stone-payments / ansible-rabbitmq Goto Github PK

View Code? Open in Web Editor NEW

27.0 468.0 21.0 286 KB

Ansible role to install and configure RabbitMQ server.

License: MIT License

Python 64.67% Jinja 35.33%

evolucaoinfra rabbitmq ansible maas

ansible-rabbitmq's Introduction

Stone Payments - RabbitMQ

Ansible role to install and configure RabbitMQ server.

Note

A good practice is to have, before using this, clear knowledge of what are the plugins you're going to need. By default, this role enables the management plugin, here is a example of a playbook that enables more plugins.

---
- name: queue service
  hosts: your_hosts
  become: true
  roles:
    - role: stone-payments.rabbitmq
      rabbitmq_plugins:
        - rabbitmq_management
        - rabbitmq_shovel
        - rabbitmq_shovel_management

Requirements

To install requirements you can run this command: pipenv install --dev

Before using this role make sure that the machines that will compose the cluster connect to each other - via ping or name resolution. Also make sure that they can connect to the Internet to download RabbitMQ package.

For RedHat machines make sure the machines are subscribed. Also, this role requires the previous installation of the EPEL repositories. Alternatively, you can use our role stone-payments.epel to install EPEL.

Role Variables

  # Take the package given by the OS/distrib (Debian-like only)
  rabbitmq_os_package: false

  # RabbitMQ repositories in katello
  rabbitmq_repository_on_satellite:
    - Stone_RabbitMQ_erlang_rhel7
    - Stone_RabbitMQ_38_rhel7

  # Always install RabbitMQ,
  # unless it's already installed and you don't want it to be replaced
  rabbitmq_install_enabled: true

  # Install specific RabbitMQ version, unless it's redefined
  rabbitmq_major: 3
  rabbitmq_minor: 8
  rabbitmq_patch: 5
  rabbitmq_suffix: 1
  rabbitmq_release: "*"
  rabbitmq_version: "{{ rabbitmq_major }}.{{ rabbitmq_minor }}.{{ rabbitmq_patch }}"
  rabbitmq_package: "{{ rabbitmq_version }}-{{ rabbitmq_suffix }}"

  # TCP configuration
  rabbitmq_conf_tcp_listeners_address: ""
  rabbitmq_conf_tcp_listeners_port: 5672

  # RabbitMQ configuration
  rabbitmq_owner: rabbitmq
  rabbitmq_group: rabbitmq
  rabbitmq_home_path: /var/lib/rabbitmq/
  rabbitmq_enabled_plugins_file_path: /etc/rabbitmq/enabled_plugins
  rabbitmq_config_file_path: /etc/rabbitmq/rabbitmq.conf
  rabbitmq_env_variables_file_path: /etc/rabbitmq/rabbitmq-env.conf
  rabbitmq_conf_extra_settings:
  rabbitmq_default_loglevel: warning
  rabbitmq_erlang_cookie: ""
  rabbitmq_erlang_cookie_file_path: "{{ rabbitmq_home_path }}.erlang.cookie"

  # Variables can be overriden to adapt to the user case
  rabbitmq_conf_disk_free_limit_mem_relative: 1.5
  rabbitmq_conf_vm_memory_high_watermark: 0.4
  rabbitmq_conf_num_acceptors_tcp: 10

  # System number of open files
  rabbitmq_service_d_path: /etc/systemd/system/rabbitmq-server.service.d
  rabbitmq_system_number_open_files: 50000

  # RabbitMQ cluster
  rabbitmq_clustering_force: false
  rabbitmq_clustering_enabled: false
  rabbitmq_clustering_cluster_name: ""
  rabbitmq_clustering_ha_default: true
  rabbitmq_nodename_prefix: rabbit
  rabbitmq_nodename: "{{ ansible_fqdn }}"

  # RabbitMQ plugins
  rabbitmq_manage_plugins: true
  rabbitmq_bin_path: /usr/lib/rabbitmq/bin
  rabbitmq_sbin_path: /usr/lib/rabbitmq/sbin
  rabbitmq_plugins_prefix_path: /usr/lib/rabbitmq
  rabbitmq_plugins:
    - name: rabbitmq_management
      state: enabled
    - name: rabbitmq_shovel
      state: enabled
    - name: rabbitmq_shovel_management
      state: enabled

  # RabbitMQ Users
  rabbitmq_manage_users: true

  # The same format of the rabbitmq_users_default variable.
  # The management UI requires authentication and authorisation. For more details see: https://www.rabbitmq.com/management.html#permissions
  rabbitmq_users: {}
  rabbitmq_users_default:
    admin:
      password: rabbitmq
      tags: administrator

