - hosts: FND-RMQ max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: # Stop messages entering a node by blocking the '*_listener' ports. # Need to do this here as node may not yet be part of the cluster. - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" - include: roles/rabbitmq/tasks/start.yml # Remove block on '*_listener' ports. - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" - include: roles/rabbitmq/tasks/status.yml 07070100000031000081A40000000000000000000000015FAD0DE000000302000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: FND-RMQ max_fail_percentage: 0 roles: - rabbitmq tasks: - include: roles/rabbitmq/tasks/status.yml 07070100000032000081A40000000000000000000000015FAD0DE00000081D000000000000000000000000000000000000003700000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _rabbitmq-neutron-setup.yml # Notice how we are controlling the last node to be left on-line this must # be the first node to come back online in stop.yml and start.yml # respectfully. This must not have the serial flag set. - hosts: FND-RMQ max_fail_percentage: 0 roles: - iptables - rabbitmq tasks: # Note: rabbitmq_do_not_reset_node has a hight precedence than # rabbitmq_permit_multi_stop. - name: rabbitmq | rabbitmq-stop | Check for stop running on multiple hosts fail: msg: "It is unsafe to run RabbitMQ stop on multiple hosts at once" when: (play_hosts | length) > 1 and not rabbitmq_permit_multi_stop and not rabbitmq_do_not_reset_node # Stop messages entering a node by blocking the '*_listener' ports. Need # to do this here to stop traffic entering a node that we are stopping. # This gives early indication to the proxy to move any vips pointing at # the node - include: roles/iptables/tasks/iptables-add.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" - include: roles/rabbitmq/tasks/stop.yml # Remove block on '*_listener' ports. - include: roles/iptables/tasks/iptables-delete.yml vars: iptables_chain: "{{ rabbitmq_iptables_chain }}" iptables_ip_port: "{{ rabbitmq_bind_addresses }}" 07070100000033000081A40000000000000000000000015FAD0DE000000327000000000000000000000000000000000000003A00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-upgrade.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Upgrade the RabbitMQ base packages - include: _rabbitmq-upgrade-packages.yml # Update Monasca agent for RabbitMQ. - include: rabbitmq-monasca-configure.yml 07070100000034000041ED0000000000000000000000045FAD0DE000000000000000000000000000000000000000000000002B00000000ardana-mq-8.0+git.1605176800.52cccfa/roles07070100000035000041ED0000000000000000000000065FAD0DE000000000000000000000000000000000000000000000003400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq07070100000036000041ED0000000000000000000000055FAD0DE000000000000000000000000000000000000000000000003C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca07070100000037000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/defaults07070100000038000081A40000000000000000000000015FAD0DE000000509000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # The RabbitMQ default set-up for the Monasca agent plugin. rabbitmq_monasca_configure: true rabbitmq_monasca_remove: true # If true, monitor exchanges, queues as well as hosts, process monitoring. rabbitmq_monasca_full_monitoring: false # Config Processor variable mapping. rabbitmq_monasca_cp: monasca_api_url: > {{ rabbitmq_management_protocol }}://{{ rabbitmq_cp.management_address.ip }}:{{ rabbitmq_cp.management_address.port }}/api monasca_username: > {{ MON_AGN.consumes_FND_RMQ.vars.accounts.monasca_rmq_monitor.username }} monasca_password: > {{ MON_AGN.consumes_FND_RMQ.vars.accounts.monasca_rmq_monitor.password }} 07070100000039000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004100000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/meta0707010000003A000081A40000000000000000000000015FAD0DE0000002CF000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/meta/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - {role: rabbitmq} - {role: monasca-agent, run_mode: Use} 0707010000003B000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks0707010000003C000081A40000000000000000000000015FAD0DE000000629000000000000000000000000000000000000005000000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/configure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq-monasca | configure | Setup Monasca with RabbitMQ mgmt become: yes no_log: true monasca_agent_plugin: name: rabbitmq args: watch_api: True api_url: "{{ rabbitmq_monasca_cp.monasca_api_url }}" user: "{{ rabbitmq_monasca_cp.monasca_username }}" password: "{{ rabbitmq_monasca_cp.monasca_password | quote }}" when: ("rabbitmq_management" in (rabbitmq_plugins | default([], true))) and (rabbitmq_monasca_full_monitoring | bool) - name: rabbitmq-monasca | configure | Setup Monasca without RabbitMQ mgmt become: yes monasca_agent_plugin: name: rabbitmq args: watch_api: False when: ("rabbitmq_management" not in (rabbitmq_plugins | default([], true))) or (not (rabbitmq_monasca_full_monitoring | bool)) - name: rabbitmq-monasca | configure | Configure TLS certificate monitoring include: configure_tls.yml when: rabbitmq_tls_enabled | bool 0707010000003D000081A40000000000000000000000015FAD0DE000000711000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/configure_tls.yml# # (c) Copyright 2020 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Start mysql on these nodes. Note if the whole cluster is down # this will not start as a boostrap will need to run on one node --- # NOTE(gyee): Since the provisioned TLS server certificate is consisted of # both certificate and private key, we need to separate out the certificate # protion for monitoring without having to compromise the private key. # This is done by copying the certificate to a different file and make it # readable by the world. Making certificate readable by the world is NOT a # problem as it is TLS certificate is public information. - name: rabbitmq-monasca | configure_tls | Separate out rabbitmq TLS cert become: yes shell: > openssl x509 -in {{ rabbitmq_tls.pem_file }} -out {{ rabbitmq_tls.monitoring_pem_file }} -outform PEM - name: rabbitmq-monasca | configure_tls | Make sure rabbitmq TLS cert is readable become: yes file: path: "{{ rabbitmq_tls.monitoring_pem_file }}" mode: '0644' - name: rabbitmq-monasca | configure_tls | Run Monasca detection plugin for rabbitmq TLS certs become: yes monasca_agent_plugin: name: CertificateFileCheck args: cert_files: "{{ rabbitmq_tls.monitoring_pem_file }}" dimensions: "service:rabbitmq" 0707010000003E000081A40000000000000000000000015FAD0DE0000003A5000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/remove.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq-monasca | remove | Remove Monasca RabbitMQ config become: yes file: path: /etc/monasca/agent/conf.d/rabbitmq.yaml state: absent - name: rabbitmq-monasca | remove | Remove TLS certificate monitoring include: remove_tls.yml when: rabbitmq_tls_enabled | bool 0707010000003F000081A40000000000000000000000015FAD0DE0000003EE000000000000000000000000000000000000005100000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/remove_tls.yml# # (c) Copyright 2020 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Start mysql on these nodes. Note if the whole cluster is down # this will not start as a boostrap will need to run on one node --- - name: rabbitmq-monasca | remove_tls | Remove Monasca detection plugin for rabbitmq TLS certs become: yes monasca_agent_plugin: name: CertificateFileCheck args: cert_files: "{{ rabbitmq_tls.monitoring_pem_file }}" dimensions: "service:rabbitmq" state: absent 07070100000040000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003D00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/defaults07070100000041000081A40000000000000000000000015FAD0DE0000022C9000000000000000000000000000000000000004600000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/defaults/main.yml # (c) Copyright 2015-2018 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- rabbitmq_cluster_name: "{{ rabbitmq_cp.control_plane ~ '_rabbit' }}" rabbitmq_cluster_size: "{{ groups[rabbitmq_cp.group_name] | length }}" rabbitmq_clustered: "{{ (rabbitmq_cluster_size | int) > 1 }}" rabbitmq_config_lock: true rabbitmq_etc_dir: /etc/rabbitmq # Fix for Debian and RPM do not change. rabbitmq_join_cluster_timeout: "2m" # We always reset unless overridden. rabbitmq_do_not_reset_node: false rabbitmq_ha_policy_name: HA rabbitmq_iptables_chain: rabbitmq-temp rabbitmq_list_queues_timeout: "5m" rabbitmq_management_protocol: > {%- if (rabbitmq_tls_enabled | bool) -%} https {%- else -%} http {%- endif -%} # Defaults to rabbit. This can be useful if you want to run more than one node # per machine. Note: relate to RABBITMQ_NODENAME env as well. # WARNING: Changing the two setting below requires a redeploy. rabbitmq_node: rabbit # NOTE: There are two notions of a address name used here: the one that Ansible # has, which is embedded in groups[verb_hosts.FND_RMQ], and the one that is # supplied from Config Processor as part of the configuration of the service. # It is vital to keep these separated and note that configuration of the # service is via the Config Processor address name values and access to the # system to be configured is via Ansible address name. rabbitmq_nodename: > {{ rabbitmq_node }}@{{ rabbitmq_cp_hosts.hostname }} rabbitmq_remote_nodename: > {{ rabbitmq_node }}@{{ rabbitmq_cp_hosts.remote_hostname }} # Restrict a user from stopping node in an order that could damage a running # cluster unless overridden. rabbitmq_permit_multi_stop: false # A user can overrided the host to use for clustering to allow a non-default # cluster opration. rabbitmq_primary_hostname: "{{ groups[rabbitmq_cp.group_name] | first }}" rabbitmq_remote_hostname: > {{ groups[rabbitmq_cp.group_name] [(groups[rabbitmq_cp.group_name].index(rabbitmq_primary_hostname) + 1) % (groups[rabbitmq_cp.group_name] | length)] }} # The Ansible host to use for remote commands. rabbitmq_remote_host: > {%- if inventory_hostname == rabbitmq_primary_hostname -%} {{ rabbitmq_remote_hostname }} {%- else -%} {{ rabbitmq_primary_hostname }} {%- endif -%} # Set to 'force_reset' to forcefully return a RabbitMQ node to its virgin # state. rabbitmq_reset_option: reset rabbitmq_service_name: rabbitmq-server # Time to wait for a RabbitMQ service start. rabbitmq_start_timeout: "5m" # Time to wait for a RabbitMQ application app. rabbitmq_start_app_timeout: "5m" # Time to wait for a RabbitMQ application stop. rabbitmq_stop_app_timeout: "5m" # Time to wait for a RabbitMQ reset command to complete. rabbitmq_reset_timeout: "2m" # Control the time we wait for a node to become synchronised. # This has a max wait time in seconds of: # rabbitmq_sync_retries * rabbitmq_sync_delay # Default: 90 * 10 = 900 seconds ( 15 mins ) rabbitmq_sync_retries: 90 rabbitmq_sync_delay: 10 # Enable status check for TLS. rabbitmq_tls_check_status: true # Enable TLS replication. # This allows the user to disable TLS replication traffic when client TLS is # enable ONLY. rabbitmq_tls_replication: true # Set TLS configuration state. rabbitmq_tls_enabled: "{{ ((ardana_notify_rabbitmq_lockout_tls | default(false)) and ardana_notify_rabbitmq_lockout_tls.changed) or (rabbitmq_cp.tls_enabled | bool) }}" # User over-ridable TLS cert setting. rabbitmq_tls_certs_local_dir: /tmp/ardana_tls_certs rabbitmq_tls_expiry_check: 2592000 # 30 days expiry rabbitmq_tls_certs_force_regeneration: False # Map a Ansible hostname to a Config Processor hostname. rabbitmq_cp_hosts: hostname: > {{ (rabbitmq_cp.map_port_info | selectattr('ardana_ansible_host', 'equalto', inventory_hostname) | first).host }} remote_hostname: > {{ (rabbitmq_cp.map_port_info | selectattr('ardana_ansible_host', 'equalto', rabbitmq_remote_host) | first).host }} ansible_cluster: > {{ rabbitmq_cp.map_port_info | map(attribute='ardana_ansible_host') | list }} # Config Processor variable mapping. rabbitmq_cp: tcp_bind_addresses: - ip: "{{ host.bind.FND_RMQ.tcp_listener.ip_address }}" port: "{{ host.bind.FND_RMQ.tcp_listener.port }}" tls_bind_addresses: - ip: "{{ host.bind.FND_RMQ.tls_listener.ip_address }}" port: "{{ host.bind.FND_RMQ.tls_listener.port }}" control_plane: "{{ host | item('my_dimensions.control_plane', default='ardana') }}" control_planes: "{{ global.control_planes }}" credentials: "{{ FND_RMQ.consumed_by | default({})}}" erlang_cookie: "{{ FND_RMQ.vars.erlang_cookie }}" group_name: "{{ verb_hosts.FND_RMQ }}" # WARNING: Changing this value requires a redeploy inet_dist_listen_port: > {{ host.bind.FND_RMQ.rabbitmq_inet_dist_listen.port }} management_address: ip: "{{ host.bind.FND_RMQ.rabbitmq_management.ip_address }}" port: "{{ host.bind.FND_RMQ.rabbitmq_management.port }}" map_port_info: "{{ FND_RMQ.members.rabbitmq_epmd }}" # WARNING: Changing this value requires a redeploy home: "{{ host | item('my_logical_volumes.FND_RMQ') | by_item('consumer.rabbitmq_env', 'home') | item('0.mount', default='/var/lib/rabbitmq') }}" tls_enabled: "{{ host.bind.FND_RMQ.internal.tls }}" tls_filename: "{{ host | item('bind.FND_RMQ.internal.cert_name', default='') }}" rabbitmq_bind_addresses: "{{ rabbitmq_cp.tcp_bind_addresses | union(rabbitmq_cp.tls_bind_addresses) }}" # See: https://www.rabbitmq.com/plugins.html # Add any RabbitMQ plugins you wish to install to the list. rabbitmq_plugins: # - rabbitmq_management # See: https://www.rabbitmq.com/management.html # - rabbitmq_top # Requires the management plugin. # For details of config and environment options. # See: https://www.rabbitmq.com/configure.html # RabbitMQ environment. # Adding a value here will add it to the RabbitMQ environment file. # See: https://www.rabbitmq.com/relocate.html rabbitmq_env: home: "{{ rabbitmq_cp.home }}" log_base: /var/log/rabbitmq nodename: "{{ rabbitmq_nodename }}" mnesia_base: "{{ rabbitmq_cp.home }}/mnesia" pid_file: /var/run/rabbitmq/{{ rabbitmq_nodename }}.pid # See: https://www.rabbitmq.com/networking.html # Increase the Erlang Thread Pool to 128 (default 64). rabbitmq_io_thread_pool_size: 128 # See 'rabbitmq_tls_erl_args' for configuration details. erl_ssl_path: "{{ erl_ssl_path }}" server_additional_erl_args: "{{ rabbitmq_tls_erl_args | quote }}" ctl_erl_args: "{{ rabbitmq_tls_erl_args | quote }}" # RabbitMQ config. rabbitmq_config: cluster_partition_handling: pause_minority # See: https://www.rabbitmq.com/disk-alarms.html for alternative setting. disk_free_limit: 1000000000 # 1GB disk free limit. vm_memory_high_watermark: 0.4 hipe_compile: false rates_mode: basic # RabbitMQ TLS vars rabbitmq_cert_dir: "{{ rabbitmq_etc_dir }}" rabbitmq_tls: erlang_ssl_symlink: > {{ rabbitmq_etc_dir }}/erlang_ssl req_file: > {{ rabbitmq_cert_dir }}/{{ rabbitmq_cp.control_plane }}-rabbitmq.req pem_file: > {{ rabbitmq_cert_dir }}/{{ rabbitmq_cp.control_plane }}-rabbitmq.pem monitoring_pem_file: > {{ rabbitmq_cert_dir }}/{{ rabbitmq_cp.control_plane }}-rabbitmq-monitoring.pem # RabbitMQ cluster TLS additional aguments as per: # https://www.rabbitmq.com/clustering-ssl.html rabbitmq_tls_erl_args: >- {%- if (rabbitmq_tls_enabled | bool) and (rabbitmq_tls_replication | bool) -%} -pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile {{ rabbitmq_tls.pem_file }} -ssl_dist_opt server_keyfile {{ rabbitmq_tls.pem_file }} -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true {%- endif -%} # NOTE(gyee) num_queues is the ceiling of number of nodes divided by 2. Per # https://bugs.launchpad.net/tripleo/+bug/1628998 # However it is recommended that we don't neccessary need more than 3 # copies, regardless of number of nodes. num_queues: "{{ (rabbitmq_cluster_size|int / 2) | round(0, 'ceil') | int }}" max_num_queues: > {%- if num_queues|int > 3 -%} 3 {%- else -%} {{ num_queues }} {%- endif -%} 07070100000042000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks07070100000043000081A40000000000000000000000015FAD0DE000000516000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_cluster-check.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | _cluster-check | Check RabbitMQ node is in a cluster become: yes shell: > rabbitmqctl cluster_status 2>/dev/null | awk '/running_nodes,\[[^]]+,/,/]},/' | sed 's/,\([^[]\)/,\n\1/g' register: _rabbitmq_cluster_check_result changed_when: false - include: _join-cluster.yml when: not (_rabbitmq_cluster_check_result.stdout | search(rabbitmq_remote_nodename)) # Wait for queues to synchronise, during synchronisation the queues will # pause and not allow any messages to be placed in the queue that is # synchronising. We always check we are in sync before continuing. - include: _wait-for-cluster-sync.yml 07070100000044000081A40000000000000000000000015FAD0DE0000006DE000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_configure-ha-cluster.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # # Make sure that all queues (except those with auto-generated names) # are mirrored across enough nodes in the cluster to achieve quorum # (but not more than 3). # # NOTE(gyee): to minimize disruption, we only need to reset the HA policy # if it's different from the new one. - name: rabbitmq | _configure-ha-cluster | Get the current HA policy become: yes shell: > rabbitmqctl list_policies -p / 2>/dev/null | grep '\s{{ rabbitmq_ha_policy_name }}\s' register: rabbitmq_list_ha_policy_result ignore_errors: true - name: rabbitmq | _configure-ha-cluster | Mirror non-auto named queues become: yes shell: > rabbitmqctl set_policy {{ rabbitmq_ha_policy_name }} '^(?!amq\.).*' '{"ha-mode":"exactly","ha-params":{{ max_num_queues }},"ha-sync-mode":"automatic"}' when: not rabbitmq_list_ha_policy_result.stdout | search('\^\(\?\!amq\\\\\\\.\)\.\*\s*{"ha-mode":"exactly","ha-params":{{ max_num_queues }},"ha-sync-mode":"automatic"}') - name: rabbitmq | _configure-ha-cluster | Set the RabbitMQ cluster name become: yes command: rabbitmqctl set_cluster_name {{ rabbitmq_cluster_name }} 07070100000045000081A40000000000000000000000015FAD0DE00000040F000000000000000000000000000000000000004F00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_disable-plugins.yml# # (c) Copyright 2015 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # See: https://www.rabbitmq.com/man/rabbitmq-plugins.1.man.html - name: rabbitmq | _disable-plugins | Disable/Offline all RabbitMQ plugins become: yes command: rabbitmq-plugins set register: _rabbitmq_disable_plugins_result changed_when: > (_rabbitmq_disable_plugins_result | success) and not (_rabbitmq_disable_plugins_result.stdout | search("\snothing to do[.]\s*$")) 07070100000046000081A40000000000000000000000015FAD0DE0000003AE000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_enable-plugins.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # See: https://www.rabbitmq.com/man/rabbitmq-plugins.1.man.html - name: rabbitmq | _enable-plugins | Enable any new RabbitMQ plugins become: yes rabbitmq_plugin: names: "{{ rabbitmq_plugins | join (',') }}" state: enabled when: (rabbitmq_plugins | default([], true) | length) > 0 07070100000047000081A40000000000000000000000015FAD0DE0000009E3000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_erlang_ssl_symlink.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | _erlang_ssl_symlink | Download the latest erlang-ssl package delegate_to: localhost become: yes command: > apt-get install erlang-ssl --download-only --reinstall --assume-yes when: (rabbitmq_tls_enabled | bool) and (rabbitmq_tls_replication | bool) run_once: true tags: - skip_ansible_lint - name: rabbitmq | _erlang_ssl_symlink | Get erlang-ssl package name delegate_to: localhost shell: > apt-cache policy erlang-ssl | awk '/Candidate:/{gsub(/:/,"%3a",$2); print $2}' changed_when: false register: _rabbitmq_ssl_result when: (rabbitmq_tls_enabled | bool) and (rabbitmq_tls_replication | bool) run_once: true - name: rabbitmq | _erlang_ssl_symlink | Lookup package contents delegate_to: localhost shell: > dpkg-deb --contents /var/cache/apt/archives/erlang-ssl_{{ _rabbitmq_ssl_result.stdout }}_*.deb | awk '/ebin\/$/{gsub(/^\.|\/$/,"",$NF); print $NF}' changed_when: false register: _rabbitmq_ssl_content_result when: (rabbitmq_tls_enabled | bool) and (rabbitmq_tls_replication | bool) run_once: true - name: rabbitmq | _erlang_ssl_symlink | Create sym-link to erlang-ssl become: yes delegate_to: "{{ item }}" file: src: "{{ _rabbitmq_ssl_content_result.stdout }}" dest: "{{ rabbitmq_tls.erlang_ssl_symlink }}" state: link force: yes with_items: "{{ groups[rabbitmq_cp.group_name] }}" when: (rabbitmq_tls_enabled | bool) and (rabbitmq_tls_replication | bool) register: ardana_notify_rabbitmq_major_change run_once: true - name: rabbitmq | _erlang_ssl_symlink | Remove sym-link to erlang-ssl become: yes file: path: "{{ rabbitmq_tls.erlang_ssl_symlink }}" state: absent when: not ((rabbitmq_tls_enabled | bool) and (rabbitmq_tls_replication | bool)) register: ardana_notify_rabbitmq_major_change 07070100000048000081A40000000000000000000000015FAD0DE000000C7F000000000000000000000000000000000000004C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_join-cluster.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | _join-cluster | Stop the RabbitMQ application for clustering become: yes command: | timeout {{ rabbitmq_stop_app_timeout }} rabbitmqctl stop_app # If RC is zero we have joined the cluster correctly. # If RC is non-zero then the remote node may think we are already in cluster # with the local node. - name: rabbitmq | _join-cluster | Join the RabbitMQ cluster become: yes command: | timeout {{ rabbitmq_join_cluster_timeout }} rabbitmqctl join_cluster "{{ rabbitmq_remote_nodename }}" register: _rabbitmq_join_result failed_when: > (_rabbitmq_join_result | failed) and (not (_rabbitmq_join_result.stdout | search("already_member"))) and (not (_rabbitmq_join_result.stderr | search("already_member"))) # If the join cluster command fail the remote may think we are already in # cluster. This is a different scenario from join_cluster since the node # does not need to become a member of the cluster. The need for this # command is motivated by the fact that clusters can change while a node # is offline. This in effect make the node become running. - name: rabbitmq | _join-cluster | Join the RabbitMQ update_cluster_nodes become: yes command: | rabbitmqctl update_cluster_nodes "{{ rabbitmq_remote_nodename }}" when: (_rabbitmq_join_result | failed) - name: rabbitmq | _join-cluster | Start the RabbitMQ application become: yes command: | timeout {{ rabbitmq_start_app_timeout }} rabbitmqctl start_app - name: rabbitmq | _join-cluster | Wait for RabbitMQ application to start become: yes command: | timeout {{ rabbitmq_start_timeout }} rabbitmqctl wait {{ rabbitmq_env.pid_file }} changed_when: false # Check the remote host and local host thinks we are now in cluster. # This is done remotely as locally we would have failed update_cluster_nodes # or join_cluster and stopped. - name: rabbitmq | _join-cluster | Check RabbitMQ is in a cluster become: yes delegate_to: "{{ item.ansible_host }}" shell: > rabbitmqctl cluster_status 2>/dev/null | awk '/running_nodes,\[[^]]+,/,/]},/' | sed 's/,\([^[]\)/,\n\1/g' register: _rabbitmq_join_status_result changed_when: false failed_when: > (_rabbitmq_join_status_result | success) and (not (_rabbitmq_join_status_result.stdout | search(item.ardana_host))) with_items: - ansible_host: "{{ rabbitmq_remote_host }}" ardana_host: "{{ rabbitmq_nodename }}" - ansible_host: "{{ inventory_hostname }}" ardana_host: "{{ rabbitmq_remote_nodename }}" 07070100000049000081A40000000000000000000000015FAD0DE0000008DE000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_reset-host.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # # NOTE: THIS PLAY MUST NOT RUN ON SINGLETON RABBITMQ NODE UNLESS # 'rabbitmq_reset_option' IS SET TO 'force_reset'. --- - name: rabbitmq | _reset-host | Check RabbitMQ is running command: systemctl status rabbitmq-server register: _rabbitmq_reset_status_result changed_when: false failed_when: false - name: rabbitmq | _reset-host | Stop the RabbitMQ application to enable reset become: yes command: | timeout {{ rabbitmq_stop_app_timeout }} rabbitmqctl stop_app register: _rabbitmq_reset_stop_app_result when: (_rabbitmq_reset_status_result | success) # Return a RabbitMQ node to its virgin state # # if rabbitmq_reset_option=reset (the default), this removes the node from # any cluster it belongs to, removes all data from the mnesia database, such # as configured users and vhosts, and deletes all persistent messages. # # If rabbitmq_reset_option=force_reset, it totally resets the state. # # For this command to succeed the RabbitMQ application must have been # stopped. If the reset fails due to the timeout the cluster is generally # unrecoverable. - name: rabbitmq | _reset-host | Reset the RabbitMQ node become: yes command: | timeout {{ rabbitmq_reset_timeout }} rabbitmqctl {{ rabbitmq_reset_option }} when: (_rabbitmq_reset_stop_app_result | success) # Remove the Erlang Mnesia DB in case the node was offline/damaged during the # task. - name: rabbitmq | _reset-host | Clear down Mnesia RabbitMQ message DB become: yes file: path: "{{ rabbitmq_env.mnesia_base }}/{{ rabbitmq_nodename }}" state: absent when: (_rabbitmq_reset_status_result | failed) 0707010000004A000081A40000000000000000000000015FAD0DE000000520000000000000000000000000000000000000004900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_stop_epmd.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # NOTE(gyee): on upgrade, if we are still using one of those old epmd # packages, the epmd process may still be running. In that case, we need # to do a hard kill on it. - name: rabbitmq | _stop_epmd | Get the process ID of epmd shell: > pgrep -f "epmd.