  # RabbitMQ Vhosts
  rabbitmq_manage_vhosts: false  # (true | false) to manage VHosts
  rabbitmq_vhosts:
    name_of_vhost:
      state: present
      set_limit: true  # (Optional) Set this to configue vhost limits
      max_connections: 0
      max_queues: 0

  # RabbitMQ Rest API Login Credentials
  rabbitmq_api_login_credentials:
    login_host: # (Mandatory) RabbitMQ Rest API host
    login_port: # (Optional) RabbitMQ Rest API port. The default value is "15672".
    login_protocol: # (Optional) RabbitMQ Rest API port. The default value is "http".
    login_user: # (Optional) RabbitMQ Rest API user. The default value is "guest".
    login_password: # (Mandatory) RabbitMQ Rest API user password
    ca_cert: # (Optional) CA certificate to verify SSL connection to management API.
    client_cert: # (Optional) Client certificate to send on SSL connections to management API.
    client_key: # (Optional) Private key matching the client certificate.

  # RabbitMQ Queues
  ## To manage RabbitMQ Queues you need use Rest Api Login Credentials
  ## For more parameters see the official ansible documentation for this module at https://docs.ansible.com/ansible/latest/modules/rabbitmq_queue_module.html
  rabbitmq_manage_queues: false  # (true | false) to manage Queues
  rabbitmq_queues:
    name_of_queue:
      vhost: # (Optional) Set this to configue vhost for queue. The default value is "/".
      state: present

  # RabbitMQ Exchanges
  ## To manage RabbitMQ Exchanges you need use Rest Api Login Credentials
  rabbitmq_manage_exchanges: false  # (true | false) to manage Exchanges
  ## For more parameters see the official ansible documentation for this module at https://docs.ansible.com/ansible/latest/modules/rabbitmq_exchange_module.html
  rabbitmq_exchanges:
    name_of_exchange:
      vhost: # (Optional) Set this to configue vhost for exchange. The default value is "/".
      type: # (Optional) Set this to configue type for exchange. The default value is "direct".
      state: present

  # RabbitMQ Bindings
  ## To manage RabbitMQ Bindings you need use Rest Api Login Credentials
  rabbitmq_manage_bindings: false  # (true | false) to manage Bindings
  ## For more parameters see the official ansible documentation for this module at https://docs.ansible.com/ansible/latest/modules/rabbitmq_binding_module.html
  rabbitmq_bindings:
    name_of_source_exchange_binding:
      vhost: # (Optional) Set this to configue vhost for binding. The default value is "/".
      type: # (Mandatory) Set this to configue type for binding.
      destination: # (Mandatory) Set the destination exchange or queue for the binding.
      routing_key: # (Optional) Set this to configue routing key for the binding.. The default value is "#".
      state: present

  # RabbitMQ Policy
  rabbitmq_manage_policies: false # (true | false) to manage Policy
  rabbitmq_policies:
    name_of_policy:
      vhost: ""
      pattern: ".*"
      tags:
        ha-mode: ""
        ha-sync-mode: ""

  # Config Newrelic to monitoring RabbitMQ
  newrelic_license:
  rabbitmq_newrelic_agent_enabled: false
  rabbitmq_newrelic_agent_config_file_path: /etc/newrelic-infra/integrations.d/rabbitmq-config.yml
  rabbitmq_newrelic_command: all
  rabbitmq_newrelic_hostname: localhost
  rabbitmq_newrelic_port: 15672
  rabbitmq_newrelic_use_ssl: false
  rabbitmq_newrelic_username: admin
  rabbitmq_newrelic_password: rabbitmq
  rabbitmq_newrelic_config_path: "{{ rabbitmq_config_file_path }}"
  rabbitmq_newrelic_queues:
  rabbitmq_newrelic_exchanges:
  rabbitmq_newrelic_vhosts:
  rabbitmq_newrelic_labels:
    env: ""
    role: ""

Dependencies

None yet.

How to run this?

Example Playbook

  - hosts: servers
    roles:
      - stone-payments.rabbitmq

By default this role will install the currently last upstream version of RabbitMQ (which is 3.8.5). If you want to install any other version you must give the version numbers.

  - hosts: servers
    roles:
      - role: stone-payments.rabbitmq
        rabbitmq_major: 3
        rabbitmq_minor: 8
        rabbitmq_patch: 5

By default the role will try the configure the NODENAME with rabbit@{{ ansible_nodename }} when clustering is enabled, if you want to customize the node name, you can substitute the NODENAME with the variables rabbitmq_nodename_prefix.