*-daemon" register: pgrep_epmd_result ignore_errors: yes # now do a hard kill on epmd if it's still alive and kicking - name: rabbitmq | _stop_epmd | Double tap epmd become: yes shell: > kill -9 {{ pgrep_epmd_result.stdout }} when: pgrep_epmd_result.stdout != "" - name: rabbitmq | _stop_epmd | Wait for epmd to exit become: yes wait_for: path: "/proc/{{ pgrep_epmd_result.stdout }}/status" state: absent when: pgrep_epmd_result.stdout != "" 0707010000004B000081A40000000000000000000000015FAD0DE000001511000000000000000000000000000000000000005500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_wait-for-cluster-sync.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Note: This task is delegated to a remote node to determine if that node # is in cluster. - name: rabbitmq | _wait-for-cluster-sync | Check if RabbitMQ is in a cluster become: yes delegate_to: "{{ rabbitmq_remote_host }}" shell: > rabbitmqctl cluster_status 2>/dev/null | awk '/running_nodes,\[[^]]+,/,/]},/' | sed 's/,\([^[]\)/,\n\1/g' register: _rabbitmq_in_cluster_result failed_when: false changed_when: false - name: rabbitmq | _wait-for-cluster-sync | Check if RabbitMQ is in a mirror become: yes delegate_to: "{{ rabbitmq_remote_host }}" shell: > rabbitmqctl list_queues -q policy state synchronised_slave_pids 2>/dev/null | grep '^{{ rabbitmq_ha_policy_name }}\s*running\s' register: _rabbitmq_in_mirror_result failed_when: false changed_when: false - name: rabbitmq | _wait-for-cluster-sync | Wait for HA queue sync to complete become: yes delegate_to: "{{ rabbitmq_remote_host }}" shell: | # see: https://www.rabbitmq.com/man/rabbitmqctl.1.man.html (Server Status) # for full details on list_queues. # # see: https://www.rabbitmq.com/ha.html (Configuring explicit # synchronisation) # for how this relates to HA clustering. # # Precis of list queues doc: # Returns queue details. Queue details of the / virtual host are returned # if the "-p" flag is absent. The "-p" flag can be used to override this # default. The queueinfoitem parameter is used to indicate which queue # information items to include in the results. The column order in the # results will match the order of the parameters. # # - policy # Policy name applying to the queue. # # - state # The state of the queue. Normally 'running', but may be # "{syncing, MsgCount}" if the queue is synchronising. Queues which are # located on cluster nodes that are currently down will be shown with a # status of 'down' (and most other queueinfoitems will be unavailable) # # - synchronised_slave_pids # If the queue is mirrored, this gives the IDs of the current slaves # which are synchronised with the master - i.e. those which could take # over from the master without message loss. # # - name (for debug if there is failure) # The name of the queue with non-ASCII characters escaped as in C. # # The awk statement counts the number of hosts (<{{ rabbitmq_node }}@) # that are currently synchronised to the master for any HA queues # (rabbitmq_ha_policy_name). It will exclude any non HA/crashed queues # that are found and will fail for any HA queues that is synchronising # (printing its details for debug and to fail the task). # # Note: If timeout fails it writes to stderr. timeout {{ rabbitmq_list_queues_timeout }} \ rabbitmqctl list_queues -q policy state synchronised_slave_pids name | awk -F"<{{ rabbitmq_node }}@" \ '/^{{ rabbitmq_ha_policy_name }}\t/ && \ (!/\trunning\t/ || \ NF < {{ max_num_queues }}) \ {print}' changed_when: false register: _rabbitmq_sync_cluster_result when: (_rabbitmq_in_cluster_result | success) and (_rabbitmq_in_mirror_result | success) and (_rabbitmq_in_cluster_result.stdout | search(rabbitmq_nodename)) and (_rabbitmq_in_mirror_result.stdout | search(rabbitmq_nodename)) until: (_rabbitmq_sync_cluster_result | success) and _rabbitmq_sync_cluster_result.stdout == "" and _rabbitmq_sync_cluster_result.stderr == "" retries: "{{ rabbitmq_sync_retries }}" delay: "{{ rabbitmq_sync_delay }}" # SOC-11083: Seeing that sometimes the retry until loop can exceed retries # without failing, so fail here if that is the case, after printing results - name: rabbitmq | _wait-for-cluster-sync | Print settings if failed debug: var: _rabbitmq_sync_cluster_result when: - not (_rabbitmq_sync_cluster_result | skipped) - ((_rabbitmq_sync_cluster_result | failed) or (_rabbitmq_sync_cluster_result.stdout != "") or (_rabbitmq_sync_cluster_result.stderr != "")) - name: rabbitmq | _wait-for-cluster-sync | Ensure we fail if retries exceeded fail: msg: >- rabbitmq HA queue sync failed to complete after {{ (rabbitmq_sync_retries | int) * (rabbitmq_sync_delay | int) }} ({{ rabbitmq_sync_retries }} * {{ rabbitmq_sync_delay }}) seconds. when: - not (_rabbitmq_sync_cluster_result | skipped) - ((_rabbitmq_sync_cluster_result | failed) or (_rabbitmq_sync_cluster_result.stdout != "") or (_rabbitmq_sync_cluster_result.stderr != "")) 0707010000004C000081A40000000000000000000000015FAD0DE0000006A5000000000000000000000000000000000000005900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_write-rabbitmq-env-config.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | _write-rabbitmq-env-config | Determine ERL_SSL_PATH become: yes command: > /usr/bin/erl -noinput -eval 'io:format("~s~n", [filename:dirname(code:which(inet_tls_dist))])' -s init stop register: erl_ssl_path_eval_result when: rabbitmq_tls_replication | bool - name: rabbitmq | _write-rabbitmq-env-config | Set erl_ssl_path fact set_fact: erl_ssl_path: "{{ erl_ssl_path_eval_result.stdout }}" when: rabbitmq_tls_replication | bool # TODO: We have to set the file permission to world readable for now # as the files is own by user root and group root. Neither epmd nor # rabbitmq user have access to that file if we set it to 0640. # We'll definitely need to tighen up security later by not making # it world readable. We can possibly create a new group with both # epmd and rabbitmq user in it. - name: rabbitmq | _write-rabbitmq-env-config | Create rabbitmq-env.conf become: yes template: src: rabbitmq-env.conf.j2 dest: "{{ rabbitmq_etc_dir }}/rabbitmq-env.conf" owner: root group: root mode: 0644 register: ardana_notify_rabbitmq_reset_required 0707010000004D000081A40000000000000000000000015FAD0DE00000049B000000000000000000000000000000000000004C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/check-plugins.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # See: https://www.rabbitmq.com/man/rabbitmq-plugins.1.man.html - name: rabbitmq | check-plugins | Check RabbitMQ plugins match configuration become: yes shell: rabbitmq-plugins list | awk '/\[E[* ]\]/ {print $2}' # noqa register: ardana_notify_rabbitmq_reset_required changed_when: > (ardana_notify_rabbitmq_reset_required | success) and (rabbitmq_plugins | default([], true) | symmetric_difference( ardana_notify_rabbitmq_reset_required.stdout_lines) | length != 0) 0707010000004E000081A40000000000000000000000015FAD0DE0000005C1000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/check-tls.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Check if there are any active ssl peers connected to RabbitMQ. - name: rabbitmq | check-tls | Check RabbitMQ TLS state become: yes command: rabbitmqctl status register: ardana_notify_rabbitmq_reset_required changed_when: > ((not (rabbitmq_tls_enabled | bool)) and (ardana_notify_rabbitmq_reset_required.stdout | search("'amqp/ssl'"))) or ((rabbitmq_tls_enabled | bool) and (not (ardana_notify_rabbitmq_reset_required.stdout | search("'amqp/ssl'")))) - name: rabbitmq | check-tls | Check RabbitMQ inter-node TLS state become: yes shell: > grep 'proto_dist inet_tls' "{{ rabbitmq_etc_dir }}/rabbitmq-env.conf" || true register: ardana_notify_rabbitmq_major_change changed_when: > rabbitmq_tls_replication | bool and ardana_notify_rabbitmq_major_change.stdout == "" 0707010000004F000081A40000000000000000000000015FAD0DE000000EF0000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/check-upgraded-pkgs.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | check-upgraded-pkgs | Check upgraded packages debug: msg: "Notify change in RabbitMQ package dependency: {{ item.package }}" changed_when: true when: item.upgrade != "" and item.package in list_pkg_upgrades_base | default({}) with_items: rabbitmq_restart_packages register: ardana_notify_rabbitmq_restart_required - name: rabbitmq | check-upgraded-pkgs | Get current installed package version shell: > dpkg-query -W -f='${Version} ${status}\n' {{ item.package }} | awk '/ok installed/{print $1}' when: item.upgrade != "" and ardana_notify_rabbitmq_restart_required.changed changed_when: false register: _rabbitmq_current_version_result with_items: rabbitmq_restart_packages # This task is required as the upgrade should stop if all nodes do not have # the same version of the checked packages. This task has run_once_per RabbitMQ # server cluster group as we only need to compare a singe node to the others # and we do not need the cross product. - name: rabbitmq | check-upgraded-pkgs | Check installed package are constant fail: msg: "Inconstant RabbitMQ package found: {{ item.key }} : {{ item.value }}" when: (item.value | length != 1) with_dict: > (rabbitmq_cp_hosts.ansible_cluster | package_consistency_check(hostvars, '_rabbitmq_current_version_result')) run_once_per: rabbitmq_cp.group_name - name: rabbitmq | check-upgraded-pkgs | Get current available package version shell: > apt-cache show {{ item.package }} | awk '/Version/{print $2; exit}' when: item.upgrade != "" and ardana_notify_rabbitmq_restart_required.changed changed_when: false register: _rabbitmq_available_version_result with_items: rabbitmq_restart_packages # This task is required as the upgrade should stop if all nodes cannot see the # same repository version of the checked packages. This task has run_once_per # RabbitMQ cluster group as we only need to compare a singe node to the others # and we do not need the cross product. - name: rabbitmq | check-upgraded-pkgs | Check repository package are constant fail: msg: "Inconstant repository found: {{ item.key }} : {{ item.value }}" when: (item.value | length != 1) with_dict: > (rabbitmq_cp_hosts.ansible_cluster | package_consistency_check(hostvars, '_rabbitmq_available_version_result')) run_once_per: rabbitmq_cp.group_name - name: rabbitmq | check-upgraded-pkgs | Set upgrade strategy for RabbitMQ debug: msg: "Notify RabbitMQ Major upgrade required for: {{ item[0].package }}" changed_when: true when: item[0].upgrade != "" and ardana_notify_rabbitmq_restart_required.changed and ( (item[0].upgrade == "major" and item[1].stdout != item[2].stdout) or (item[0].upgrade == "check" and (item[1].stdout | regex_replace('(^(\\d+\\.){2}).*', '\\1')) != (item[2].stdout | regex_replace('(^(\\d+\\.){2}).*', '\\1'))) ) with_together: - rabbitmq_restart_packages - _rabbitmq_available_version_result.results - _rabbitmq_current_version_result.results register: ardana_notify_rabbitmq_major_change 07070100000050000081A40000000000000000000000015FAD0DE000001000000000000000000000000000000000000000005500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/clear-persistant-facts.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts debug: msg: "Clear RabbitMQ fact reset_required: {{ inventory_hostname }}" changed_when: true when: ardana_notify_rabbitmq_reset_required is defined and ardana_notify_rabbitmq_reset_required.changed - name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts debug: msg: "Clear RabbitMQ fact restart_required: {{ inventory_hostname }}" changed_when: true when: ardana_notify_rabbitmq_restart_required is defined and ardana_notify_rabbitmq_restart_required.changed - name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts debug: msg: "Clear RabbitMQ persistant stop_forced: {{ inventory_hostname }}" changed_when: true when: ardana_notify_rabbitmq_stop_forced is defined and ardana_notify_rabbitmq_stop_forced.changed - name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts debug: msg: "Clear RabbitMQ persistant fact major_change: {{ inventory_hostname }}" changed_when: true when: ardana_notify_rabbitmq_major_change is defined and ardana_notify_rabbitmq_major_change.changed - name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts debug: msg: "Clear RabbitMQ fact workaround_required: {{ inventory_hostname }}" changed_when: true when: ardana_notify_rabbitmq_workaround_required is defined and ardana_notify_rabbitmq_workaround_required.changed - name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts debug: msg: "Clear RabbitMQ fact lockout_tls: {{ inventory_hostname }}" changed_when: true when: (rabbitmq_config_lock | bool) and ardana_notify_rabbitmq_lockout_tls is defined and ardana_notify_rabbitmq_lockout_tls.changed - name: rabbitmq | clear-persistant-facts | Set RabbitMQ persistant facts False set_fact: ardana_notify_set_false_prefix: ardana_notify_rabbitmq changed_when: true register: _rabbitmq_clear_facts_prefix_result # Not a persistant facts. when: ardana_notify_rabbitmq_lockout_tls is defined and ardana_notify_rabbitmq_lockout_tls.skipped and ((ardana_notify_rabbitmq_reset_required is defined and ardana_notify_rabbitmq_reset_required.changed) or (ardana_notify_rabbitmq_restart_required is defined and ardana_notify_rabbitmq_restart_required.changed) or (ardana_notify_rabbitmq_stop_forced is defined and ardana_notify_rabbitmq_stop_forced.changed) or (ardana_notify_rabbitmq_major_change is defined and ardana_notify_rabbitmq_major_change.changed) or (ardana_notify_rabbitmq_workaround_required is defined and ardana_notify_rabbitmq_workaround_required.changed)) - name: rabbitmq | clear-persistant-facts | Set RabbitMQ persistant facts False debug: msg: "Clear {{ ardana_notify_set_false_prefix }}:{{ inventory_hostname }}" changed_when: true register: ardana_notify_set_persistent_facts_to_false # This forces the reset. when: _rabbitmq_clear_facts_prefix_result is defined and _rabbitmq_clear_facts_prefix_result.changed - name: rabbitmq | clear-persistant-facts | Default persistant facts prefix set_fact: ardana_notify_set_false_prefix: ardana_notify changed_when: true when: _rabbitmq_clear_facts_prefix_result is defined and _rabbitmq_clear_facts_prefix_result.changed 07070100000051000081A40000000000000000000000015FAD0DE000000974000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/configure-users.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | configure-users | Find all RabbitMQ user accounts set_fact: _rabbitmq_user_accounts: | [{% for component in rabbitmq_cp.credentials -%} {% if component.vars.accounts is defined -%} {% for account in component.vars.accounts -%} {{ component.vars.accounts[account] | to_json }} {%- if not loop.last -%} , {% endif -%} {% endfor -%} {% endif -%} {%- if not loop.last -%} , {% endif -%} {% endfor %}] changed_when: true register: _rabbitmq_configure_users_result when: _rabbitmq_user_accounts is not defined - name: rabbitmq | configure-users | Remove guest user if not used become: yes rabbitmq_user: node: "{{ rabbitmq_nodename }}" user: guest state: absent when: _rabbitmq_configure_users_result is defined and _rabbitmq_configure_users_result.changed and not ('guest' in (_rabbitmq_user_accounts | map(attribute='username'))) run_once_per: rabbitmq_cp.group_name - name: rabbitmq | configure-users | Create RabbitMQ users become: yes no_log: true rabbitmq_user: node: "{{ rabbitmq_nodename }}" user: "{{ item.username }}" password: "{{ item.password | quote }}" vhost: "{{ item.vhost }}" configure_priv: "{{ item.conf_permissions }}" read_priv: "{{ item.read_permissions }}" write_priv: "{{ item.write_permissions }}" tags: "{{ item.tags }}" state: present force: yes run_once_per: rabbitmq_cp.group_name when: _rabbitmq_configure_users_result is defined and _rabbitmq_configure_users_result.changed and item.username is defined and item.password is defined with_items: "{{ _rabbitmq_user_accounts | unique }}" 07070100000052000081A40000000000000000000000015FAD0DE00000047C000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/create-working-dirs.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | create-working-dirs | Create required directorys become: yes file: path: "{{ item.path }}" state: directory owner: "{{ item.owner | default('root') }}" group: "{{ item.group | default('root') }}" mode: 0755 with_items: - path: /etc/logrotate.d - path: "{{ rabbitmq_etc_dir }}" - path: "{{ rabbitmq_env.pid_file | dirname }}" owner: rabbitmq group: rabbitmq - include: _erlang_ssl_symlink.yml when: ansible_os_family == 'Debian' 07070100000053000081A40000000000000000000000015FAD0DE000000AF0000000000000000000000000000000000000004600000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/install.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | install | Install RabbitMQ dependencies become: yes package: name: "{{ item }}" state: present with_items: procps - name: rabbitmq | install | SUSE - Install RabbitMQ application become: yes zypper: name: "{{ item.package }}" state: latest register: _rabbitmq_install_zypper_result with_items: rabbitmq_restart_packages when: item.upgrade != "" and ansible_os_family == 'Suse' # The epmd.socket unit is enabled by default but only listens on 127.0.0.1, # while we need it to listen on the management network too. - name: rabbitmq | install | Create epmd.socket.d directory become: yes file: path: /etc/systemd/system/epmd.socket.d state: directory mode: 0755 when: ansible_os_family == 'Suse' - name: rabbitmq | install | SUSE - Create epmd.socket.d/port.conf become: yes template: src: suse/epmd.socket-port.conf.j2 dest: /etc/systemd/system/epmd.socket.d/port.conf mode: 0644 register: _epmd_socket_conf_result when: ansible_os_family == 'Suse' - name: rabbitmq | install | SUSE - Reload systemd for epmd.socket extension become: yes command: systemctl daemon-reload when: _epmd_socket_conf_result.changed and ansible_os_family == 'Suse' - name: rabbitmq | install | SUSE - Store registered facts set_fact: _rabbitmq_install_pkg_result: "{{ _rabbitmq_install_zypper_result }}" when: ansible_os_family == 'Suse' # We need to create rabbitmq-env.config after the Erlang package is # available because we need to use /usr/bin/erl command to determine the # Erlang SSL module path. - include: _write-rabbitmq-env-config.yml when: _rabbitmq_install_pkg_result.changed - name: rabbitmq | install | Restart RabbitMQ application become: yes service: name: "{{ rabbitmq_service_name }}" state: restarted when: _rabbitmq_install_pkg_result.changed - name: rabbitmq | install | Wait for the RabbitMQ application to start become: yes command: | timeout {{ rabbitmq_start_timeout }} rabbitmqctl wait {{ rabbitmq_env.pid_file }} changed_when: false when: _rabbitmq_install_pkg_result.changed 07070100000054000081A40000000000000000000000015FAD0DE000000A45000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/lock_config.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | lock_config | Get RabbitMQ Status become: yes command: rabbitmqctl status register: _rabbitmq_status_result changed_when: false # Lockout low-level plays in RabbitMQ if we detect a complex change # requiring orchestration across services. - name: rabbitmq | lock_config | Check for unsafe RabbitMQ configuration change fail: msg: "Unsafe configuration change: Please run Ardana top level playbook" when: (rabbitmq_config_lock | bool) and (not (rabbitmq_cp.tls_enabled | bool)) and (_rabbitmq_status_result.stdout | search("'amqp/ssl'")) run_once: true - name: rabbitmq | lock_config | Set-up facts prefix and clear lockout_tls set_fact: ardana_notify_set_false_prefix: ardana_notify_rabbitmq changed_when: true register: _rabbitmq_lock_config_prefix_result # Not a persistant facts. when: ardana_notify_rabbitmq_lockout_tls is defined and ardana_notify_rabbitmq_lockout_tls.changed - name: rabbitmq | lock_config | Set RabbitMQ persistant facts False debug: msg: "Clear {{ ardana_notify_set_false_prefix }}:{{ inventory_hostname }}" changed_when: true register: ardana_notify_set_persistent_facts_to_false # This forces the reset. when: _rabbitmq_lock_config_prefix_result is defined and _rabbitmq_lock_config_prefix_result.changed - name: rabbitmq | lock_config | Default persistant facts prefix set_fact: ardana_notify_set_false_prefix: ardana_notify changed_when: true when: _rabbitmq_lock_config_prefix_result is defined and _rabbitmq_lock_config_prefix_result.changed - name: rabbitmq | lock_config | Detect TLS is being disabled debug: msg: "Lock TLS config, services must transition: {{ inventory_hostname }}" changed_when: true when: (ardana_notify_rabbitmq_lockout_tls is not defined) and (not (rabbitmq_cp.tls_enabled | bool)) and (_rabbitmq_status_result.stdout | search("'amqp/ssl'")) register: ardana_notify_rabbitmq_lockout_tls 07070100000055000081A40000000000000000000000015FAD0DE000000651000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/main.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | main | Load os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" - name: rabbitmq | main | Validate cluster play for RabbitMQ fail: msg: | "Play is limited to one control plane: {{ rabbitmq_cp.control_planes }}" "If 'rabbitmq_primary_hostname' is not: {{ groups[rabbitmq_cp.group_name] | first }}" "or 'rabbitmq_remote_hostname' is not: {{ groups[rabbitmq_cp.group_name] [(groups[rabbitmq_cp.group_name].index(rabbitmq_primary_hostname) + 1) % (groups[rabbitmq_cp.group_name] | length )]) }}" when: > ((rabbitmq_primary_hostname != (groups[rabbitmq_cp.group_name] | first)) or (rabbitmq_remote_hostname != (groups[rabbitmq_cp.group_name] [(groups[rabbitmq_cp.group_name].index(rabbitmq_primary_hostname) + 1) % (groups[rabbitmq_cp.group_name] | length )])) ) and ((play_hosts | cluster_consistency_check(hostvars) | length) > 1) run_once: true 07070100000056000081A40000000000000000000000015FAD0DE000000632000000000000000000000000000000000000004C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/pre-configure.yml# # (c) Copyright 2015 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | pre-configure | Add 'rabbitmq' group become: yes group: name: rabbitmq system: yes - name: rabbitmq | pre-configure | Add 'rabbitmq' user become: yes user: name: rabbitmq group: rabbitmq comment: "RabbitMQ messaging server" shell: /bin/false home: "{{ rabbitmq_env.home }}" register: ardana_notify_rabbitmq_stop_forced - name: rabbitmq | pre-configure | Create required directorys become: yes file: path: "{{ item }}" state: directory owner: rabbitmq group: rabbitmq mode: 0755 with_items: "{{ rabbitmq_env.home }}" # This alluse use to use systemctl on remote node not yet in # cluster. - name: rabbitmq | pre-configure | Create shared .erlang.cookie become: yes template: src: erlang.cookie.j2 dest: "{{ rabbitmq_env.home }}/.erlang.cookie" owner: rabbitmq group: rabbitmq mode: 0400 register: ardana_notify_rabbitmq_stop_forced 07070100000057000081A40000000000000000000000015FAD0DE000000BBA000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/remove.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | remove | Forcfully stop RabbitMQ become: yes command: pkill -9 -u rabbitmq register: _rabbitmq_remove_pkill_result changed_when: _rabbitmq_remove_pkill_result | success failed_when: _rabbitmq_remove_pkill_result.rc >= 2 # Stop the RabbitMQ application including Erlang. - name: rabbitmq | remove | Notify systemd that RabbitMQ service is stopped become: yes service: name: rabbitmq-server enabled: no state: stopped - include: _stop_epmd.yml - name: rabbitmq | remove | Forcfully clear down all mnesia become: yes file: path: "{{ rabbitmq_env.mnesia_base }}" state: absent - name: rabbitmq | remove | Clean down any tls files become: yes file: path: "{{ item.value }}" state: absent with_dict: rabbitmq_tls - name: rabbitmq | remove | Check rabbitmq-server.postrm exits become: yes stat: path: /var/lib/dpkg/info/rabbitmq-server.postrm register: _rabbitmq_remove_stat_result - name: rabbitmq | remove | Modify rabbitmq-server.postrm to allow mount points become: yes replace: dest: /var/lib/dpkg/info/rabbitmq-server.postrm regexp: '(\s+)rm -r (.*)\s*$' replace: '\1rm -rf \2 || true' when: _rabbitmq_remove_stat_result.stat.exists - name: rabbitmq | remove | Debian - Remove the RabbitMQ packages become: yes apt: name: "{{ item.package }}" force: yes state: absent purge: yes register: _purge_result with_items: rabbitmq_restart_packages[::-1] when: item.upgrade != "" and ansible_os_family == 'Debian' # https://github.com/ansible/ansible-modules-core/issues/965 - name: rabbitmq | remove | Debian - Remove unused packages become: yes command: apt-get -y autoremove register: _autoremove_result changed_when: > "The following packages will be REMOVED" in _autoremove_result.stdout when: _purge_result.changed and ansible_os_family == 'Debian' tags: - skip_ansible_lint - name: rabbitmq | remove | SUSE - Remove the RabbitMQ packages and dependencies become: yes command: zypper remove --no-confirm --clean-deps {{ item.package }} register: _rabbitmq_remove_result failed_when: _rabbitmq_remove_result.rc != 0 and _rabbitmq_remove_result.rc != 104 with_items: rabbitmq_restart_packages[::-1] when: item.upgrade != "" and ansible_os_family == 'Suse' 07070100000058000081A40000000000000000000000015FAD0DE000000F3B000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | start | Ensure that epmd service is started become: yes service: name: epmd.service enabled: no state: started - name: rabbitmq | start | Ensure that RabbitMQ service is started become: yes service: name: rabbitmq-server enabled: no state: started register: _rabbitmq_start_result # It is possible that RabbitMQ service was started but we are at stop_app # so let's guarantee the RabbitMQ application is also started. - name: rabbitmq | start | Get RabbitMQ status become: yes command: rabbitmqctl status changed_when: false register: _rabbitmq_start_status_result when: not _rabbitmq_start_result.changed - name: rabbitmq | start | Run start_app if RabbitMQ application is stopped become: yes command: | timeout {{ rabbitmq_start_app_timeout }} rabbitmqctl start_app register: _rabbitmq_start_app_result when: not _rabbitmq_start_result.changed and not (_rabbitmq_start_status_result.stdout | search('{rabbit,"RabbitMQ",.*},')) # Wait for the RabbitMQ application to start. - name: rabbitmq | start | Wait for the RabbitMQ application to start become: yes command: | timeout {{ rabbitmq_start_timeout }} rabbitmqctl wait {{ rabbitmq_env.pid_file }} changed_when: false when: _rabbitmq_start_result.changed or _rabbitmq_start_app_result.changed # Configure 'rabbitmq_primary_hostname' RabbitMQ node to be able to form and # synchronisable a HA cluster. - include: _configure-ha-cluster.yml when: inventory_hostname == rabbitmq_primary_hostname # We have to work across the cluster here as to join a host at least two must # be online and hence this is a serialisation inside the task. # # The hosts are taken down using the stop play the rabbitmq_primary_hostname # is taken down last, so during the cluster rejoin, the other hosts must join # to the rabbitmq_primary_hostname host first. # # Cluster remote to primary. - include: _cluster-check.yml when: inventory_hostname == rabbitmq_remote_hostname and (rabbitmq_clustered | bool) # Cluster nodes that are not primary or remote to primary. - include: _cluster-check.yml when: inventory_hostname != rabbitmq_primary_hostname and inventory_hostname != rabbitmq_remote_hostname and (rabbitmq_clustered | bool) # Cluster primary to remote. - include: _cluster-check.yml when: inventory_hostname == rabbitmq_primary_hostname and (rabbitmq_clustered | bool) # Enable any registered RabbitMQ plugins. This must be done after clustering to # correctly set-up the distributed DB used by RabbitMQ. We serialize the # install so we always get a master node up for distributed plugins. - include: _enable-plugins.yml when: inventory_hostname == rabbitmq_primary_hostname - include: _enable-plugins.yml when: inventory_hostname != rabbitmq_primary_hostname and (rabbitmq_clustered | bool) # We retry here as logrotate may be running. - name: rabbitmq | start | Rotate the logs on startup become: yes command: logrotate -f /etc/logrotate.d/rabbitmq-server register: _rabbitmq_start_logrotate_result until: (_rabbitmq_start_logrotate_result | success) retries: 5 delay: 10 when: _rabbitmq_start_result.changed 07070100000059000081A40000000000000000000000015FAD0DE00000097C000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: rabbitmq | status | Check RabbitMQ service debug: msg: "Running service check on RabbitMQ" run_once: true - name: rabbitmq | status | Check RabbitMQ service running command: systemctl status "{{ rabbitmq_service_name }}" changed_when: false failed_when: false register: _rabbitmq_systemctl_status_result - name: rabbitmq | status | Report status of RabbitMQ fail: msg: | {{ rabbitmq_service_name }} is not running. systemctl status {{ rabbitmq_service_name }} {{ _rabbitmq_systemctl_status_result.stdout }} {{ _rabbitmq_systemctl_status_result.stderr }} when: (_rabbitmq_systemctl_status_result | failed) - name: rabbitmq | status | Check RabbitMQ running hosts in cluster become: yes shell: > rabbitmqctl cluster_status 2>/dev/null | awk '/running_nodes,\[[^]]+,/,/]},/' | sed 's/,\([^[]\)/,\n\1/g' register: _rabbitmq_cluster_status_result changed_when: false failed_when: > (_rabbitmq_cluster_status_result | failed) or (_rabbitmq_cluster_status_result.stdout_lines | length) != (rabbitmq_cluster_size | int) when: (rabbitmq_clustered | bool) # Note: We always take the TLS details from CP here. - name: rabbitmq | status | Validate RabbitMQ clients connection TLS/TCP status become: yes shell: > rabbitmqctl -q list_connections ssl state ssl_protocol user name | sort -u | awk -F'\t' '(($1 ~ /^{{ (not (rabbitmq_cp.tls_enabled | bool)) | lower }}$/ && $2 !~ /^(closing|closed)$/) || $3 !~ /^tlsv1.2$|^$/) && $4 !~ /^$/' register: _rabbitmq_tls_status_result changed_when: false failed_when: > (_rabbitmq_tls_status_result | failed) or (_rabbitmq_tls_status_result.stdout_lines | length) > 0 when: (rabbitmq_tls_check_status | bool) 0707010000005A000081A40000000000000000000000015FAD0DE0000009C6000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Wait for queues to synchronise, during synchronisation the queues will # pause and not allow any messages to be placed in the queue that is # synchronising. - include: _wait-for-cluster-sync.yml when: (rabbitmq_clustered | bool) # This will disable/stop all running plugins. This must be performed before # leaving a cluster (gracefully exit) as we must inform all cluster node # of our plugin states before we exit so not to have restart issues. # # Note: For non-gracefully we should work as we do not do a host reset # and hence we use the internal Rabbit HA mechanism to get back # online. - include: _disable-plugins.yml # The 'when' statement below make sure that never run reset in the stop # incorrectly in a cluster even when rabbitmq_permit_multi_stop is defined. # This allows us to preserve at least one node with the current DB, which must # be the last node to stop and the first node to start. # # NOTE: the conditions on this next step are in ADDITION to restrictions # that the top-level playbooks impose. It is VITAL that you read # these conditions in conjunction with the guards in those playbooks! - include: _reset-host.yml when: not rabbitmq_do_not_reset_node and ( (not rabbitmq_permit_multi_stop and (rabbitmq_clustered | bool)) or (rabbitmq_permit_multi_stop and inventory_hostname != rabbitmq_primary_hostname) or (rabbitmq_reset_option == "force_reset") ) # Stop the RabbitMQ application including Erlang. - name: rabbitmq | stop | Ensure that RabbitMQ service is stopped become: yes service: name: rabbitmq-server enabled: no state: stopped - name: rabbitmq | stop | Ensure that epmd service is stopped become: yes service: name: epmd.service enabled: no state: stopped - include: _stop_epmd.yml 0707010000005B000081A40000000000000000000000015FAD0DE00000070D000000000000000000000000000000000000004900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/workaround.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # See if we need to workaround RabbitMQ 3.4.3-3.6.0 reset problems. # --- - name: rabbitmq | workaround | Get RabbitMQ installed package version shell: > dpkg-query -W -f='${Version} ${status}\n' {{ item.package }} | awk '/ok installed/{print $1}' when: item.upgrade != "" changed_when: false register: _rabbitmq_workaround_version_result with_items: rabbitmq_restart_packages - name: rabbitmq | workaround | Check current installed package are constant fail: msg: "Inconstant RabbitMQ package found: {{ item.key }} : {{ item.value }}" when: (item.value | length != 1) with_dict: > (rabbitmq_cp_hosts.ansible_cluster | package_consistency_check(hostvars, '_rabbitmq_workaround_version_result')) run_once_per: rabbitmq_cp.group_name - name: rabbitmq | workaround | Set RabbitMQ workaround debug: msg: "Notify RabbitMQ workaround required: {{ item.item.package }}" changed_when: true when: item.skipped is not defined and (item.stdout | version_compare_smart(item.item.workround, '<')) with_items: _rabbitmq_workaround_version_result.results register: ardana_notify_rabbitmq_workaround_required 0707010000005C000081A40000000000000000000000015FAD0DE00000077F000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/write-configuration.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # see: http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html - name: rabbitmq | write-configuration | Create rabbitmq-server.conf become: yes template: src: rabbitmq-server.conf.j2 dest: "/usr/lib/tmpfiles.d/rabbitmq-server.conf" owner: root group: root mode: 0644 register: ardana_notify_rabbitmq_reset_required - name: rabbitmq | write-configuration | Create rabbitmq.config become: yes template: src: rabbitmq.config.j2 dest: "{{ rabbitmq_etc_dir }}/rabbitmq.config" owner: root group: root mode: 0644 register: ardana_notify_rabbitmq_reset_required - name: rabbitmq | write-configuration | Check logrotate rabbitmq-server file stat: path: /etc/logrotate.d/rabbitmq-server register: _rabbitmq_configure_logrotate_result # Package RabbitMQ install will install logrotate by default as a dependent - name: rabbitmq | write-configuration | Create logrotate rabbitmq-server file become: yes template: src: rabbitmq-server.logrotate.j2 dest: /etc/logrotate.d/rabbitmq-server owner: root group: root mode: 0644 when: (not _rabbitmq_configure_logrotate_result.stat.exists) or (('LOG_PRO' in verb_hosts) and (inventory_hostname not in groups[verb_hosts.LOG_PRO])) 0707010000005D000081A40000000000000000000000015FAD0DE00000113B000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/write-tls-files.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # If we are told to regenerate all certs remove existing reqs. # User is forcing a change so lets force a major change. - name: rabbitmq | write-tls-files | Remove RabbitMQ cert requests become: yes file: path: "{{ rabbitmq_tls.req_file }}" state: absent register: _rabbitmq_remove_cert_result when: (rabbitmq_tls_certs_force_regeneration | bool) # We only need a major upgrade set if replication is using TLS. - name: rabbitmq | write-tls-files | Set major upgrade as we removed cert debug: msg: "Remove RabbitMQ cert requested forceing major upgrade" changed_when: true when: _rabbitmq_remove_cert_result.changed and (rabbitmq_tls_replication | bool) register: ardana_notify_rabbitmq_major_change # Are any certificates on disk? - name: rabbitmq | write-tls-files | Check cert file exists become: yes stat: path: "{{ rabbitmq_tls.pem_file }}" register: _rabbitmq_tls_pem_file_result # Are there any invalid certs? If yes, we need new certs. - name: rabbitmq | write-tls-files | Check cert validity become: yes command: openssl verify {{ rabbitmq_tls.pem_file }} when: _rabbitmq_tls_pem_file_result.stat.exists register: _rabbitmq_cert_validity_checks_result failed_when: "'error' in _rabbitmq_cert_validity_checks_result.stderr" changed_when: false # Delete the cert requests whose certs are invalid. - name: rabbitmq | write-tls-files | Remove invalid cert requests become: yes file: path: "{{ rabbitmq_tls.req_file }}" state: absent register: _rabbitmq_invalid_cert_result when: _rabbitmq_tls_pem_file_result.stat.exists and (_rabbitmq_cert_validity_checks_result | failed) # We only need a major upgrade set if replication is using TLS. - name: rabbitmq | write-tls-files | Set major upgrade as we removed cert debug: msg: "Invalid RabbitMQ cert forceing major upgrade" changed_when: true when: _rabbitmq_invalid_cert_result.changed and (rabbitmq_tls_replication | bool) register: ardana_notify_rabbitmq_major_change # Are there any certs about to expire? The openssl -checkend option # will return 1 if cert is about to expire. So we use it as a filter # in the next step to replace the expiring certs. - name: rabbitmq | write-tls-files | Check cert expiry become: yes command: > openssl x509 -in {{ rabbitmq_tls.pem_file }} -checkend {{ rabbitmq_tls_expiry_check }} register: _rabbitmq_cert_expiry_checks_result when: _rabbitmq_tls_pem_file_result.stat.exists failed_when: false changed_when: false # Delete the cert requests whose certs are about to expire. And then # run a minor change - name: rabbitmq | write-tls-files | Remove expiring cert requests become: yes file: path: "{{ rabbitmq_tls.req_file }}" state: absent when: _rabbitmq_tls_pem_file_result.stat.exists and (_rabbitmq_cert_expiry_checks_result | failed) register: ardana_notify_rabbitmq_reset_required # Copy cert requests. A successful copy indicates that the # corresponding cert needs to be copied too. - name: rabbitmq | write-tls-files | Copy RabbitMQ cert requests become: yes copy: src: "{{ rabbitmq_tls_certs_local_dir }}/{{ rabbitmq_cp.tls_filename }}.req" dest: "{{ rabbitmq_tls.req_file }}" owner: rabbitmq group: rabbitmq mode: 0400 register: _rabbitmq_cert_request_update_result # If we are updating the pem file then we can run minor change. - name: rabbitmq | write-tls-files | Copy RabbitMQ certs become: yes copy: src: "{{ rabbitmq_tls_certs_local_dir }}/{{ rabbitmq_cp.tls_filename }}" dest: "{{ rabbitmq_tls.pem_file }}" owner: rabbitmq group: rabbitmq mode: 0400 when: _rabbitmq_cert_request_update_result.changed register: ardana_notify_rabbitmq_reset_required 0707010000005E000041ED0000000000000000000000035FAD0DE000000000000000000000000000000000000000000000003E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates0707010000005F000081A40000000000000000000000015FAD0DE0000002A5000000000000000000000000000000000000004F00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/erlang.cookie.j2{# # # (c) Copyright 2015 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} {{ rabbitmq_cp.erlang_cookie }} 07070100000060000081A40000000000000000000000015FAD0DE0000002DD000000000000000000000000000000000000005300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq-env.conf.j2{# # # (c) Copyright 2015 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} {% for key,value in rabbitmq_env|dictsort %} {{ key | upper }}={{ value }} {% endfor %} 07070100000061000081A40000000000000000000000015FAD0DE0000002C4000000000000000000000000000000000000005600000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq-server.conf.j2{# # # (c) Copyright 2015 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} d {{ rabbitmq_env.pid_file | dirname }} 0755 rabbitmq rabbitmq 07070100000062000081A40000000000000000000000015FAD0DE000000362000000000000000000000000000000000000005B00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq-server.logrotate.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} {{ rabbitmq_env.log_base }}/*.log { daily compress delaycompress missingok notifempty maxsize 45M rotate 7 sharedscripts postrotate /usr/sbin/rabbitmqctl rotate_logs > /dev/null endscript } 07070100000063000081A40000000000000000000000015FAD0DE0000009E1000000000000000000000000000000000000005100000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq.config.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [ {kernel, [ {inet_dist_listen_min, {{ rabbitmq_cp.inet_dist_listen_port }}}, {inet_dist_listen_max, {{ rabbitmq_cp.inet_dist_listen_port }}}, {inet_default_listen_options, [ {nodelay,true}, {sndbuf,65535}, {recbuf,65535}, {keepalive, true} ]}, {inet_default_connect_options, [ {nodelay,true}, {keepalive, true} ]} ]}, {% if (rabbitmq_tls_enabled | bool) %} {ssl, [{versions, ['tlsv1.2']}]}, {% endif %} {rabbit, [ {tcp_listeners, [ {% for addr in rabbitmq_cp.tcp_bind_addresses %} {"{{ addr.ip }}", {{ addr.port }}}{% if not loop.last %},{% endif %} {% endfor %} ]}, {% if (rabbitmq_tls_enabled | bool) %} {ssl_listeners, [ {% for addr in rabbitmq_cp.tls_bind_addresses %} {"{{ addr.ip }}", {{ addr.port }}}{% if not loop.last %},{% endif %} {% endfor %} ]}, {ssl_options, [ {keyfile, "{{ rabbitmq_tls.pem_file }}"}, {certfile, "{{ rabbitmq_tls.pem_file }}"}, {versions, ['tlsv1.2']}, {verify, verify_none}, {fail_if_no_peer_cert, false} ]}, {% endif %} {% if (rabbitmq_clustered | bool) %} {cluster_partition_handling, {{ rabbitmq_config.cluster_partition_handling }}}, {queue_master_locator, <<"min-masters">>}, {% endif %} {disk_free_limit, {{ rabbitmq_config.disk_free_limit }}}, {loopback_users, []}, {vm_memory_high_watermark, {{ rabbitmq_config.vm_memory_high_watermark }}}, {hipe_compile, {{ rabbitmq_config.hipe_compile | lower }}} ]}{% if ("rabbitmq_management" in (rabbitmq_plugins | default([], true))) %}, {rabbitmq_management, [ {listener, [ {port, {{ rabbitmq_cp.management_address.port }}}, {ip, "{{ rabbitmq_cp.management_address.ip }}"}, {ssl, {{ rabbitmq_tls_enabled | lower }}} ]}, {rates_mode, {{ rabbitmq_config.rates_mode }}} ]} {% endif %} ]. 07070100000064000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/suse07070100000065000081A40000000000000000000000015FAD0DE000000297000000000000000000000000000000000000005C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/suse/epmd.socket-port.conf.j2{# # # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [Socket] ListenStream={{ rabbitmq_cp.management_address.ip }}:4369 FreeBind=true 07070100000066000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/vars07070100000067000081A40000000000000000000000015FAD0DE00000044A000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/vars/debian.yml # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # List of packages we register a restart. rabbitmq_restart_packages: - upgrade: major workround: "1:18.3.1-dfsg-1+hpelinux1" package: erlang-base - upgrade: "{%- if rabbitmq_config.hipe_compile -%} major {%- endif -%}" workround: "1:18.3.1-dfsg-1+hpelinux1" package: erlang-base-hipe - upgrade: major workround: "1:18.3.1-dfsg-1+hpelinux1" package: erlang-nox - upgrade: check workround: 3.6.1 package: rabbitmq-server 07070100000068000081A40000000000000000000000015FAD0DE0000003E2000000000000000000000000000000000000004200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/vars/suse.yml # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Placeholder for Erlang SSL module path. Expect to be overwritten # by the tasks when setting up SSL for distribution. erl_ssl_path: # List of packages we register a restart. rabbitmq_restart_packages: - upgrade: check workround: 0.0.0 package: rabbitmq-server - upgrade: check workround: 0.0.0 package: rabbitmq-server-plugins 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!377 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