Others specific RabbitMQ environment variables can also be given.

  vars:
    rabbitmq_conf_env:
      RABBITMQ_NODE_IP_ADDRESS: "127.0.0.2"

You can alter:

Memory watermark (rabbitmq_conf_disk_free_limit_mem_relative);
Free disk space limit (rabbitmq_conf_vm_memory_high_watermark);
Number of system's open files (rabbitmq_system_number_open_files).

  vars:
    rabbitmq_conf_disk_free_limit_mem_relative: 1.5
    rabbitmq_conf_vm_memory_high_watermark: 0.4
    rabbitmq_system_number_open_files: 50000

To create a cluster you just have to run this role against the target nodes and give some extra vars.

- name: queue service clustered
  hosts: group2
  become: true
  roles:
    - role: stone-payments.rabbitmq
      rabbitmq_erlang_cookie: <your_cookie>
      rabbitmq_clustering_enabled: true

To create a cluster using FQDN for hosts, just set USE_LONGNAME.

  vars:
    rabbitmq_conf_env:
      USE_LONGNAME: "true"

Notice that the cookie is hash string that can be of any size. A good practice is use a hash of 20 characters. This is the syncronization cookie used by erlang to create the cluster.

Use this playbook as a practical example.

Testing

This role implements unit tests with molecule and testinfra. Notice that we only support Molecule 2.0 or greater. You can install molecule with:

pipenv install --dev --three

After having Molecule setup, you can run the tests with this steps:

molecule test [-s scenario_name]

To Do

Add tests for the conection/read/write of rabbit's queues
Test removing flush_handlers from clustering step
Bug: when the master is down and the clustering step is run all the other nodes will go down.

Contributing

Just open a PR. We love PRs!

License

MIT

ansible-rabbitmq's People

Contributors

Stargazers

Watchers

Forkers

phcaguiar paccyman willianpaixao mamahtehok gopaytech prosto-artem maxpoirier petrushahol coveooss kjm0001 bralva akkowicz dansibbernsen anjilinux w-4 michal-barczewski marcossantiago nmussayev

ansible-rabbitmq's Issues

Specify password for new users

As for right now, the password of new users is the same of the username.
Would be nice to have a map with username and passwords to improve security. [1]

Set erlang cookie regardless of cluster

In some cases, you want to set a specific Erlang cookie even if there's no cluster to be configured.
I suggest either moving or duplicating the task of setting the cookie file.

Add bintray rabbitmq repository's key error

Specifications

Ansible version:
2.9.19
Python version:
3
Operating System:
Ubuntu 18.04

Description

When I try to run the playbook it fails at step Add bintray rabbitmq repository's key error

What I Did

fatal: [host]: FAILED! => {"changed": false, "msg": "Failed to download key at https://bintray.com/user/downloadSubjectPublicKey?username=rabbitmq: HTTP Error 404: Not Found"}

public key is not available: NO_PUBKEY 6B73A36E6026DFCA

while installing RabitMQ 3.7 on Ubuntu 18.04 got following error:

FAILED! => {"changed": false, "msg": "Failed to update apt cache: W:GPG error: http://www.rabbitmq.com/debian testing InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6B73A36E6026DFCA, E:The repository 'http://www.rabbitmq.com/debian testing InRelease' is not signed."}

will do PR with fix

Add node to cluster using hostname

In the new versions adding a node using IP causes a fail. When trying to add using hostname - having the nodes in /etc/hosts or via DNS - it works. The documentation should mention this and recommend an inventory containing some sort of names.

Rabbitmq role doesn't work with FQDN

Version of rabbitmq: 3.6.15
Version of ansible: 2.5.2

Some related issues rabbitmq/rabbitmq-server#1182

I'll do a fix to this role right now.

TASK [stone-payments.rabbitmq : join rabbitmq cluster] ********************************************************************************************************************************
Monday 25 June 2018 20:26:34 +0000 (0:00:01.795) 0:07:28.033 ***********
skipping: [rabbitmq-1p01.example.com]
fatal: [rabbitmq-1p02.example.com]: FAILED! => {"changed": true, "cmd": ["rabbitmqctl", "join_cluster", "[email protected]"], "delta": "0:00:00.593572", "end": "2018-06-25 20:26:36.236655", "msg": "non-zero return code", "rc": 69, "start": "2018-06-25 20:26:35.643083", "stderr": "Error: unable to connect to nodes ['[email protected]']: nodedown\n\nDIAGNOSTICS\n===========\n\nattempted to contact: ['[email protected]']\n\[email protected]:\n * connected to epmd (port 4369) on rabbitmq-1p01.example.com\n * epmd reports node 'rabbit' running on port 25672\n * TCP connection succeeded but Erlang distribution failed\n * suggestion: hostname mismatch?\n * suggestion: is the cookie set correctly?\n * suggestion: is the Erlang distribution using TLS?\n\ncurrent node details:\n- node name: 'rabbitmq-cli-43@rabbitmq-1p02'\n- home dir: /var/lib/rabbitmq\n- cookie hash: CK4sp2CJBEqH0+fQ6bhdrQ==", "stderr_lines": ["Error: unable to connect to nodes ['[email protected]']: nodedown", "", "DIAGNOSTICS", "===========", "", "attempted to contact: ['[email protected]']", "", "[email protected]:", " * connected to epmd (port 4369) on rabbitmq-1p01.example.com", " * epmd reports node 'rabbit' running on port 25672", " * TCP connection succeeded but Erlang distribution failed", " * suggestion: hostname mismatch?", " * suggestion: is the cookie set correctly?", " * suggestion: is the Erlang distribution using TLS?", "", "current node details:", "- node name: 'rabbitmq-cli-43@rabbitmq-1p02'", "- home dir: /var/lib/rabbitmq", "- cookie hash: CK4sp2CJBEqH0+fQ6bhdrQ=="], "stdout": "Clustering node 'rabbit@rabbitmq-1p02' with '[email protected]'", "stdout_lines": ["Clustering node 'rabbit@rabbitmq-1p02' with '[email protected]'"]}
fatal: [rabbitmq-1p03.example.com]: FAILED! => {"changed": true, "cmd": ["rabbitmqctl", "join_cluster", "[email protected]"], "delta": "0:00:00.621648", "end": "2018-06-25 20:26:36.268335", "msg": "non-zero return code", "rc": 69, "start": "2018-06-25 20:26:35.646687", "stderr": "Error: unable to connect to nodes ['[email protected]']: nodedown\n\nDIAGNOSTICS\n===========\n\nattempted to contact: ['[email protected]']\n\[email protected]:\n * connected to epmd (port 4369) on rabbitmq-1p01.example.com\n * epmd reports node 'rabbit' running on port 25672\n * TCP connection succeeded but Erlang distribution failed\n * suggestion: hostname mismatch?\n * suggestion: is the cookie set correctly?\n * suggestion: is the Erlang distribution using TLS?\n\ncurrent node details:\n- node name: 'rabbitmq-cli-09@rabbitmq-1p03'\n- home dir: /var/lib/rabbitmq\n- cookie hash: CK4sp2CJBEqH0+fQ6bhdrQ==", "stderr_lines": ["Error: unable to connect to nodes ['[email protected]']: nodedown", "", "DIAGNOSTICS", "===========", "", "attempted to contact: ['[email protected]']", "", "[email protected]:", " * connected to epmd (port 4369) on rabbitmq-1p01.example.com", " * epmd reports node 'rabbit' running on port 25672", " * TCP connection succeeded but Erlang distribution failed", " * suggestion: hostname mismatch?", " * suggestion: is the cookie set correctly?", " * suggestion: is the Erlang distribution using TLS?", "", "current node details:", "- node name: 'rabbitmq-cli-09@rabbitmq-1p03'", "- home dir: /var/lib/rabbitmq", "- cookie hash: CK4sp2CJBEqH0+fQ6bhdrQ=="], "stdout": "Clustering node 'rabbit@rabbitmq-1p03' with '[email protected]'", "stdout_lines": ["Clustering node 'rabbit@rabbitmq-1p03' with '[email protected]'"]}

$ ansible-galaxy install stone-payments.rabbitmq
- downloading role 'rabbitmq', owned by stone-payments
[WARNING]: - stone-payments.rabbitmq was NOT installed successfully: - sorry, stone-payments.rabbitmq was not found on https://galaxy.ansible.com/api/.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Bintray end of life

Just a heads up that Bintray end of life is due to end of may 1th, therefore this Ansible project won't work anymore as it pulls directly from the Bintray repositories.

ref: https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/

Status page: https://status.bintray.com/

Hope it helps cheers.

Remove repo-epel from dependencies

Remove testinfra deprecations

There's a bunch o tesinfra modules that are deprecated and will be left behind - such as command.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble