File ardana-mq-8.0+git.1605176800.52cccfa.obscpio of Package ardana-mq
07070100000000000081A40000000000000000000000015FAD0DE00000007E000000000000000000000000000000000000003000000000ardana-mq-8.0+git.1605176800.52cccfa/.gitreview[gerrit]
host=gerrit.suse.provo.cloud
port=29418
project=ardana/mq-ansible.git
defaultremote=ardana
defaultbranch=stable/pike
07070100000001000081A40000000000000000000000015FAD0DE00000000C000000000000000000000000000000000000003300000000ardana-mq-8.0+git.1605176800.52cccfa/.rsync-filter- ardana-ci
07070100000002000081A40000000000000000000000015FAD0DE00000279F000000000000000000000000000000000000002D00000000ardana-mq-8.0+git.1605176800.52cccfa/LICENSE
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
07070100000003000081A40000000000000000000000015FAD0DE0000002A6000000000000000000000000000000000000002F00000000ardana-mq-8.0+git.1605176800.52cccfa/README.md
(c) Copyright 2015 Hewlett Packard Enterprise Development LP
(c) Copyright 2017 SUSE LLC
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
README
======
TODO: Fill in README for rabbitmq playbooks here.
07070100000004000081A40000000000000000000000015FAD0DE000000721000000000000000000000000000000000000003A00000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-change.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Change/update users access for RabbitMQ.
- include: rabbitmq-configure-users.yml
- hosts: FND-RMQ
max_fail_percentage: 0
gather_facts: no
roles:
- rabbitmq
tasks:
- include: roles/rabbitmq/tasks/create-working-dirs.yml
# Check whether the user has updated the list of RabbitMQ plugins.
- include: roles/rabbitmq/tasks/check-plugins.yml
# Check whether we are transitioning to TLS.
- include: roles/rabbitmq/tasks/check-tls.yml
# Write TLS certificates to disk.
# Note: We always take details from CP here as during TLS transition in
# particular TLS to 'off' we may not have all cert data required.
- include: roles/rabbitmq/tasks/write-tls-files.yml
when: (rabbitmq_cp.tls_enabled | bool)
# Only one of these will operate depending on the state of
# ardana_notify_rabbitmq_major_change.changed set during configure
# above.
- include: _rabbitmq-minor-change.yml
- include: _rabbitmq-major-change.yml
- hosts: FND-RMQ
max_fail_percentage: 0
gather_facts: no
roles:
- rabbitmq
tasks:
# Clear all persisted facts relating to RabbitMQ.
- include: roles/rabbitmq/tasks/clear-persistant-facts.yml
07070100000005000081A40000000000000000000000015FAD0DE0000013D0000000000000000000000000000000000000004000000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-major-change.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _rabbitmq-neutron-setup.yml
# RabbitMQ 3.4.3-3.6.0 workaround rule.
- hosts: FND-RMQ
gather_facts: no
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
- name: rabbitmq | _rabbitmq-major-change | Set fact rabbitmq_major_change
set_fact:
_rabbitmq_major_change: "{{
((ardana_notify_rabbitmq_major_change | default(false)) and
ardana_notify_rabbitmq_major_change.changed) }}"
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to make the cluster go silent to reduce the likelihood of getting an
# Erlang Mnesia held lock (OTP-13284).
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (ardana_notify_rabbitmq_workaround_required | default(false)) and
ardana_notify_rabbitmq_workaround_required.changed and
(_rabbitmq_major_change | bool)
# Take the cluster down to a single node for a major configuration change.
- hosts: FND-RMQ:!{{ rabbitmq_primary_hostname |
default('FND-RMQ--first-member') }}
gather_facts: no
max_fail_percentage: 0
# IMPORTANT: This is performed one host at a time as we must keep quorum as
# we take the cluster down.
serial: 1
roles:
- iptables
- rabbitmq
tasks:
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to do this here to stop traffic entering a node that we are
# reconfiguring. This gives early indication to the proxy to move any vips
# pointing at the node.
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (_rabbitmq_major_change | bool)
- include: roles/rabbitmq/tasks/stop.yml
when: (_rabbitmq_major_change | bool)
- hosts: "{{ rabbitmq_primary_hostname |
default('FND-RMQ--first-member') }}"
gather_facts: no
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to do this here to stop traffic entering a node that we are
# reconfiguring. This gives early indication to the proxy to move any vips
# pointing at the node.
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (_rabbitmq_major_change | bool)
# We do not reset the node as it the only node left form a cluster so we
# must maintain its database.
- include: roles/rabbitmq/tasks/stop.yml
vars:
rabbitmq_do_not_reset_node: true
when: (not
((ardana_notify_rabbitmq_restart_required | default(false)) and
ardana_notify_rabbitmq_restart_required.changed)) and
(_rabbitmq_major_change | bool)
# At this point we are in the situation where the only running node is the
# rabbitmq primary.
# Next steps are:
# * Write any new config to the system.
# * Upgrade all nodes by installing the latest packages if required.
# NOTE: This will cause the primary node to be restarted, and perform
# the Erlang Mnesia schema change.
# * Start all nodes - this will trigger join cluster.
# * Remove block on '*_listener' ports.
- hosts: FND-RMQ
gather_facts: no
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
- include: roles/rabbitmq/tasks/write-configuration.yml
when: (_rabbitmq_major_change | bool)
- include: roles/rabbitmq/tasks/_write-rabbitmq-env-config.yml
when: (_rabbitmq_major_change | bool)
- include: roles/rabbitmq/tasks/install.yml
when: ((ardana_notify_rabbitmq_restart_required | default(false)) and
ardana_notify_rabbitmq_restart_required.changed) and
(_rabbitmq_major_change | bool)
- include: roles/rabbitmq/tasks/start.yml
when: (_rabbitmq_major_change | bool)
# Remove block on '*_listener' ports.
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (_rabbitmq_major_change | bool)
07070100000006000081A40000000000000000000000015FAD0DE0000010C5000000000000000000000000000000000000004000000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-minor-change.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _rabbitmq-neutron-setup.yml
# RabbitMQ 3.4.3-3.6.0 workaround rule.
- hosts: FND-RMQ
gather_facts: no
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
- include: roles/rabbitmq/tasks/write-configuration.yml
when: (not
((ardana_notify_rabbitmq_major_change | default(false)) and
ardana_notify_rabbitmq_major_change.changed))
- include: roles/rabbitmq/tasks/_write-rabbitmq-env-config.yml
when: (not
((ardana_notify_rabbitmq_major_change | default(false)) and
ardana_notify_rabbitmq_major_change.changed))
- name: rabbitmq | _rabbitmq-minor-change | Set fact rabbitmq_minor_change
set_fact:
_rabbitmq_minor_change: "{{
(not
((ardana_notify_rabbitmq_major_change | default(false)) and
ardana_notify_rabbitmq_major_change.changed)) and
(((ardana_notify_rabbitmq_reset_required | default(false)) and
ardana_notify_rabbitmq_reset_required.changed) or
((ardana_notify_rabbitmq_restart_required | default(false)) and
ardana_notify_rabbitmq_restart_required.changed)) }}"
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to make the cluster go silent to reduce the likelihood of getting an
# Erlang Mnesia held lock (OTP-13284).
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (_rabbitmq_minor_change | bool)
- hosts: FND-RMQ
gather_facts: no
max_fail_percentage: 0
# IMPORTANT: This is performed one host at a time to keep cluster running.
serial: 1
roles:
- iptables
- rabbitmq
tasks:
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to do this here to stop traffic entering a node that we are
# reconfiguring. This gives early indication to the proxy to move any vips
# pointing at the node.
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (_rabbitmq_minor_change | bool)
- include: roles/rabbitmq/tasks/stop.yml
when: (_rabbitmq_minor_change | bool)
- include: roles/rabbitmq/tasks/install.yml
when: (_rabbitmq_minor_change | bool) and
((ardana_notify_rabbitmq_restart_required | default(false)) and
ardana_notify_rabbitmq_restart_required.changed)
- include: roles/rabbitmq/tasks/start.yml
when: (_rabbitmq_minor_change | bool)
# Remove block on '*_listener' ports.
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (not
((ardana_notify_rabbitmq_workaround_required | default(false)) and
ardana_notify_rabbitmq_workaround_required.changed)) and
(_rabbitmq_minor_change | bool)
# RabbitMQ 3.4.3-3.6.0 workaround rule.
- hosts: FND-RMQ
gather_facts: no
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
when: (ardana_notify_rabbitmq_workaround_required | default(false)) and
ardana_notify_rabbitmq_workaround_required.changed and
(_rabbitmq_minor_change | bool)
07070100000007000081A40000000000000000000000015FAD0DE0000002ED000000000000000000000000000000000000004100000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-neutron-setup.yml#
# (c) Copyright 2017 Hewlett Packard Enterprise Development LP
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: FND-RMQ:&NEU-*
roles:
- neutron-common
tasks:
- include: roles/neutron-common/tasks/_create_iptables_lockfile.yml
07070100000008000081A40000000000000000000000015FAD0DE0000004DC000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-upgrade-packages.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Validate play and lock any configuration required.
- include: _rabbitmq-validate.yml
- hosts: FND-RMQ
max_fail_percentage: 0
gather_facts: no
roles:
- rabbitmq
tasks:
# Sets-up 'check-upgraded-pkgs' value.
- include: roles/ardana-upgrade-tools/tasks/pkg-query.yml
# based on the result of 'check-upgraded-pkgs'
# ardana_notify_rabbitmq_major_change.changed may be set here to determine
# which upgrade is run in _rabbitmq_change below.
- include: roles/rabbitmq/tasks/check-upgraded-pkgs.yml
# Change the RabbitMQ configuration.
- include: _rabbitmq-change.yml
07070100000009000081A40000000000000000000000015FAD0DE00000036D000000000000000000000000000000000000003C00000000ardana-mq-8.0+git.1605176800.52cccfa/_rabbitmq-validate.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- rabbitmq
- role: validate-cluster-limit
validate_cluster_limit_verb_hosts: "{{ rabbitmq_cp.group_name }}"
tasks:
- include: roles/rabbitmq/tasks/lock_config.yml
0707010000000A000041ED0000000000000000000000045FAD0DE000000000000000000000000000000000000000000000002F00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci0707010000000B000041ED0000000000000000000000035FAD0DE000000000000000000000000000000000000000000000003700000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project0707010000000C000041ED0000000000000000000000035FAD0DE000000000000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model0707010000000D000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data0707010000000E000081A40000000000000000000000015FAD0DE00000092A000000000000000000000000000000000000005A00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/control_plane.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
product:
version: 2
control-planes:
- name: cp1
control-plane-prefix: cp1
failure-zones:
- AZ1
common-service-components:
- lifecycle-manager-target
load-balancers:
- provider: ip-cluster
name: lb
components:
- default
roles:
- internal
- admin
- provider: ip-cluster
name: extlb
external-name: myardana-cp1.test
components:
- default
roles:
- public
clusters:
- name: cluster0
cluster-prefix: c0
server-role:
- SERVER1-ROLE
member-count: 1
allocation-policy: strict
service-components:
- lifecycle-manager-target
- lifecycle-manager
- rabbitmq
- keystone-api
- mysql
- ip-cluster
- name: cp2
uses:
- from: cp1
service-components:
- all
control-plane-prefix: cp2
failure-zones:
- AZ1
- AZ2
- AZ3
common-service-components:
- lifecycle-manager-target
load-balancers:
- provider: ip-cluster
name: lb
components:
- default
roles:
- internal
- admin
clusters:
- name: cluster1
cluster-prefix: c1
server-role:
- SERVER2-ROLE
- SERVER3-ROLE
- SERVER4-ROLE
member-count: 3
allocation-policy: strict
service-components:
- ntp-server
- rabbitmq
- ip-cluster
0707010000000F000081A40000000000000000000000015FAD0DE00000051E000000000000000000000000000000000000005B00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/network_groups.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
product:
version: 2
network-groups:
- name: ARDANA
hostname-suffix: ardana
component-endpoints:
- lifecycle-manager
- lifecycle-manager-target
- name: MANAGEMENT
hostname-suffix: mgmt
hostname: true
tags:
- neutron.networks.vxlan
- neutron.networks.vlan:
provider-physical-network: physnet1
# tls-component-endpoints:
# - barbican-api
component-endpoints:
- default
# routes:
# - default
load-balancers:
- lb
- extlb
- name: EXTERNAL-VM
tags:
- neutron.l3_agent.external_network_bridge
07070100000010000081A40000000000000000000000015FAD0DE000000378000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/regions.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
product:
version: 2
regions:
- name: region1
includes:
- control-plane: cp1
services:
- all
- name: region2
includes:
- control-plane: cp2
services:
- all
07070100000011000081A40000000000000000000000015FAD0DE0000006C9000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/project/input-model/data/servers.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
product:
version: 2
baremetal:
netmask: 255.255.255.0
subnet: 192.168.110.0
server-interface: eth2
servers:
- id: server1
ip-addr: 192.168.110.3
role: SERVER1-ROLE
server-group: RACK1
mac-addr: a4:93:0c:4f:7c:73
nic-mapping: VAGRANT
ilo-ip: 192.168.109.3
ilo-password: password
ilo-user: admin
- id: server2
ip-addr: 192.168.110.4
role: SERVER2-ROLE
server-group: RACK1
mac-addr: b2:72:8d:ac:7c:6f
nic-mapping: VAGRANT
ilo-ip: 192.168.109.4
ilo-password: password
ilo-user: admin
- id: server3
ip-addr: 192.168.110.5
role: SERVER3-ROLE
server-group: RACK2
mac-addr: 8a:8e:64:55:43:76
nic-mapping: VAGRANT
ilo-ip: 192.168.109.5
ilo-password: password
ilo-user: admin
- id: server4
ip-addr: 192.168.110.6
role: SERVER4-ROLE
server-group: RACK3
mac-addr: 9a:9e:64:55:43:67
nic-mapping: VAGRANT
ilo-ip: 192.168.109.5
ilo-password: password
ilo-user: admin
07070100000012000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests07070100000013000081ED0000000000000000000000015FAD0DE0000004A8000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/change-input-model.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
cd ~/ardana-ci-tests
if [ -d ardana-input-model ]; then
cd ardana-input-model
git checkout $1
cd ../
else
git clone -b $1 http://git.suse.provo.cloud/ardana/ardana-input-model
fi
cp -r ardana-input-model/2.0/services/ ~/openstack/ardana/services/
cd ~/ardana
git add -A
git commit -m "My config"
cd ~/openstack/ardana/ansible/
ansible-playbook -i hosts/localhost config-processor-run.yml -e encrypt="" \
-e rekey=""
ansible-playbook -i hosts/localhost ready-deployment.yml
cd ~/scratch/ansible/next/ardana/ansible
07070100000014000081A40000000000000000000000015FAD0DE0000004D3000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/change-repo.yml#
# (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: FND-RMQ
tasks:
- name: create 192_168_10_3_79_ardana_sources.list
become: yes
file:
path: /etc/apt/sources.list.d/192_168_10_3_79_ardana_sources.list
state: touch
- name: change apt-repo
become: yes
lineinfile:
dest: /etc/apt/sources.list.d/192_168_10_3_79_ardana_sources.list
line: "deb [arch=amd64] http://apt.suse.provo.cloud/apt/hlinux-deejay.us.rdlabs.hpecorp.net/hLinuxArchive/{{ repo }} cattleprod main contrib non-free"
- name: install aptitude
become: yes
apt:
name: aptitude
update_cache: yes
07070100000015000081A40000000000000000000000015FAD0DE0000005C4000000000000000000000000000000000000005000000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/check-persistent-cache.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: FND-RMQ
roles:
- rabbitmq
tasks:
- name: ardana-ci | check-persistent-state | fail if facts are defined
fail:
msg: "fact cache hasnt been cleared"
when: (ardana_notify_rabbitmq_reset_required is defined and
ardana_notify_rabbitmq_reset_required.changed) or
(ardana_notify_rabbitmq_restart_required.changed and
ardana_notify_rabbitmq_restart_required is defined) or
(ardana_notify_rabbitmq_stop_forced is defined and
ardana_notify_rabbitmq_stop_forced.changed) or
(ardana_notify_rabbitmq_major_change is defined and
ardana_notify_rabbitmq_major_change.changed) or
(ardana_notify_rabbitmq_workaround_required is defined and
ardana_notify_rabbitmq_workaround_required.changed)
07070100000016000081ED0000000000000000000000015FAD0DE0000002BD000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/check-user.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
sudo rabbitmqctl list_users | grep stack
exit $?
07070100000017000081ED0000000000000000000000015FAD0DE00000036A000000000000000000000000000000000000003F00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/copy.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
cp ~/ardana-ci-tests/$1 ~/scratch/ansible/next/ardana/ansible
if [ -n "$2" ]
then
ansible-playbook -i hosts/verb_hosts $1 -e $2
else
ansible-playbook -i hosts/verb_hosts $1
fi
rm ~/scratch/ansible/next/ardana/ansible/$1
07070100000018000081A40000000000000000000000015FAD0DE00000033E000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/pwd_change_cp1.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
rmq_keystone_password:
value: "mynewpassword"
metadata:
- clusters:
- cluster0
component: keystone
consumes: rabbitmq
consuming-cp: cp1
cp: cp1
version: '2.0'
07070100000019000081A40000000000000000000000015FAD0DE000000355000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/pwd_change_cp2.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
rmq_keystone_password:
rmq_keystone_password:
value: "mynewpassword"
metadata:
- clusters:
- cluster1
component: keystone
consumes: rabbitmq
consuming-cp: cp2
cp: cp2
version: '2.0'
0707010000001A000081ED0000000000000000000000015FAD0DE000000359000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/remove-rabbit.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
cd ~/scratch/ansible/next/ardana/ansible
ansible-playbook rabbitmq-remove.yml --limit *cp1*
ansible-playbook rabbitmq-remove.yml --limit *cp2*
source ~/ardana-ci-tests/copy.bash remove-sources.list.yml
0707010000001B000081A40000000000000000000000015FAD0DE0000002F6000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/remove-sources.list.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: FND-RMQ
tasks:
- name: delete sources.list
become: yes
shell: rm -f /etc/apt/sources.list.d/*
0707010000001C000081A40000000000000000000000015FAD0DE000004AD9000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/test-plan.yaml#
# (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: remove-rabbit
logfile: testsuite-remove.log
prefix: remove
exec:
- remove-rabbit.bash
- name: Update conf file change
logfile: test6-update-conf-all.log
prefix: update-conf-all
exec:
- update-conf.bash '/rabbitmq_top/{s/^/#/}' ./rabbitmq/main.yml
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=hos2.0.2_ga-0
### TODO: Although Ardana doesn't have mitaka release, we keep this section for
### futher investigation in the future.
# currently dont have a way to use old service defs
# due to older changes not being compatible with multi-cp
# in future comment this out and set mitaka release
#- name: change service definitions
# logfile: testsuite-upgrade.log
# prefix: update-service-def
# exec:
# - change-input-model.bash kilo_release_branch
- name: deploy rabbit 3.4.3
logfile: testsuite-upgrade.log
prefix: deploy-3.4
playbooks:
- rabbitmq-deploy.yml
- name: create-user
logfile: testsuite-upgrade.log
prefix: create-user
exec:
- sudo rabbitmqctl add_user stack stack
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2015/hos3.0_alpha-0
- name: test major upgrade limit 3.5.4
logfile: testsuite-upgrade.log
prefix: upgrade
playbooks:
- rabbitmq-upgrade.yml --limit *cp1*
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: Validate cache is clear
logfile: testsuite-clear-cache
prefix: validate-cache
exec:
- copy.bash check-persistent-cache.yml
- name: Validate db exists
logfile: testsuite-upgrade
prefix: validate-db
exec:
- check-user.bash
# can only run bash scripts on one hosts current
- name: test rabbitmq-server version
logfile: testsuite-upgrade.log
prefix: upgrade
exec:
- validate-upgrade.bash 3.5.4-3.1
# workaround: can not run full upgrade after running with limit
- name: remove-rabbit
logfile: testsuite-remove.log
prefix: remove
exec:
- remove-rabbit.bash
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2016/hos2.0.2_ga-0
- name: deploy rabbit 3.4.3
logfile: testsuite-upgrade.log
prefix: deploy-3.4
playbooks:
- rabbitmq-deploy.yml
- name: create-user
logfile: testsuite-upgrade.log
prefix: create-user
exec:
- sudo rabbitmqctl add_user stack stack
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2015/hos3.0_alpha-0
#########
- name: test major upgrade 3.5.4 no errlang change
logfile: testsuite-upgrade.log
prefix: upgrade
playbooks:
- rabbitmq-upgrade.yml
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2016/hos2.1.6_ga-0
- name: test major upgrade 3.6.1 - errlang major
logfile: testsuite-upgrade.log
prefix: upgrade
playbooks:
- rabbitmq-upgrade.yml --limit *cp1*
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: Validate cache is clear
logfile: testsuite-clear-cache
prefix: validate-cache
exec:
- copy.bash check-persistent-cache.yml
- name: Validate db exists
logfile: testsuite-upgrade
prefix: validate-db
exec:
- check-user.bash
- name: test rabbitmq-server version
logfile: testsuite-upgrade.log
prefix: upgrade
exec:
- validate-upgrade.bash 3.6.1-1+hlinux2
# workaround: can not run full upgrade after running with limit
- name: remove-rabbit
logfile: testsuite-remove.log
prefix: remove
exec:
- remove-rabbit.bash
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2015/hos3.0_alpha-0
- name: deploy rabbit 3.5.4
logfile: testsuite-upgrade.log
prefix: deploy-3.5
playbooks:
- rabbitmq-deploy.yml
- name: create-user
logfile: testsuite-upgrade.log
prefix: create-user
exec:
- sudo rabbitmqctl add_user stack stack
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2016/hos2.1.6_ga-0
########
- name: test major upgrade 3.6.1
logfile: testsuite-upgrade.log
prefix: upgrade
playbooks:
- rabbitmq-upgrade.yml
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2016/hos4.0_beta-3
- name: test minor upgrade no erlang change
logfile: testsuite-upgrade.log
prefix: upgrade
playbooks:
- rabbitmq-upgrade.yml --limit *cp1*
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: Validate cache is clear
logfile: testsuite-clear-cache
prefix: validate-cache
exec:
- copy.bash check-persistent-cache.yml
- name: Validate db exists
logfile: testsuite-upgrade
prefix: validate-db
exec:
- check-user.bash
- name: test rabbitmq-server version
logfile: testsuite-upgrade.log
prefix: upgrade
exec:
- validate-upgrade.bash 3.6.3-1+hpelinux1
# workaround: can not run full upgrade after running with limit
- name: remove-rabbit
logfile: testsuite-remove.log
prefix: remove
exec:
- remove-rabbit.bash
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2016/hos2.1.6_ga-0
- name: deploy rabbit 3.6.1
logfile: testsuite-upgrade.log
prefix: deploy-3.6.1
playbooks:
- rabbitmq-deploy.yml
- name: create-user
logfile: testsuite-upgrade.log
prefix: create-user
exec:
- sudo rabbitmqctl add_user stack stack
- name: update apt repo
logfile: testsuite-upgrade.log
prefix: remove
exec:
- copy.bash change-repo.yml repo=2016/hos4.0_beta-3
- name: Update conf file change
logfile: test6-update-conf-all.log
prefix: update-conf-all
exec:
- update-conf.bash '/rabbitmq_top/{s/^#//}' ./rabbitmq/main.yml
#########
- name: test minor upgrade no erlang change
logfile: testsuite-upgrade.log
prefix: upgrade
playbooks:
- rabbitmq-upgrade.yml
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Singleton Tests
# Test stop start/ one rabbit /singleton cluster
- name: Test stop one rabbit on singleton Cluster
logfile: test1-stop.log
prefix: stop-rabbit-one-singleton
playbooks:
- rabbitmq-stop.yml --limit=project-cp1-c0-m1-mgmt
- name: Validate rabbit Down
logfile: test1-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Test start one node
logfile: test1-start-one.log
prefix: start-rabbit-one-singleton
playbooks:
- rabbitmq-start.yml --limit=project-cp1-c0-m1-mgmt
- name: Validate rabbit up
logfile: test1-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Test stop start/ one rabbit /Multi node cluster
- name: Test stop one rabbit on Multi-Node Cluster
logfile: test2-stop-one-multi.log
prefix: stop-rabbit-one-multi
playbooks:
- rabbitmq-stop.yml --limit=project-cp2-c1-m1-mgmt
- name: Test start one rabbit on Multi-Node Cluster
logfile: test2-start-one-multi.log
prefix: start-rabbit-one-multi
playbooks:
- rabbitmq-start.yml --limit=project-cp2-c1-m1-mgmt
- name: Validate rabbit Up
logfile: test2-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Test stop start/ all rabbits in single cp /Multi node cluster
# Must add flag as default case is stop on one host only
# default stop will give "unsafe to stop on all hosts at once"
- name: Test stop all rabbits on Multi-Node Cluster
logfile: test3-stop-all-multi.log
prefix: stop-rabbit-all-multi
playbooks:
- rabbitmq-stop.yml --limit=*cp2* -e "rabbitmq_do_not_reset_node=true"
- name: Validate rabbit Down
logfile: test3-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Test start all rabbits on Multi-Node Cluster
logfile: test3-start-all-multi.log
prefix: start-rabbit-all-multi
playbooks:
- rabbitmq-start.yml --limit=*cp2*
- name: Validate rabbit Up
logfile: test3-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Test stop start/ all rabbits in all control planes
- name: Test stop all rabbits on all control planes
logfile: test4-stop-all-cps.log
prefix: stop-rabbit-all
playbooks:
- rabbitmq-stop.yml -e "rabbitmq_do_not_reset_node=true"
- name: Validate rabbit Down
logfile: test4-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Test start all rabbits in all control planes
logfile: test4-start-all-cps.log
prefix: start-rabbit-all
playbooks:
- rabbitmq-start.yml
- name: Validate rabbit Up
logfile: validate-rabbit-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Test Noop Reconfigure
- name: Test Noop reconfigure
logfile: test5-reconfigure-noop.log
prefix: reconfigure-noop
playbooks:
- rabbitmq-reconfigure.yml
- name: Validate cache is clear
logfile: testsuite-clear-cache
prefix: validate-cache
exec:
- copy.bash check-persistent-cache.yml
- name: Validate db exists
logfile: testsuite-upgrade
prefix: validate-db
exec:
- check-user.bash
# Test rabbit is up - This should test that rabbit has not restarted (TBD)
- name: Validate rabbit
logfile: test5-validate-up
prefix: validate-rabbit
exec:
- validate-rabbit-up.bash
- name: Update conf file change
logfile: test6-update-conf-all.log
prefix: update-conf-all
exec:
- update-conf.bash 's/{disk_free_limit, {{ rabbitmq_config.disk_free_limit }}}/{disk_free_limit, 500000000}/g' ./rabbitmq/rabbitmq.config.j2
- name: Test reconfigure conf file change
logfile: test6-reconfigure-all.log
prefix: reconfigure-conf-all
playbooks:
- rabbitmq-reconfigure.yml
- name: Validate cache is clear
logfile: testsuite-clear-cache
prefix: validate-cache
exec:
- copy.bash check-persistent-cache.yml
- name: Validate db exists
logfile: testsuite-upgrade
prefix: validate-db
exec:
- check-user.bash
- name: Test Conf File change
logfile: test7-test-conf.log
prefix: test-rabbit-conf
exec:
- test-rabbit-conf.bash cp1 disk_free_limit 500000000
- name: Update conf file change for limit test
logfile: test8-update-conf-limit.log
prefix: update-conf-limited
exec:
- update-conf.bash 's/{disk_free_limit, 500000000}/{disk_free_limit, {{ rabbitmq_config.disk_free_limit }}}/g' ./rabbitmq/rabbitmq.config.j2
- name: Test reconfigure conf Limit to Single Control Plane
logfile: test8-reconfigure-limit.log
prefix: reconfigure-conf-limited
playbooks:
- rabbitmq-reconfigure.yml --limit=*cp1*
- name: Validate cache is clear
logfile: testsuite-clear-cache
prefix: validate-cache
exec:
- copy.bash check-persistent-cache.yml
- name: Validate db exists
logfile: testsuite-upgrade
prefix: validate-db
exec:
- check-user.bash
# Currently exec only runs on the deployer so the second exec cannot
# actually check the state of cp2 here . TBD we need a way to
# run command on multiple hosts in the cluster not just on deployer
# ideally this should be part of the test harness
- name: Test Conf File change
logfile: test8-test-conf-limited.log
prefix: test-conf-limited
exec:
- test-rabbit-conf.bash cp1 disk_free_limit 1000000000
- test-rabbit-conf.bash cp2 disk_free_limit 500000000
- name: Test - Reset to original disk_free_limit on all cps
logfile: test8-reconfigure-all.log
prefix: reconfigure-conf-limited
playbooks:
- rabbitmq-reconfigure.yml
- name: Update password for single control plane
logfile: test9-update-pwd-change.log
prefix: update-pwd
exec:
- update-pwd.bash ~/ardana-ci-tests/pwd_change_cp1.yml
# Confirm with Nick what the difference is with
# configure users
- name: Test reconfigure password change
logfile: test9-reconfigure-pwd-change.log
prefix: reconfigure-password-change
playbooks:
- rabbitmq-reconfigure-credentials.yml
- name: Test Password Change Result - Validate Rabbit up
logfile: test9-validate-rabbit-up.log
prefix: test-conf-limited
exec:
- validate-rabbit-up.bash
- name: Test Pasword change Result - Validate access to keystone
logfile: test9-test-rmq-access.log
prefix: test-conf-limited
exec:
- test-rmq-access.bash cp1 rmq_keystone_user mynewpassword
# TBD - We need to configure another service on the second
# control plane to do this testing
#
# Currently only have user on one control plane because
# only have a rabbit service ( ie keystone ) on one control plane
#
# - name: Update password for all control planes
# logfile: testsuite-reconfigure-pwd-change.log
# prefix: update-pwd
# exec:
# - update-pwd.bash ~/ardana-ci-tests/pwd_change_cp1.yml
# - update-pwd.bash ~/ardana-ci-tests/pwd_change_cp2.yml
#- name: Test reconfigure password change
# logfile: testsuite-reconfigure-pwd-change.log
# prefix: reconfigure-password-change-all
# playbooks:
# - rabbitmq-reconfigure-credentials.yml --limit=*cp2*
#- name: Test Password change Result - Access to keystone
# logfile: testsuite-reconfigure-pwd-change.log
# prefix: test-conf-limited
# exec:
# - validate-rabbit-up.bash
# Currently exec only runs this on the deplouyer so this does not really
# check cp2
#- name: Test Password change Result - Password on control planes
# logfile: testsuite-reconfigure-conf-change.log
# prefix: test-conf-limited
# exec:
# - test-rmq-access.bash cp2 rmq_keystone_user mynewpassword
# Reboot Tests - Single Host reboots TBD check if test harness has
# long enough sleep as next test failing occassionally without sleep
- name: Test reboot server2
logfile: test10-reboot.log
prefix: reboot-server2
vms:
- reboot: server2
- name: Test reboot server2
logfile: test10-sleep.log
prefix: sleep-for-1
exec:
- sleep 60
# Note here rabbit does not start on reboot so you have to explictly
# start it
- name: Test we are down
logfile: test10-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Start rabbit on server2
logfile: test10-start-rabbit-limit.log
prefix: start-on-server2
playbooks:
- rabbitmq-start.yml --limit=project-cp2-c1-m1-mgmt
# This is the same as the previous test just
# is testing a 2nd server reboot in sequence
# with the first one which can sometimes be a useful test
- name: Test reboot server3
logfile: test11-reboot.log
prefix: reboot-server3
vms:
- reboot: server3
- name: Test reboot server3
logfile: test11-sleep.log
prefix: sleep-for-1
exec:
- sleep 60
# Note here rabbit does not start on reboot so you have to explictly
# start it
- name: Test we are down
logfile: test11-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Start rabbit on server3
logfile: test11-start-rabbit.log
prefix: start-on-server3
playbooks:
- rabbitmq-start.yml --limit=project-cp2-c1-m2-mgmt
- name: Test we are up
logfile: test11-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
- name: Test reboot - Singleton rabbit cluster reboot server here
logfile: test12-reboot-singleton.log
prefix: reboot-singleton
vms:
- reboot: server1
- name: Test reboot server1
logfile: test12-sleep.log
prefix: sleep-for-1
exec:
- sleep 60
# Note here rabbit does not start on reboot so you have to explictly
# start it
- name: Test we are down
logfile: test12-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Start rabbit on server1
logfile: test12-start-limited.log
prefix: start-on-server1
playbooks:
- rabbitmq-start.yml --limit=project-cp1-c0-m1-mgmt
- name: Test we are up
logfile: test12-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Test remove node
- name: Test remove rabbit on server2
logfile: test13-remove.log
prefix: remove-rabbit-one
playbooks:
- rabbitmq-remove.yml --limit=project-cp2-c1-m1-mgmt
# TBD this needs to test rabbit ok on other 2 hosts
- name: Test we are down on that host
logfile: test13-validate-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Test depooy rabbit on server2
logfile: test13-deploy-one-limit.log
prefix: deploy-rabbit-one
playbooks:
- rabbitmq-deploy.yml --limit=project-cp2-c1-m1-mgmt
- name: Test we are up on that host
logfile: test13-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# Test Blow away/disaster recovery
- name: Test stop all rabbits on all control planes
logfile: test13-stop-permit-multi.log
prefix: stop-rabbit-all
playbooks:
- rabbitmq-stop.yml --limit=*cp2* -e "rabbitmq_permit_multi_stop=true"
- name: Validate rabbit Down
logfile: test13-validate-rabbit-down.log
prefix: validate-rabbit-down
exec:
- validate-rabbit-down.bash
- name: Validate rabbit Up on cp1
logfile: test13-validate-rabbit-up.log
prefix: validate-rabbit-up
playbooks:
- rabbitmq-status.yml --limit=*cp1*
- name: Test disaster recovery in one control planes
logfile: test13-disaster-recovery.log
prefix: start-rabbit-all
playbooks:
- rabbitmq-disaster-recovery.yml --limit=*cp2*
- name: Validate rabbit Up
logfile: test13-validate-up.log
prefix: validate-rabbit-up
exec:
- validate-rabbit-up.bash
# TBD - lots more tests to be done, would be useful
# to be able to add upgrade in here e.g.
# Test more rabbit operations
# Test no op upgrade
# Test upgrade
# Test configure Monasca
# Also we need to be able to add a pattern for checking
# all hosts not just the deployer host in tests...need a mechanism
# for this in the test harness
0707010000001D000081ED0000000000000000000000015FAD0DE000000515000000000000000000000000000000000000004B00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/test-rabbit-conf.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# e.g
# test-rabbit-conf cp1 slow_query_log ON
# tests if slow_query_log is set ON on cp1 and
# NOT set ON elsewhere if this is run elsewhere
# Currently only run on the deployer
set -vx
echo " $1 $2 $3"
cnfstatus=0
if [[ $(hostname) == *"$1"* ]]
then
sudo rabbitmqctl status 2>/dev/null | awk '/$2/ {match($0, /[0-9]+/); print substr( $0, RSTART, RLENGTH )} | grep $3'
if [[ $? == 1 ]]
then
cnfstatus=1
fi
fi
if [[ $(hostname) != *"$1"* ]]
then
sudo rabbitmqctl status 2>/dev/null | awk '/$2/ {match($0, /[0-9]+/); print substr( $0, RSTART, RLENGTH )} | grep $3'
if [[ $? == 0 ]]
then
cnfstatus=1
fi
fi
exit $cnfstatus
0707010000001E000081ED0000000000000000000000015FAD0DE0000004BF000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/test-rmq-access.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Usage: test-rmq-access.bash cp1 rmq_keystone_user mynewpassword
set -vx
echo " $1 $2 $3"
cnfstatus=0
if [[ $(hostname) == *"$1"* ]]
then
sudo rabbitmqctl authenticate_user $2 $3 | grep Success
if [[ $? == 1 ]]
then
cnfstatus=1
fi
fi
# This test currently doesnt actually run but its
# setup to assume if user is on a different cp
# it wont have the same creds. (may not be what we want)
if [[ $(hostname) != *"$1"* ]]
then
sudo rabbitmqctl authenticate_user $2 $3 | grep Success
if [[ $? == 0 ]]
then
cnfstatus=1
fi
fi
exit $cnfstatus
0707010000001F000081ED0000000000000000000000015FAD0DE000000402000000000000000000000000000000000000004600000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/update-conf.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -vxe
echo "Changing $1 in $2"
pushd ~/openstack/my_cloud/config
sed -e "$1" -i "$2" --follow-symlinks
git add -A
git commit --allow-empty -m "My Config Change"
pushd ~/openstack/ardana/ansible/
ansible-playbook -i hosts/localhost config-processor-run.yml -e encrypt="" \
-e rekey=""
ansible-playbook -i hosts/localhost ready-deployment.yml
popd
popd
07070100000020000081ED0000000000000000000000015FAD0DE000000401000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/update-pwd.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -evx
cp $1 ~/ardana/change_credentials/
pushd ~/openstack/ardana/ansible/
# Next two lines should not be necessary but are, checking why
git add -A
git commit --allow-empty -m "My Config Change"
ansible-playbook -i hosts/localhost config-processor-run.yml -e encrypt="" \
-e rekey=""
ansible-playbook -i hosts/localhost ready-deployment.yml
popd
07070100000021000081ED0000000000000000000000015FAD0DE000000373000000000000000000000000000000000000004F00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/validate-rabbit-down.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
ansible-playbook -i hosts/verb_hosts rabbitmq-status.yml
rabbit_test_status=$?
echo "Rabbit Test Status is $rabbit_test_status"
if [ $rabbit_test_status -eq 0 ]
then
echo "Fail, Expected Rabbit Down!"
exit 1
else
echo "OK"
fi
07070100000022000081ED0000000000000000000000015FAD0DE00000035C000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/validate-rabbit-up.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
ansible-playbook -i hosts/verb_hosts rabbitmq-status.yml
rabbit_test_status=$?
echo "Rabbit Test Status is $rabbit_test_status"
if [ $rabbit_test_status -eq 0 ]
then
echo "Ok"
else
echo "Fail"
exit 1
fi
07070100000023000081ED0000000000000000000000015FAD0DE000000332000000000000000000000000000000000000004B00000000ardana-mq-8.0+git.1605176800.52cccfa/ardana-ci/tests/validate-upgrade.bash#!/bin/bash
#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -vx
version=`sudo dpkg -l | grep rabbitmq-server | awk '{print $3}'`
if [[ $version == $1 ]]
then
upgradestatus=0
else
upgradestatus=1
fi
exit $upgradestatus
07070100000024000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000002C00000000ardana-mq-8.0+git.1605176800.52cccfa/config07070100000025000081A40000000000000000000000015FAD0DE0000004A4000000000000000000000000000000000000004000000000ardana-mq-8.0+git.1605176800.52cccfa/config/rabbit-symlinks.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# The following relative symlinks are created under the
# my_cloud/config directory.
---
symlinks:
rabbitmq/erlang.cookie.j2: roles/rabbitmq/templates/erlang.cookie.j2
rabbitmq/rabbitmq.config.j2: roles/rabbitmq/templates/rabbitmq.config.j2
rabbitmq/rabbitmq-env.conf.j2: roles/rabbitmq/templates/rabbitmq-env.conf.j2
rabbitmq/rabbitmq-server.logrotate.j2: roles/rabbitmq/templates/rabbitmq-server.logrotate.j2
rabbitmq/main.yml: roles/rabbitmq/defaults/main.yml
rabbitmq-monasca/main.yml: roles/rabbitmq-monasca/defaults/main.yml
07070100000026000081A40000000000000000000000015FAD0DE000000354000000000000000000000000000000000000004200000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-configure-users.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Configure the RabbitMQ uses that can access RabbitMQ and there user rights.
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- rabbitmq
tasks:
- include: roles/rabbitmq/tasks/configure-users.yml
07070100000027000081A40000000000000000000000015FAD0DE000000AF7000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-deploy.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _rabbitmq-neutron-setup.yml
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
- include: roles/rabbitmq/tasks/pre-configure.yml
- include: roles/rabbitmq/tasks/create-working-dirs.yml
# Write TLS certificates to disk.
# Note: We always take details from CP here.
- include: roles/rabbitmq/tasks/write-tls-files.yml
when: (rabbitmq_cp.tls_enabled | bool)
- include: roles/rabbitmq/tasks/write-configuration.yml
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to do this here as the installation of RabbitMQ starts the service before
# the cluster has been formed.
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
- include: roles/rabbitmq/tasks/install.yml
# In deploy we check if the pre-configuration has changed if it has (by
# checking 'ardana_notify_rabbitmq_reset_required.changed' or
# 'ardana_notify_rabbitmq_stop_forced.changed') then we 'force_reset' to
# make sure we are clean on a new run, so we remove all messages and DB
# config non-gracefully.
- include: roles/rabbitmq/tasks/stop.yml
vars:
rabbitmq_reset_option: force_reset
when: ardana_notify_rabbitmq_reset_required.changed or
ardana_notify_rabbitmq_stop_forced.changed
- include: roles/rabbitmq/tasks/start.yml
# Set-up users access for RabbitMQ.
- include: rabbitmq-configure-users.yml
# Set-up Monasca agent for RabbitMQ.
- include: rabbitmq-monasca-configure.yml
- hosts: FND-RMQ
gather_facts: no
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
# Remove block on '*_listener' ports.
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
- include: roles/rabbitmq/tasks/status.yml
# Clear all persisted facts relating to RabbitMQ.
- include: roles/rabbitmq/tasks/clear-persistant-facts.yml
07070100000028000081A40000000000000000000000015FAD0DE0000003DB000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-disaster-recovery.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# During a disaster recovery of RabbitMQ we leave in-place the current
# Monasca set-up so monitoring can see RabbitMQ state.
# Note: This conviantly models the state were Monasca is not used.
- include: rabbitmq-remove.yml
vars:
rabbitmq_monasca_remove: false
- include: rabbitmq-deploy.yml
vars:
rabbitmq_monasca_configure: false
07070100000029000081A40000000000000000000000015FAD0DE0000003D8000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-monasca-configure.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Configure the RabbitMQ Monasca agent.
- hosts: FND-RMQ:&MON-AGN
max_fail_percentage: 0
roles:
- rabbitmq-monasca
tasks:
- include: roles/rabbitmq-monasca/tasks/remove.yml
when: (rabbitmq_monasca_configure | bool)
- include: roles/rabbitmq-monasca/tasks/configure.yml
when: (rabbitmq_monasca_configure | bool)
0707010000002A000081A40000000000000000000000015FAD0DE00000036B000000000000000000000000000000000000004100000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-monasca-remove.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Configure the RabbitMQ Monasca agent.
- hosts: FND-RMQ:&MON-AGN
max_fail_percentage: 0
roles:
- rabbitmq-monasca
tasks:
- include: roles/rabbitmq-monasca/tasks/remove.yml
when: (rabbitmq_monasca_remove | bool)
0707010000002B000081A40000000000000000000000015FAD0DE0000002CF000000000000000000000000000000000000003F00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-post-upgrade.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: rabbitmq-reconfigure.yml
vars:
rabbitmq_config_lock: false
0707010000002C000081A40000000000000000000000015FAD0DE0000002D5000000000000000000000000000000000000003E00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-pre-upgrade.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _rabbitmq-upgrade-packages.yml
vars:
rabbitmq_config_lock: false
0707010000002D000081A40000000000000000000000015FAD0DE000000362000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-reconfigure-credentials.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Update the uses that can access RabbitMQ and there user rights.
- include: rabbitmq-configure-users.yml
# Update RabbitMQ Monasca agent if used as user details may have changed.
- include: rabbitmq-monasca-configure.yml
0707010000002E000081A40000000000000000000000015FAD0DE00000037A000000000000000000000000000000000000003E00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-reconfigure.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Validate play and lock any configuration required.
- include: _rabbitmq-validate.yml
# Change the RabbitMQ configuration.
- include: _rabbitmq-change.yml
# Reconfigure Monasca agent for RabbitMQ.
- include: rabbitmq-monasca-configure.yml
0707010000002F000081A40000000000000000000000015FAD0DE0000008FA000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-remove.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# This will remove all RabbitMQ components installed by this playbook.
- include: _rabbitmq-neutron-setup.yml
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- guard-cluster
- iptables
- rabbitmq
tasks:
# We want to ensure that all IP chains related to Rabbit
# are torn down at the end of this part of the remove process.
# However, the iptables-{add,delete} rules have an asymmetry:
# -add is idempotent (can be called multiple times), but
# -delete will flag an error if the named chain does not exist.
# (This design is to catch the maximal number of errors arising
# during the composition of multipler playbooks that may play
# with the firewall settings.)
# Therefore, to manage the remove situation where an attempt to
# upgrade a broken Rabbit installation has failed (potentially
# leaving a firewall rule in place), we unconditionally add
# the rules here so that we guarantee it is safe to attempt
# to remove them at the end of the tear-down process.
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
- include: roles/rabbitmq/tasks/remove.yml
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
# Clear all persisted facts relating to RabbitMQ on the current.
- include: roles/rabbitmq/tasks/clear-persistant-facts.yml
# Remove the RabbitMQ monasca setup.
- include: rabbitmq-monasca-remove.yml
07070100000030000081A40000000000000000000000015FAD0DE00000058D000000000000000000000000000000000000003800000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-start.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _rabbitmq-neutron-setup.yml
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
# Stop messages entering a node by blocking the '*_listener' ports.
# Need to do this here as node may not yet be part of the cluster.
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
- include: roles/rabbitmq/tasks/start.yml
# Remove block on '*_listener' ports.
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
- include: roles/rabbitmq/tasks/status.yml
07070100000031000081A40000000000000000000000015FAD0DE000000302000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-status.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- rabbitmq
tasks:
- include: roles/rabbitmq/tasks/status.yml
07070100000032000081A40000000000000000000000015FAD0DE00000081D000000000000000000000000000000000000003700000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-stop.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: _rabbitmq-neutron-setup.yml
# Notice how we are controlling the last node to be left on-line this must
# be the first node to come back online in stop.yml and start.yml
# respectfully. This must not have the serial flag set.
- hosts: FND-RMQ
max_fail_percentage: 0
roles:
- iptables
- rabbitmq
tasks:
# Note: rabbitmq_do_not_reset_node has a hight precedence than
# rabbitmq_permit_multi_stop.
- name: rabbitmq | rabbitmq-stop | Check for stop running on multiple hosts
fail:
msg: "It is unsafe to run RabbitMQ stop on multiple hosts at once"
when: (play_hosts | length) > 1 and
not rabbitmq_permit_multi_stop and
not rabbitmq_do_not_reset_node
# Stop messages entering a node by blocking the '*_listener' ports. Need
# to do this here to stop traffic entering a node that we are stopping.
# This gives early indication to the proxy to move any vips pointing at
# the node
- include: roles/iptables/tasks/iptables-add.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
- include: roles/rabbitmq/tasks/stop.yml
# Remove block on '*_listener' ports.
- include: roles/iptables/tasks/iptables-delete.yml
vars:
iptables_chain: "{{ rabbitmq_iptables_chain }}"
iptables_ip_port: "{{ rabbitmq_bind_addresses }}"
07070100000033000081A40000000000000000000000015FAD0DE000000327000000000000000000000000000000000000003A00000000ardana-mq-8.0+git.1605176800.52cccfa/rabbitmq-upgrade.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Upgrade the RabbitMQ base packages
- include: _rabbitmq-upgrade-packages.yml
# Update Monasca agent for RabbitMQ.
- include: rabbitmq-monasca-configure.yml
07070100000034000041ED0000000000000000000000045FAD0DE000000000000000000000000000000000000000000000002B00000000ardana-mq-8.0+git.1605176800.52cccfa/roles07070100000035000041ED0000000000000000000000065FAD0DE000000000000000000000000000000000000000000000003400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq07070100000036000041ED0000000000000000000000055FAD0DE000000000000000000000000000000000000000000000003C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca07070100000037000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/defaults07070100000038000081A40000000000000000000000015FAD0DE000000509000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/defaults/main.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# The RabbitMQ default set-up for the Monasca agent plugin.
rabbitmq_monasca_configure: true
rabbitmq_monasca_remove: true
# If true, monitor exchanges, queues as well as hosts, process monitoring.
rabbitmq_monasca_full_monitoring: false
# Config Processor variable mapping.
rabbitmq_monasca_cp:
monasca_api_url: >
{{ rabbitmq_management_protocol }}://{{ rabbitmq_cp.management_address.ip }}:{{ rabbitmq_cp.management_address.port }}/api
monasca_username: >
{{ MON_AGN.consumes_FND_RMQ.vars.accounts.monasca_rmq_monitor.username }}
monasca_password: >
{{ MON_AGN.consumes_FND_RMQ.vars.accounts.monasca_rmq_monitor.password }}
07070100000039000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004100000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/meta0707010000003A000081A40000000000000000000000015FAD0DE0000002CF000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/meta/main.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
dependencies:
- {role: rabbitmq}
- {role: monasca-agent, run_mode: Use}
0707010000003B000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks0707010000003C000081A40000000000000000000000015FAD0DE000000629000000000000000000000000000000000000005000000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/configure.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq-monasca | configure | Setup Monasca with RabbitMQ mgmt
become: yes
no_log: true
monasca_agent_plugin:
name: rabbitmq
args:
watch_api: True
api_url: "{{ rabbitmq_monasca_cp.monasca_api_url }}"
user: "{{ rabbitmq_monasca_cp.monasca_username }}"
password: "{{ rabbitmq_monasca_cp.monasca_password | quote }}"
when: ("rabbitmq_management" in (rabbitmq_plugins | default([], true))) and
(rabbitmq_monasca_full_monitoring | bool)
- name: rabbitmq-monasca | configure | Setup Monasca without RabbitMQ mgmt
become: yes
monasca_agent_plugin:
name: rabbitmq
args:
watch_api: False
when: ("rabbitmq_management" not in (rabbitmq_plugins | default([], true))) or
(not (rabbitmq_monasca_full_monitoring | bool))
- name: rabbitmq-monasca | configure | Configure TLS certificate monitoring
include: configure_tls.yml
when: rabbitmq_tls_enabled | bool
0707010000003D000081A40000000000000000000000015FAD0DE000000711000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/configure_tls.yml#
# (c) Copyright 2020 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Start mysql on these nodes. Note if the whole cluster is down
# this will not start as a boostrap will need to run on one node
---
# NOTE(gyee): Since the provisioned TLS server certificate is consisted of
# both certificate and private key, we need to separate out the certificate
# protion for monitoring without having to compromise the private key.
# This is done by copying the certificate to a different file and make it
# readable by the world. Making certificate readable by the world is NOT a
# problem as it is TLS certificate is public information.
- name: rabbitmq-monasca | configure_tls | Separate out rabbitmq TLS cert
become: yes
shell: >
openssl x509 -in {{ rabbitmq_tls.pem_file }}
-out {{ rabbitmq_tls.monitoring_pem_file }} -outform PEM
- name: rabbitmq-monasca | configure_tls |
Make sure rabbitmq TLS cert is readable
become: yes
file:
path: "{{ rabbitmq_tls.monitoring_pem_file }}"
mode: '0644'
- name: rabbitmq-monasca | configure_tls |
Run Monasca detection plugin for rabbitmq TLS certs
become: yes
monasca_agent_plugin:
name: CertificateFileCheck
args:
cert_files: "{{ rabbitmq_tls.monitoring_pem_file }}"
dimensions: "service:rabbitmq"
0707010000003E000081A40000000000000000000000015FAD0DE0000003A5000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/remove.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq-monasca | remove | Remove Monasca RabbitMQ config
become: yes
file:
path: /etc/monasca/agent/conf.d/rabbitmq.yaml
state: absent
- name: rabbitmq-monasca | remove | Remove TLS certificate monitoring
include: remove_tls.yml
when: rabbitmq_tls_enabled | bool
0707010000003F000081A40000000000000000000000015FAD0DE0000003EE000000000000000000000000000000000000005100000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq-monasca/tasks/remove_tls.yml#
# (c) Copyright 2020 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Start mysql on these nodes. Note if the whole cluster is down
# this will not start as a boostrap will need to run on one node
---
- name: rabbitmq-monasca | remove_tls |
Remove Monasca detection plugin for rabbitmq TLS certs
become: yes
monasca_agent_plugin:
name: CertificateFileCheck
args:
cert_files: "{{ rabbitmq_tls.monitoring_pem_file }}"
dimensions: "service:rabbitmq"
state: absent
07070100000040000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003D00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/defaults07070100000041000081A40000000000000000000000015FAD0DE0000022C9000000000000000000000000000000000000004600000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/defaults/main.yml
# (c) Copyright 2015-2018 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
rabbitmq_cluster_name: "{{ rabbitmq_cp.control_plane ~ '_rabbit' }}"
rabbitmq_cluster_size: "{{ groups[rabbitmq_cp.group_name] | length }}"
rabbitmq_clustered: "{{ (rabbitmq_cluster_size | int) > 1 }}"
rabbitmq_config_lock: true
rabbitmq_etc_dir: /etc/rabbitmq # Fix for Debian and RPM do not change.
rabbitmq_join_cluster_timeout: "2m"
# We always reset unless overridden.
rabbitmq_do_not_reset_node: false
rabbitmq_ha_policy_name: HA
rabbitmq_iptables_chain: rabbitmq-temp
rabbitmq_list_queues_timeout: "5m"
rabbitmq_management_protocol: >
{%- if (rabbitmq_tls_enabled | bool) -%}
https
{%- else -%}
http
{%- endif -%}
# Defaults to rabbit. This can be useful if you want to run more than one node
# per machine. Note: relate to RABBITMQ_NODENAME env as well.
# WARNING: Changing the two setting below requires a redeploy.
rabbitmq_node: rabbit
# NOTE: There are two notions of a address name used here: the one that Ansible
# has, which is embedded in groups[verb_hosts.FND_RMQ], and the one that is
# supplied from Config Processor as part of the configuration of the service.
# It is vital to keep these separated and note that configuration of the
# service is via the Config Processor address name values and access to the
# system to be configured is via Ansible address name.
rabbitmq_nodename: >
{{ rabbitmq_node }}@{{ rabbitmq_cp_hosts.hostname }}
rabbitmq_remote_nodename: >
{{ rabbitmq_node }}@{{ rabbitmq_cp_hosts.remote_hostname }}
# Restrict a user from stopping node in an order that could damage a running
# cluster unless overridden.
rabbitmq_permit_multi_stop: false
# A user can overrided the host to use for clustering to allow a non-default
# cluster opration.
rabbitmq_primary_hostname: "{{ groups[rabbitmq_cp.group_name] | first }}"
rabbitmq_remote_hostname: >
{{ groups[rabbitmq_cp.group_name]
[(groups[rabbitmq_cp.group_name].index(rabbitmq_primary_hostname) + 1) %
(groups[rabbitmq_cp.group_name] | length)] }}
# The Ansible host to use for remote commands.
rabbitmq_remote_host: >
{%- if inventory_hostname == rabbitmq_primary_hostname -%}
{{ rabbitmq_remote_hostname }}
{%- else -%}
{{ rabbitmq_primary_hostname }}
{%- endif -%}
# Set to 'force_reset' to forcefully return a RabbitMQ node to its virgin
# state.
rabbitmq_reset_option: reset
rabbitmq_service_name: rabbitmq-server
# Time to wait for a RabbitMQ service start.
rabbitmq_start_timeout: "5m"
# Time to wait for a RabbitMQ application app.
rabbitmq_start_app_timeout: "5m"
# Time to wait for a RabbitMQ application stop.
rabbitmq_stop_app_timeout: "5m"
# Time to wait for a RabbitMQ reset command to complete.
rabbitmq_reset_timeout: "2m"
# Control the time we wait for a node to become synchronised.
# This has a max wait time in seconds of:
# rabbitmq_sync_retries * rabbitmq_sync_delay
# Default: 90 * 10 = 900 seconds ( 15 mins )
rabbitmq_sync_retries: 90
rabbitmq_sync_delay: 10
# Enable status check for TLS.
rabbitmq_tls_check_status: true
# Enable TLS replication.
# This allows the user to disable TLS replication traffic when client TLS is
# enable ONLY.
rabbitmq_tls_replication: true
# Set TLS configuration state.
rabbitmq_tls_enabled: "{{
((ardana_notify_rabbitmq_lockout_tls | default(false)) and
ardana_notify_rabbitmq_lockout_tls.changed) or
(rabbitmq_cp.tls_enabled | bool) }}"
# User over-ridable TLS cert setting.
rabbitmq_tls_certs_local_dir: /tmp/ardana_tls_certs
rabbitmq_tls_expiry_check: 2592000 # 30 days expiry
rabbitmq_tls_certs_force_regeneration: False
# Map a Ansible hostname to a Config Processor hostname.
rabbitmq_cp_hosts:
hostname: >
{{ (rabbitmq_cp.map_port_info |
selectattr('ardana_ansible_host', 'equalto', inventory_hostname) |
first).host }}
remote_hostname: >
{{ (rabbitmq_cp.map_port_info |
selectattr('ardana_ansible_host', 'equalto', rabbitmq_remote_host) |
first).host }}
ansible_cluster: >
{{ rabbitmq_cp.map_port_info |
map(attribute='ardana_ansible_host') |
list }}
# Config Processor variable mapping.
rabbitmq_cp:
tcp_bind_addresses:
- ip: "{{ host.bind.FND_RMQ.tcp_listener.ip_address }}"
port: "{{ host.bind.FND_RMQ.tcp_listener.port }}"
tls_bind_addresses:
- ip: "{{ host.bind.FND_RMQ.tls_listener.ip_address }}"
port: "{{ host.bind.FND_RMQ.tls_listener.port }}"
control_plane: "{{ host |
item('my_dimensions.control_plane',
default='ardana') }}"
control_planes: "{{ global.control_planes }}"
credentials: "{{ FND_RMQ.consumed_by | default({})}}"
erlang_cookie: "{{ FND_RMQ.vars.erlang_cookie }}"
group_name: "{{ verb_hosts.FND_RMQ }}"
# WARNING: Changing this value requires a redeploy
inet_dist_listen_port: >
{{ host.bind.FND_RMQ.rabbitmq_inet_dist_listen.port }}
management_address:
ip: "{{ host.bind.FND_RMQ.rabbitmq_management.ip_address }}"
port: "{{ host.bind.FND_RMQ.rabbitmq_management.port }}"
map_port_info: "{{ FND_RMQ.members.rabbitmq_epmd }}"
# WARNING: Changing this value requires a redeploy
home: "{{ host | item('my_logical_volumes.FND_RMQ')
| by_item('consumer.rabbitmq_env', 'home')
| item('0.mount', default='/var/lib/rabbitmq') }}"
tls_enabled: "{{ host.bind.FND_RMQ.internal.tls }}"
tls_filename: "{{ host | item('bind.FND_RMQ.internal.cert_name',
default='') }}"
rabbitmq_bind_addresses: "{{ rabbitmq_cp.tcp_bind_addresses |
union(rabbitmq_cp.tls_bind_addresses) }}"
# See: https://www.rabbitmq.com/plugins.html
# Add any RabbitMQ plugins you wish to install to the list.
rabbitmq_plugins:
# - rabbitmq_management # See: https://www.rabbitmq.com/management.html
# - rabbitmq_top # Requires the management plugin.
# For details of config and environment options.
# See: https://www.rabbitmq.com/configure.html
# RabbitMQ environment.
# Adding a value here will add it to the RabbitMQ environment file.
# See: https://www.rabbitmq.com/relocate.html
rabbitmq_env:
home: "{{ rabbitmq_cp.home }}"
log_base: /var/log/rabbitmq
nodename: "{{ rabbitmq_nodename }}"
mnesia_base: "{{ rabbitmq_cp.home }}/mnesia"
pid_file: /var/run/rabbitmq/{{ rabbitmq_nodename }}.pid
# See: https://www.rabbitmq.com/networking.html
# Increase the Erlang Thread Pool to 128 (default 64).
rabbitmq_io_thread_pool_size: 128
# See 'rabbitmq_tls_erl_args' for configuration details.
erl_ssl_path: "{{ erl_ssl_path }}"
server_additional_erl_args: "{{ rabbitmq_tls_erl_args | quote }}"
ctl_erl_args: "{{ rabbitmq_tls_erl_args | quote }}"
# RabbitMQ config.
rabbitmq_config:
cluster_partition_handling: pause_minority
# See: https://www.rabbitmq.com/disk-alarms.html for alternative setting.
disk_free_limit: 1000000000 # 1GB disk free limit.
vm_memory_high_watermark: 0.4
hipe_compile: false
rates_mode: basic
# RabbitMQ TLS vars
rabbitmq_cert_dir: "{{ rabbitmq_etc_dir }}"
rabbitmq_tls:
erlang_ssl_symlink: >
{{ rabbitmq_etc_dir }}/erlang_ssl
req_file: >
{{ rabbitmq_cert_dir }}/{{ rabbitmq_cp.control_plane }}-rabbitmq.req
pem_file: >
{{ rabbitmq_cert_dir }}/{{ rabbitmq_cp.control_plane }}-rabbitmq.pem
monitoring_pem_file: >
{{ rabbitmq_cert_dir }}/{{ rabbitmq_cp.control_plane }}-rabbitmq-monitoring.pem
# RabbitMQ cluster TLS additional aguments as per:
# https://www.rabbitmq.com/clustering-ssl.html
rabbitmq_tls_erl_args: >-
{%- if (rabbitmq_tls_enabled | bool) and
(rabbitmq_tls_replication | bool) -%}
-pa $ERL_SSL_PATH
-proto_dist inet_tls
-ssl_dist_opt server_certfile {{ rabbitmq_tls.pem_file }}
-ssl_dist_opt server_keyfile {{ rabbitmq_tls.pem_file }}
-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true
{%- endif -%}
# NOTE(gyee) num_queues is the ceiling of number of nodes divided by 2. Per
# https://bugs.launchpad.net/tripleo/+bug/1628998
# However it is recommended that we don't neccessary need more than 3
# copies, regardless of number of nodes.
num_queues: "{{ (rabbitmq_cluster_size|int / 2) | round(0, 'ceil') | int }}"
max_num_queues: >
{%- if num_queues|int > 3 -%}
3
{%- else -%}
{{ num_queues }}
{%- endif -%}
07070100000042000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks07070100000043000081A40000000000000000000000015FAD0DE000000516000000000000000000000000000000000000004D00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_cluster-check.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | _cluster-check | Check RabbitMQ node is in a cluster
become: yes
shell: >
rabbitmqctl cluster_status 2>/dev/null |
awk '/running_nodes,\[[^]]+,/,/]},/' |
sed 's/,\([^[]\)/,\n\1/g'
register: _rabbitmq_cluster_check_result
changed_when: false
- include: _join-cluster.yml
when: not (_rabbitmq_cluster_check_result.stdout |
search(rabbitmq_remote_nodename))
# Wait for queues to synchronise, during synchronisation the queues will
# pause and not allow any messages to be placed in the queue that is
# synchronising. We always check we are in sync before continuing.
- include: _wait-for-cluster-sync.yml
07070100000044000081A40000000000000000000000015FAD0DE0000006DE000000000000000000000000000000000000005400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_configure-ha-cluster.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
#
# Make sure that all queues (except those with auto-generated names)
# are mirrored across enough nodes in the cluster to achieve quorum
# (but not more than 3).
#
# NOTE(gyee): to minimize disruption, we only need to reset the HA policy
# if it's different from the new one.
- name: rabbitmq | _configure-ha-cluster | Get the current HA policy
become: yes
shell: >
rabbitmqctl list_policies -p / 2>/dev/null | grep '\s{{ rabbitmq_ha_policy_name }}\s'
register: rabbitmq_list_ha_policy_result
ignore_errors: true
- name: rabbitmq | _configure-ha-cluster | Mirror non-auto named queues
become: yes
shell: >
rabbitmqctl set_policy {{ rabbitmq_ha_policy_name }}
'^(?!amq\.).*' '{"ha-mode":"exactly","ha-params":{{ max_num_queues }},"ha-sync-mode":"automatic"}'
when: not rabbitmq_list_ha_policy_result.stdout | search('\^\(\?\!amq\\\\\\\.\)\.\*\s*{"ha-mode":"exactly","ha-params":{{ max_num_queues }},"ha-sync-mode":"automatic"}')
- name: rabbitmq | _configure-ha-cluster | Set the RabbitMQ cluster name
become: yes
command: rabbitmqctl set_cluster_name {{ rabbitmq_cluster_name }}
07070100000045000081A40000000000000000000000015FAD0DE00000040F000000000000000000000000000000000000004F00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_disable-plugins.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# See: https://www.rabbitmq.com/man/rabbitmq-plugins.1.man.html
- name: rabbitmq | _disable-plugins | Disable/Offline all RabbitMQ plugins
become: yes
command: rabbitmq-plugins set
register: _rabbitmq_disable_plugins_result
changed_when: >
(_rabbitmq_disable_plugins_result | success) and
not (_rabbitmq_disable_plugins_result.stdout |
search("\snothing to do[.]\s*$"))
07070100000046000081A40000000000000000000000015FAD0DE0000003AE000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_enable-plugins.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# See: https://www.rabbitmq.com/man/rabbitmq-plugins.1.man.html
- name: rabbitmq | _enable-plugins | Enable any new RabbitMQ plugins
become: yes
rabbitmq_plugin:
names: "{{ rabbitmq_plugins | join (',') }}"
state: enabled
when: (rabbitmq_plugins | default([], true) | length) > 0
07070100000047000081A40000000000000000000000015FAD0DE0000009E3000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_erlang_ssl_symlink.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | _erlang_ssl_symlink | Download the latest erlang-ssl package
delegate_to: localhost
become: yes
command: >
apt-get install erlang-ssl
--download-only
--reinstall
--assume-yes
when: (rabbitmq_tls_enabled | bool) and
(rabbitmq_tls_replication | bool)
run_once: true
tags:
- skip_ansible_lint
- name: rabbitmq | _erlang_ssl_symlink | Get erlang-ssl package name
delegate_to: localhost
shell: >
apt-cache policy erlang-ssl |
awk '/Candidate:/{gsub(/:/,"%3a",$2); print $2}'
changed_when: false
register: _rabbitmq_ssl_result
when: (rabbitmq_tls_enabled | bool) and
(rabbitmq_tls_replication | bool)
run_once: true
- name: rabbitmq | _erlang_ssl_symlink | Lookup package contents
delegate_to: localhost
shell: >
dpkg-deb --contents
/var/cache/apt/archives/erlang-ssl_{{ _rabbitmq_ssl_result.stdout }}_*.deb |
awk '/ebin\/$/{gsub(/^\.|\/$/,"",$NF); print $NF}'
changed_when: false
register: _rabbitmq_ssl_content_result
when: (rabbitmq_tls_enabled | bool) and
(rabbitmq_tls_replication | bool)
run_once: true
- name: rabbitmq | _erlang_ssl_symlink | Create sym-link to erlang-ssl
become: yes
delegate_to: "{{ item }}"
file:
src: "{{ _rabbitmq_ssl_content_result.stdout }}"
dest: "{{ rabbitmq_tls.erlang_ssl_symlink }}"
state: link
force: yes
with_items: "{{ groups[rabbitmq_cp.group_name] }}"
when: (rabbitmq_tls_enabled | bool) and
(rabbitmq_tls_replication | bool)
register: ardana_notify_rabbitmq_major_change
run_once: true
- name: rabbitmq | _erlang_ssl_symlink | Remove sym-link to erlang-ssl
become: yes
file:
path: "{{ rabbitmq_tls.erlang_ssl_symlink }}"
state: absent
when: not ((rabbitmq_tls_enabled | bool) and
(rabbitmq_tls_replication | bool))
register: ardana_notify_rabbitmq_major_change
07070100000048000081A40000000000000000000000015FAD0DE000000C7F000000000000000000000000000000000000004C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_join-cluster.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | _join-cluster | Stop the RabbitMQ application for clustering
become: yes
command: |
timeout {{ rabbitmq_stop_app_timeout }}
rabbitmqctl stop_app
# If RC is zero we have joined the cluster correctly.
# If RC is non-zero then the remote node may think we are already in cluster
# with the local node.
- name: rabbitmq | _join-cluster | Join the RabbitMQ cluster
become: yes
command: |
timeout {{ rabbitmq_join_cluster_timeout }}
rabbitmqctl join_cluster "{{ rabbitmq_remote_nodename }}"
register: _rabbitmq_join_result
failed_when: >
(_rabbitmq_join_result | failed) and
(not (_rabbitmq_join_result.stdout | search("already_member"))) and
(not (_rabbitmq_join_result.stderr | search("already_member")))
# If the join cluster command fail the remote may think we are already in
# cluster. This is a different scenario from join_cluster since the node
# does not need to become a member of the cluster. The need for this
# command is motivated by the fact that clusters can change while a node
# is offline. This in effect make the node become running.
- name: rabbitmq | _join-cluster | Join the RabbitMQ update_cluster_nodes
become: yes
command: |
rabbitmqctl update_cluster_nodes "{{ rabbitmq_remote_nodename }}"
when: (_rabbitmq_join_result | failed)
- name: rabbitmq | _join-cluster | Start the RabbitMQ application
become: yes
command: |
timeout {{ rabbitmq_start_app_timeout }}
rabbitmqctl start_app
- name: rabbitmq | _join-cluster | Wait for RabbitMQ application to start
become: yes
command: |
timeout {{ rabbitmq_start_timeout }}
rabbitmqctl wait {{ rabbitmq_env.pid_file }}
changed_when: false
# Check the remote host and local host thinks we are now in cluster.
# This is done remotely as locally we would have failed update_cluster_nodes
# or join_cluster and stopped.
- name: rabbitmq | _join-cluster | Check RabbitMQ is in a cluster
become: yes
delegate_to: "{{ item.ansible_host }}"
shell: >
rabbitmqctl cluster_status 2>/dev/null |
awk '/running_nodes,\[[^]]+,/,/]},/' |
sed 's/,\([^[]\)/,\n\1/g'
register: _rabbitmq_join_status_result
changed_when: false
failed_when: >
(_rabbitmq_join_status_result | success) and
(not (_rabbitmq_join_status_result.stdout |
search(item.ardana_host)))
with_items:
- ansible_host: "{{ rabbitmq_remote_host }}"
ardana_host: "{{ rabbitmq_nodename }}"
- ansible_host: "{{ inventory_hostname }}"
ardana_host: "{{ rabbitmq_remote_nodename }}"
07070100000049000081A40000000000000000000000015FAD0DE0000008DE000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_reset-host.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#
# NOTE: THIS PLAY MUST NOT RUN ON SINGLETON RABBITMQ NODE UNLESS
# 'rabbitmq_reset_option' IS SET TO 'force_reset'.
---
- name: rabbitmq | _reset-host | Check RabbitMQ is running
command: systemctl status rabbitmq-server
register: _rabbitmq_reset_status_result
changed_when: false
failed_when: false
- name: rabbitmq | _reset-host | Stop the RabbitMQ application to enable reset
become: yes
command: |
timeout {{ rabbitmq_stop_app_timeout }}
rabbitmqctl stop_app
register: _rabbitmq_reset_stop_app_result
when: (_rabbitmq_reset_status_result | success)
# Return a RabbitMQ node to its virgin state
#
# if rabbitmq_reset_option=reset (the default), this removes the node from
# any cluster it belongs to, removes all data from the mnesia database, such
# as configured users and vhosts, and deletes all persistent messages.
#
# If rabbitmq_reset_option=force_reset, it totally resets the state.
#
# For this command to succeed the RabbitMQ application must have been
# stopped. If the reset fails due to the timeout the cluster is generally
# unrecoverable.
- name: rabbitmq | _reset-host | Reset the RabbitMQ node
become: yes
command: |
timeout {{ rabbitmq_reset_timeout }}
rabbitmqctl {{ rabbitmq_reset_option }}
when: (_rabbitmq_reset_stop_app_result | success)
# Remove the Erlang Mnesia DB in case the node was offline/damaged during the
# task.
- name: rabbitmq | _reset-host | Clear down Mnesia RabbitMQ message DB
become: yes
file:
path: "{{ rabbitmq_env.mnesia_base }}/{{ rabbitmq_nodename }}"
state: absent
when: (_rabbitmq_reset_status_result | failed)
0707010000004A000081A40000000000000000000000015FAD0DE000000520000000000000000000000000000000000000004900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_stop_epmd.yml#
# (c) Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# NOTE(gyee): on upgrade, if we are still using one of those old epmd
# packages, the epmd process may still be running. In that case, we need
# to do a hard kill on it.
- name: rabbitmq | _stop_epmd | Get the process ID of epmd
shell: >
pgrep -f "epmd.*-daemon"
register: pgrep_epmd_result
ignore_errors: yes
# now do a hard kill on epmd if it's still alive and kicking
- name: rabbitmq | _stop_epmd | Double tap epmd
become: yes
shell: >
kill -9 {{ pgrep_epmd_result.stdout }}
when: pgrep_epmd_result.stdout != ""
- name: rabbitmq | _stop_epmd | Wait for epmd to exit
become: yes
wait_for:
path: "/proc/{{ pgrep_epmd_result.stdout }}/status"
state: absent
when: pgrep_epmd_result.stdout != ""
0707010000004B000081A40000000000000000000000015FAD0DE000001511000000000000000000000000000000000000005500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_wait-for-cluster-sync.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Note: This task is delegated to a remote node to determine if that node
# is in cluster.
- name: rabbitmq | _wait-for-cluster-sync | Check if RabbitMQ is in a cluster
become: yes
delegate_to: "{{ rabbitmq_remote_host }}"
shell: >
rabbitmqctl cluster_status 2>/dev/null |
awk '/running_nodes,\[[^]]+,/,/]},/' |
sed 's/,\([^[]\)/,\n\1/g'
register: _rabbitmq_in_cluster_result
failed_when: false
changed_when: false
- name: rabbitmq | _wait-for-cluster-sync | Check if RabbitMQ is in a mirror
become: yes
delegate_to: "{{ rabbitmq_remote_host }}"
shell: >
rabbitmqctl list_queues -q policy state synchronised_slave_pids 2>/dev/null |
grep '^{{ rabbitmq_ha_policy_name }}\s*running\s'
register: _rabbitmq_in_mirror_result
failed_when: false
changed_when: false
- name: rabbitmq | _wait-for-cluster-sync | Wait for HA queue sync to complete
become: yes
delegate_to: "{{ rabbitmq_remote_host }}"
shell: |
# see: https://www.rabbitmq.com/man/rabbitmqctl.1.man.html (Server Status)
# for full details on list_queues.
#
# see: https://www.rabbitmq.com/ha.html (Configuring explicit
# synchronisation)
# for how this relates to HA clustering.
#
# Precis of list queues doc:
# Returns queue details. Queue details of the / virtual host are returned
# if the "-p" flag is absent. The "-p" flag can be used to override this
# default. The queueinfoitem parameter is used to indicate which queue
# information items to include in the results. The column order in the
# results will match the order of the parameters.
#
# - policy
# Policy name applying to the queue.
#
# - state
# The state of the queue. Normally 'running', but may be
# "{syncing, MsgCount}" if the queue is synchronising. Queues which are
# located on cluster nodes that are currently down will be shown with a
# status of 'down' (and most other queueinfoitems will be unavailable)
#
# - synchronised_slave_pids
# If the queue is mirrored, this gives the IDs of the current slaves
# which are synchronised with the master - i.e. those which could take
# over from the master without message loss.
#
# - name (for debug if there is failure)
# The name of the queue with non-ASCII characters escaped as in C.
#
# The awk statement counts the number of hosts (<{{ rabbitmq_node }}@)
# that are currently synchronised to the master for any HA queues
# (rabbitmq_ha_policy_name). It will exclude any non HA/crashed queues
# that are found and will fail for any HA queues that is synchronising
# (printing its details for debug and to fail the task).
#
# Note: If timeout fails it writes to stderr.
timeout {{ rabbitmq_list_queues_timeout }} \
rabbitmqctl list_queues -q policy state synchronised_slave_pids name |
awk -F"<{{ rabbitmq_node }}@" \
'/^{{ rabbitmq_ha_policy_name }}\t/ && \
(!/\trunning\t/ || \
NF < {{ max_num_queues }}) \
{print}'
changed_when: false
register: _rabbitmq_sync_cluster_result
when: (_rabbitmq_in_cluster_result | success) and
(_rabbitmq_in_mirror_result | success) and
(_rabbitmq_in_cluster_result.stdout | search(rabbitmq_nodename)) and
(_rabbitmq_in_mirror_result.stdout | search(rabbitmq_nodename))
until: (_rabbitmq_sync_cluster_result | success) and
_rabbitmq_sync_cluster_result.stdout == "" and
_rabbitmq_sync_cluster_result.stderr == ""
retries: "{{ rabbitmq_sync_retries }}"
delay: "{{ rabbitmq_sync_delay }}"
# SOC-11083: Seeing that sometimes the retry until loop can exceed retries
# without failing, so fail here if that is the case, after printing results
- name: rabbitmq | _wait-for-cluster-sync | Print settings if failed
debug:
var: _rabbitmq_sync_cluster_result
when:
- not (_rabbitmq_sync_cluster_result | skipped)
- ((_rabbitmq_sync_cluster_result | failed) or
(_rabbitmq_sync_cluster_result.stdout != "") or
(_rabbitmq_sync_cluster_result.stderr != ""))
- name: rabbitmq | _wait-for-cluster-sync | Ensure we fail if retries exceeded
fail:
msg: >-
rabbitmq HA queue sync failed to complete after
{{ (rabbitmq_sync_retries | int) * (rabbitmq_sync_delay | int) }}
({{ rabbitmq_sync_retries }} * {{ rabbitmq_sync_delay }}) seconds.
when:
- not (_rabbitmq_sync_cluster_result | skipped)
- ((_rabbitmq_sync_cluster_result | failed) or
(_rabbitmq_sync_cluster_result.stdout != "") or
(_rabbitmq_sync_cluster_result.stderr != ""))
0707010000004C000081A40000000000000000000000015FAD0DE0000006A5000000000000000000000000000000000000005900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/_write-rabbitmq-env-config.yml#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | _write-rabbitmq-env-config | Determine ERL_SSL_PATH
become: yes
command: >
/usr/bin/erl -noinput -eval
'io:format("~s~n", [filename:dirname(code:which(inet_tls_dist))])' -s init
stop
register: erl_ssl_path_eval_result
when: rabbitmq_tls_replication | bool
- name: rabbitmq | _write-rabbitmq-env-config | Set erl_ssl_path fact
set_fact:
erl_ssl_path: "{{ erl_ssl_path_eval_result.stdout }}"
when: rabbitmq_tls_replication | bool
# TODO: We have to set the file permission to world readable for now
# as the files is own by user root and group root. Neither epmd nor
# rabbitmq user have access to that file if we set it to 0640.
# We'll definitely need to tighen up security later by not making
# it world readable. We can possibly create a new group with both
# epmd and rabbitmq user in it.
- name: rabbitmq | _write-rabbitmq-env-config | Create rabbitmq-env.conf
become: yes
template:
src: rabbitmq-env.conf.j2
dest: "{{ rabbitmq_etc_dir }}/rabbitmq-env.conf"
owner: root
group: root
mode: 0644
register: ardana_notify_rabbitmq_reset_required
0707010000004D000081A40000000000000000000000015FAD0DE00000049B000000000000000000000000000000000000004C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/check-plugins.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# See: https://www.rabbitmq.com/man/rabbitmq-plugins.1.man.html
- name: rabbitmq | check-plugins | Check RabbitMQ plugins match configuration
become: yes
shell: rabbitmq-plugins list | awk '/\[E[* ]\]/ {print $2}' # noqa
register: ardana_notify_rabbitmq_reset_required
changed_when: >
(ardana_notify_rabbitmq_reset_required | success) and
(rabbitmq_plugins | default([], true) |
symmetric_difference(
ardana_notify_rabbitmq_reset_required.stdout_lines) |
length != 0)
0707010000004E000081A40000000000000000000000015FAD0DE0000005C1000000000000000000000000000000000000004800000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/check-tls.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Check if there are any active ssl peers connected to RabbitMQ.
- name: rabbitmq | check-tls | Check RabbitMQ TLS state
become: yes
command: rabbitmqctl status
register: ardana_notify_rabbitmq_reset_required
changed_when: >
((not (rabbitmq_tls_enabled | bool)) and
(ardana_notify_rabbitmq_reset_required.stdout | search("'amqp/ssl'"))) or
((rabbitmq_tls_enabled | bool) and
(not (ardana_notify_rabbitmq_reset_required.stdout |
search("'amqp/ssl'"))))
- name: rabbitmq | check-tls | Check RabbitMQ inter-node TLS state
become: yes
shell: >
grep 'proto_dist inet_tls' "{{ rabbitmq_etc_dir }}/rabbitmq-env.conf" ||
true
register: ardana_notify_rabbitmq_major_change
changed_when: >
rabbitmq_tls_replication | bool and
ardana_notify_rabbitmq_major_change.stdout == ""
0707010000004F000081A40000000000000000000000015FAD0DE000000EF0000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/check-upgraded-pkgs.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | check-upgraded-pkgs | Check upgraded packages
debug:
msg: "Notify change in RabbitMQ package dependency: {{ item.package }}"
changed_when: true
when: item.upgrade != "" and
item.package in list_pkg_upgrades_base | default({})
with_items: rabbitmq_restart_packages
register: ardana_notify_rabbitmq_restart_required
- name: rabbitmq | check-upgraded-pkgs | Get current installed package version
shell: >
dpkg-query -W -f='${Version} ${status}\n' {{ item.package }} |
awk '/ok installed/{print $1}'
when: item.upgrade != "" and
ardana_notify_rabbitmq_restart_required.changed
changed_when: false
register: _rabbitmq_current_version_result
with_items: rabbitmq_restart_packages
# This task is required as the upgrade should stop if all nodes do not have
# the same version of the checked packages. This task has run_once_per RabbitMQ
# server cluster group as we only need to compare a singe node to the others
# and we do not need the cross product.
- name: rabbitmq | check-upgraded-pkgs | Check installed package are constant
fail:
msg: "Inconstant RabbitMQ package found: {{ item.key }} : {{ item.value }}"
when: (item.value | length != 1)
with_dict: >
(rabbitmq_cp_hosts.ansible_cluster |
package_consistency_check(hostvars, '_rabbitmq_current_version_result'))
run_once_per: rabbitmq_cp.group_name
- name: rabbitmq | check-upgraded-pkgs | Get current available package version
shell: >
apt-cache show {{ item.package }} |
awk '/Version/{print $2; exit}'
when: item.upgrade != "" and
ardana_notify_rabbitmq_restart_required.changed
changed_when: false
register: _rabbitmq_available_version_result
with_items: rabbitmq_restart_packages
# This task is required as the upgrade should stop if all nodes cannot see the
# same repository version of the checked packages. This task has run_once_per
# RabbitMQ cluster group as we only need to compare a singe node to the others
# and we do not need the cross product.
- name: rabbitmq | check-upgraded-pkgs | Check repository package are constant
fail:
msg: "Inconstant repository found: {{ item.key }} : {{ item.value }}"
when: (item.value | length != 1)
with_dict: >
(rabbitmq_cp_hosts.ansible_cluster |
package_consistency_check(hostvars, '_rabbitmq_available_version_result'))
run_once_per: rabbitmq_cp.group_name
- name: rabbitmq | check-upgraded-pkgs | Set upgrade strategy for RabbitMQ
debug:
msg: "Notify RabbitMQ Major upgrade required for: {{ item[0].package }}"
changed_when: true
when: item[0].upgrade != "" and
ardana_notify_rabbitmq_restart_required.changed and (
(item[0].upgrade == "major" and
item[1].stdout !=
item[2].stdout) or
(item[0].upgrade == "check" and
(item[1].stdout | regex_replace('(^(\\d+\\.){2}).*', '\\1')) !=
(item[2].stdout | regex_replace('(^(\\d+\\.){2}).*', '\\1')))
)
with_together:
- rabbitmq_restart_packages
- _rabbitmq_available_version_result.results
- _rabbitmq_current_version_result.results
register: ardana_notify_rabbitmq_major_change
07070100000050000081A40000000000000000000000015FAD0DE000001000000000000000000000000000000000000000005500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/clear-persistant-facts.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts
debug:
msg: "Clear RabbitMQ fact reset_required: {{ inventory_hostname }}"
changed_when: true
when: ardana_notify_rabbitmq_reset_required is defined and
ardana_notify_rabbitmq_reset_required.changed
- name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts
debug:
msg: "Clear RabbitMQ fact restart_required: {{ inventory_hostname }}"
changed_when: true
when: ardana_notify_rabbitmq_restart_required is defined and
ardana_notify_rabbitmq_restart_required.changed
- name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts
debug:
msg: "Clear RabbitMQ persistant stop_forced: {{ inventory_hostname }}"
changed_when: true
when: ardana_notify_rabbitmq_stop_forced is defined and
ardana_notify_rabbitmq_stop_forced.changed
- name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts
debug:
msg: "Clear RabbitMQ persistant fact major_change: {{ inventory_hostname }}"
changed_when: true
when: ardana_notify_rabbitmq_major_change is defined and
ardana_notify_rabbitmq_major_change.changed
- name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts
debug:
msg: "Clear RabbitMQ fact workaround_required: {{ inventory_hostname }}"
changed_when: true
when: ardana_notify_rabbitmq_workaround_required is defined and
ardana_notify_rabbitmq_workaround_required.changed
- name: rabbitmq | clear-persistant-facts | Clear RabbitMQ persistant facts
debug:
msg: "Clear RabbitMQ fact lockout_tls: {{ inventory_hostname }}"
changed_when: true
when: (rabbitmq_config_lock | bool) and
ardana_notify_rabbitmq_lockout_tls is defined and
ardana_notify_rabbitmq_lockout_tls.changed
- name: rabbitmq | clear-persistant-facts | Set RabbitMQ persistant facts False
set_fact:
ardana_notify_set_false_prefix: ardana_notify_rabbitmq
changed_when: true
register: _rabbitmq_clear_facts_prefix_result # Not a persistant facts.
when: ardana_notify_rabbitmq_lockout_tls is defined and
ardana_notify_rabbitmq_lockout_tls.skipped and
((ardana_notify_rabbitmq_reset_required is defined and
ardana_notify_rabbitmq_reset_required.changed) or
(ardana_notify_rabbitmq_restart_required is defined and
ardana_notify_rabbitmq_restart_required.changed) or
(ardana_notify_rabbitmq_stop_forced is defined and
ardana_notify_rabbitmq_stop_forced.changed) or
(ardana_notify_rabbitmq_major_change is defined and
ardana_notify_rabbitmq_major_change.changed) or
(ardana_notify_rabbitmq_workaround_required is defined and
ardana_notify_rabbitmq_workaround_required.changed))
- name: rabbitmq | clear-persistant-facts | Set RabbitMQ persistant facts False
debug:
msg: "Clear {{ ardana_notify_set_false_prefix }}:{{ inventory_hostname }}"
changed_when: true
register: ardana_notify_set_persistent_facts_to_false # This forces the reset.
when: _rabbitmq_clear_facts_prefix_result is defined and
_rabbitmq_clear_facts_prefix_result.changed
- name: rabbitmq | clear-persistant-facts | Default persistant facts prefix
set_fact:
ardana_notify_set_false_prefix: ardana_notify
changed_when: true
when: _rabbitmq_clear_facts_prefix_result is defined and
_rabbitmq_clear_facts_prefix_result.changed
07070100000051000081A40000000000000000000000015FAD0DE000000974000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/configure-users.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | configure-users | Find all RabbitMQ user accounts
set_fact:
_rabbitmq_user_accounts: |
[{% for component in rabbitmq_cp.credentials -%}
{% if component.vars.accounts is defined -%}
{% for account in component.vars.accounts -%}
{{ component.vars.accounts[account] | to_json }}
{%- if not loop.last -%}
,
{% endif -%}
{% endfor -%}
{% endif -%}
{%- if not loop.last -%}
,
{% endif -%}
{% endfor %}]
changed_when: true
register: _rabbitmq_configure_users_result
when: _rabbitmq_user_accounts is not defined
- name: rabbitmq | configure-users | Remove guest user if not used
become: yes
rabbitmq_user:
node: "{{ rabbitmq_nodename }}"
user: guest
state: absent
when: _rabbitmq_configure_users_result is defined and
_rabbitmq_configure_users_result.changed and
not ('guest' in (_rabbitmq_user_accounts | map(attribute='username')))
run_once_per: rabbitmq_cp.group_name
- name: rabbitmq | configure-users | Create RabbitMQ users
become: yes
no_log: true
rabbitmq_user:
node: "{{ rabbitmq_nodename }}"
user: "{{ item.username }}"
password: "{{ item.password | quote }}"
vhost: "{{ item.vhost }}"
configure_priv: "{{ item.conf_permissions }}"
read_priv: "{{ item.read_permissions }}"
write_priv: "{{ item.write_permissions }}"
tags: "{{ item.tags }}"
state: present
force: yes
run_once_per: rabbitmq_cp.group_name
when: _rabbitmq_configure_users_result is defined and
_rabbitmq_configure_users_result.changed and
item.username is defined and item.password is defined
with_items: "{{ _rabbitmq_user_accounts | unique }}"
07070100000052000081A40000000000000000000000015FAD0DE00000047C000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/create-working-dirs.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | create-working-dirs | Create required directorys
become: yes
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner | default('root') }}"
group: "{{ item.group | default('root') }}"
mode: 0755
with_items:
- path: /etc/logrotate.d
- path: "{{ rabbitmq_etc_dir }}"
- path: "{{ rabbitmq_env.pid_file | dirname }}"
owner: rabbitmq
group: rabbitmq
- include: _erlang_ssl_symlink.yml
when: ansible_os_family == 'Debian'
07070100000053000081A40000000000000000000000015FAD0DE000000AF0000000000000000000000000000000000000004600000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | install | Install RabbitMQ dependencies
become: yes
package:
name: "{{ item }}"
state: present
with_items: procps
- name: rabbitmq | install | SUSE - Install RabbitMQ application
become: yes
zypper:
name: "{{ item.package }}"
state: latest
register: _rabbitmq_install_zypper_result
with_items: rabbitmq_restart_packages
when:
item.upgrade != "" and
ansible_os_family == 'Suse'
# The epmd.socket unit is enabled by default but only listens on 127.0.0.1,
# while we need it to listen on the management network too.
- name: rabbitmq | install | Create epmd.socket.d directory
become: yes
file:
path: /etc/systemd/system/epmd.socket.d
state: directory
mode: 0755
when:
ansible_os_family == 'Suse'
- name: rabbitmq | install | SUSE - Create epmd.socket.d/port.conf
become: yes
template:
src: suse/epmd.socket-port.conf.j2
dest: /etc/systemd/system/epmd.socket.d/port.conf
mode: 0644
register: _epmd_socket_conf_result
when:
ansible_os_family == 'Suse'
- name: rabbitmq | install | SUSE - Reload systemd for epmd.socket extension
become: yes
command: systemctl daemon-reload
when:
_epmd_socket_conf_result.changed and
ansible_os_family == 'Suse'
- name: rabbitmq | install | SUSE - Store registered facts
set_fact:
_rabbitmq_install_pkg_result: "{{ _rabbitmq_install_zypper_result }}"
when: ansible_os_family == 'Suse'
# We need to create rabbitmq-env.config after the Erlang package is
# available because we need to use /usr/bin/erl command to determine the
# Erlang SSL module path.
- include: _write-rabbitmq-env-config.yml
when: _rabbitmq_install_pkg_result.changed
- name: rabbitmq | install | Restart RabbitMQ application
become: yes
service:
name: "{{ rabbitmq_service_name }}"
state: restarted
when: _rabbitmq_install_pkg_result.changed
- name: rabbitmq | install | Wait for the RabbitMQ application to start
become: yes
command: |
timeout {{ rabbitmq_start_timeout }}
rabbitmqctl wait {{ rabbitmq_env.pid_file }}
changed_when: false
when: _rabbitmq_install_pkg_result.changed
07070100000054000081A40000000000000000000000015FAD0DE000000A45000000000000000000000000000000000000004A00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/lock_config.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | lock_config | Get RabbitMQ Status
become: yes
command: rabbitmqctl status
register: _rabbitmq_status_result
changed_when: false
# Lockout low-level plays in RabbitMQ if we detect a complex change
# requiring orchestration across services.
- name: rabbitmq | lock_config | Check for unsafe RabbitMQ configuration change
fail:
msg: "Unsafe configuration change: Please run Ardana top level playbook"
when: (rabbitmq_config_lock | bool) and
(not (rabbitmq_cp.tls_enabled | bool)) and
(_rabbitmq_status_result.stdout | search("'amqp/ssl'"))
run_once: true
- name: rabbitmq | lock_config | Set-up facts prefix and clear lockout_tls
set_fact:
ardana_notify_set_false_prefix: ardana_notify_rabbitmq
changed_when: true
register: _rabbitmq_lock_config_prefix_result # Not a persistant facts.
when: ardana_notify_rabbitmq_lockout_tls is defined and
ardana_notify_rabbitmq_lockout_tls.changed
- name: rabbitmq | lock_config | Set RabbitMQ persistant facts False
debug:
msg: "Clear {{ ardana_notify_set_false_prefix }}:{{ inventory_hostname }}"
changed_when: true
register: ardana_notify_set_persistent_facts_to_false # This forces the reset.
when: _rabbitmq_lock_config_prefix_result is defined and
_rabbitmq_lock_config_prefix_result.changed
- name: rabbitmq | lock_config | Default persistant facts prefix
set_fact:
ardana_notify_set_false_prefix: ardana_notify
changed_when: true
when: _rabbitmq_lock_config_prefix_result is defined and
_rabbitmq_lock_config_prefix_result.changed
- name: rabbitmq | lock_config | Detect TLS is being disabled
debug:
msg: "Lock TLS config, services must transition: {{ inventory_hostname }}"
changed_when: true
when: (ardana_notify_rabbitmq_lockout_tls is not defined) and
(not (rabbitmq_cp.tls_enabled | bool)) and
(_rabbitmq_status_result.stdout | search("'amqp/ssl'"))
register: ardana_notify_rabbitmq_lockout_tls
07070100000055000081A40000000000000000000000015FAD0DE000000651000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/main.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | main | Load os-specific variables
include_vars: "{{ ansible_os_family | lower }}.yml"
- name: rabbitmq | main | Validate cluster play for RabbitMQ
fail:
msg: |
"Play is limited to one control plane: {{ rabbitmq_cp.control_planes }}"
"If 'rabbitmq_primary_hostname' is not: {{ groups[rabbitmq_cp.group_name]
| first }}"
"or 'rabbitmq_remote_hostname' is not: {{ groups[rabbitmq_cp.group_name]
[(groups[rabbitmq_cp.group_name].index(rabbitmq_primary_hostname) + 1) %
(groups[rabbitmq_cp.group_name] | length )]) }}"
when: >
((rabbitmq_primary_hostname != (groups[rabbitmq_cp.group_name] | first)) or
(rabbitmq_remote_hostname != (groups[rabbitmq_cp.group_name]
[(groups[rabbitmq_cp.group_name].index(rabbitmq_primary_hostname) + 1) %
(groups[rabbitmq_cp.group_name] | length )])) ) and
((play_hosts | cluster_consistency_check(hostvars) | length) > 1)
run_once: true
07070100000056000081A40000000000000000000000015FAD0DE000000632000000000000000000000000000000000000004C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/pre-configure.yml#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | pre-configure | Add 'rabbitmq' group
become: yes
group:
name: rabbitmq
system: yes
- name: rabbitmq | pre-configure | Add 'rabbitmq' user
become: yes
user:
name: rabbitmq
group: rabbitmq
comment: "RabbitMQ messaging server"
shell: /bin/false
home: "{{ rabbitmq_env.home }}"
register: ardana_notify_rabbitmq_stop_forced
- name: rabbitmq | pre-configure | Create required directorys
become: yes
file:
path: "{{ item }}"
state: directory
owner: rabbitmq
group: rabbitmq
mode: 0755
with_items: "{{ rabbitmq_env.home }}"
# This alluse use to use systemctl on remote node not yet in
# cluster.
- name: rabbitmq | pre-configure | Create shared .erlang.cookie
become: yes
template:
src: erlang.cookie.j2
dest: "{{ rabbitmq_env.home }}/.erlang.cookie"
owner: rabbitmq
group: rabbitmq
mode: 0400
register: ardana_notify_rabbitmq_stop_forced
07070100000057000081A40000000000000000000000015FAD0DE000000BBA000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/remove.yml#
# (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | remove | Forcfully stop RabbitMQ
become: yes
command: pkill -9 -u rabbitmq
register: _rabbitmq_remove_pkill_result
changed_when: _rabbitmq_remove_pkill_result | success
failed_when: _rabbitmq_remove_pkill_result.rc >= 2
# Stop the RabbitMQ application including Erlang.
- name: rabbitmq | remove | Notify systemd that RabbitMQ service is stopped
become: yes
service:
name: rabbitmq-server
enabled: no
state: stopped
- include: _stop_epmd.yml
- name: rabbitmq | remove | Forcfully clear down all mnesia
become: yes
file:
path: "{{ rabbitmq_env.mnesia_base }}"
state: absent
- name: rabbitmq | remove | Clean down any tls files
become: yes
file:
path: "{{ item.value }}"
state: absent
with_dict: rabbitmq_tls
- name: rabbitmq | remove | Check rabbitmq-server.postrm exits
become: yes
stat:
path: /var/lib/dpkg/info/rabbitmq-server.postrm
register: _rabbitmq_remove_stat_result
- name: rabbitmq | remove | Modify rabbitmq-server.postrm to allow mount points
become: yes
replace:
dest: /var/lib/dpkg/info/rabbitmq-server.postrm
regexp: '(\s+)rm -r (.*)\s*$'
replace: '\1rm -rf \2 || true'
when: _rabbitmq_remove_stat_result.stat.exists
- name: rabbitmq | remove | Debian - Remove the RabbitMQ packages
become: yes
apt:
name: "{{ item.package }}"
force: yes
state: absent
purge: yes
register: _purge_result
with_items: rabbitmq_restart_packages[::-1]
when:
item.upgrade != "" and
ansible_os_family == 'Debian'
# https://github.com/ansible/ansible-modules-core/issues/965
- name: rabbitmq | remove | Debian - Remove unused packages
become: yes
command: apt-get -y autoremove
register: _autoremove_result
changed_when: >
"The following packages will be REMOVED" in
_autoremove_result.stdout
when:
_purge_result.changed and
ansible_os_family == 'Debian'
tags:
- skip_ansible_lint
- name: rabbitmq | remove | SUSE - Remove the RabbitMQ packages and dependencies
become: yes
command: zypper remove --no-confirm --clean-deps {{ item.package }}
register: _rabbitmq_remove_result
failed_when: _rabbitmq_remove_result.rc != 0 and
_rabbitmq_remove_result.rc != 104
with_items: rabbitmq_restart_packages[::-1]
when:
item.upgrade != "" and
ansible_os_family == 'Suse'
07070100000058000081A40000000000000000000000015FAD0DE000000F3B000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/start.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | start | Ensure that epmd service is started
become: yes
service:
name: epmd.service
enabled: no
state: started
- name: rabbitmq | start | Ensure that RabbitMQ service is started
become: yes
service:
name: rabbitmq-server
enabled: no
state: started
register: _rabbitmq_start_result
# It is possible that RabbitMQ service was started but we are at stop_app
# so let's guarantee the RabbitMQ application is also started.
- name: rabbitmq | start | Get RabbitMQ status
become: yes
command: rabbitmqctl status
changed_when: false
register: _rabbitmq_start_status_result
when: not _rabbitmq_start_result.changed
- name: rabbitmq | start | Run start_app if RabbitMQ application is stopped
become: yes
command: |
timeout {{ rabbitmq_start_app_timeout }}
rabbitmqctl start_app
register: _rabbitmq_start_app_result
when: not _rabbitmq_start_result.changed and
not (_rabbitmq_start_status_result.stdout |
search('{rabbit,"RabbitMQ",.*},'))
# Wait for the RabbitMQ application to start.
- name: rabbitmq | start | Wait for the RabbitMQ application to start
become: yes
command: |
timeout {{ rabbitmq_start_timeout }}
rabbitmqctl wait {{ rabbitmq_env.pid_file }}
changed_when: false
when: _rabbitmq_start_result.changed or
_rabbitmq_start_app_result.changed
# Configure 'rabbitmq_primary_hostname' RabbitMQ node to be able to form and
# synchronisable a HA cluster.
- include: _configure-ha-cluster.yml
when: inventory_hostname == rabbitmq_primary_hostname
# We have to work across the cluster here as to join a host at least two must
# be online and hence this is a serialisation inside the task.
#
# The hosts are taken down using the stop play the rabbitmq_primary_hostname
# is taken down last, so during the cluster rejoin, the other hosts must join
# to the rabbitmq_primary_hostname host first.
#
# Cluster remote to primary.
- include: _cluster-check.yml
when: inventory_hostname == rabbitmq_remote_hostname and
(rabbitmq_clustered | bool)
# Cluster nodes that are not primary or remote to primary.
- include: _cluster-check.yml
when: inventory_hostname != rabbitmq_primary_hostname and
inventory_hostname != rabbitmq_remote_hostname and
(rabbitmq_clustered | bool)
# Cluster primary to remote.
- include: _cluster-check.yml
when: inventory_hostname == rabbitmq_primary_hostname and
(rabbitmq_clustered | bool)
# Enable any registered RabbitMQ plugins. This must be done after clustering to
# correctly set-up the distributed DB used by RabbitMQ. We serialize the
# install so we always get a master node up for distributed plugins.
- include: _enable-plugins.yml
when: inventory_hostname == rabbitmq_primary_hostname
- include: _enable-plugins.yml
when: inventory_hostname != rabbitmq_primary_hostname and
(rabbitmq_clustered | bool)
# We retry here as logrotate may be running.
- name: rabbitmq | start | Rotate the logs on startup
become: yes
command: logrotate -f /etc/logrotate.d/rabbitmq-server
register: _rabbitmq_start_logrotate_result
until: (_rabbitmq_start_logrotate_result | success)
retries: 5
delay: 10
when: _rabbitmq_start_result.changed
07070100000059000081A40000000000000000000000015FAD0DE00000097C000000000000000000000000000000000000004500000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/status.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: rabbitmq | status | Check RabbitMQ service
debug:
msg: "Running service check on RabbitMQ"
run_once: true
- name: rabbitmq | status | Check RabbitMQ service running
command: systemctl status "{{ rabbitmq_service_name }}"
changed_when: false
failed_when: false
register: _rabbitmq_systemctl_status_result
- name: rabbitmq | status | Report status of RabbitMQ
fail:
msg: |
{{ rabbitmq_service_name }} is not running.
systemctl status {{ rabbitmq_service_name }}
{{ _rabbitmq_systemctl_status_result.stdout }}
{{ _rabbitmq_systemctl_status_result.stderr }}
when: (_rabbitmq_systemctl_status_result | failed)
- name: rabbitmq | status | Check RabbitMQ running hosts in cluster
become: yes
shell: >
rabbitmqctl cluster_status 2>/dev/null |
awk '/running_nodes,\[[^]]+,/,/]},/' |
sed 's/,\([^[]\)/,\n\1/g'
register: _rabbitmq_cluster_status_result
changed_when: false
failed_when: >
(_rabbitmq_cluster_status_result | failed) or
(_rabbitmq_cluster_status_result.stdout_lines | length) !=
(rabbitmq_cluster_size | int)
when: (rabbitmq_clustered | bool)
# Note: We always take the TLS details from CP here.
- name: rabbitmq | status | Validate RabbitMQ clients connection TLS/TCP status
become: yes
shell: >
rabbitmqctl -q list_connections ssl state ssl_protocol user name |
sort -u |
awk -F'\t'
'(($1 ~ /^{{ (not (rabbitmq_cp.tls_enabled | bool)) | lower }}$/ &&
$2 !~ /^(closing|closed)$/) ||
$3 !~ /^tlsv1.2$|^$/) &&
$4 !~ /^$/'
register: _rabbitmq_tls_status_result
changed_when: false
failed_when: >
(_rabbitmq_tls_status_result | failed) or
(_rabbitmq_tls_status_result.stdout_lines | length) > 0
when: (rabbitmq_tls_check_status | bool)
0707010000005A000081A40000000000000000000000015FAD0DE0000009C6000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/stop.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Wait for queues to synchronise, during synchronisation the queues will
# pause and not allow any messages to be placed in the queue that is
# synchronising.
- include: _wait-for-cluster-sync.yml
when: (rabbitmq_clustered | bool)
# This will disable/stop all running plugins. This must be performed before
# leaving a cluster (gracefully exit) as we must inform all cluster node
# of our plugin states before we exit so not to have restart issues.
#
# Note: For non-gracefully we should work as we do not do a host reset
# and hence we use the internal Rabbit HA mechanism to get back
# online.
- include: _disable-plugins.yml
# The 'when' statement below make sure that never run reset in the stop
# incorrectly in a cluster even when rabbitmq_permit_multi_stop is defined.
# This allows us to preserve at least one node with the current DB, which must
# be the last node to stop and the first node to start.
#
# NOTE: the conditions on this next step are in ADDITION to restrictions
# that the top-level playbooks impose. It is VITAL that you read
# these conditions in conjunction with the guards in those playbooks!
- include: _reset-host.yml
when: not rabbitmq_do_not_reset_node and (
(not rabbitmq_permit_multi_stop and
(rabbitmq_clustered | bool)) or
(rabbitmq_permit_multi_stop and
inventory_hostname != rabbitmq_primary_hostname) or
(rabbitmq_reset_option == "force_reset")
)
# Stop the RabbitMQ application including Erlang.
- name: rabbitmq | stop | Ensure that RabbitMQ service is stopped
become: yes
service:
name: rabbitmq-server
enabled: no
state: stopped
- name: rabbitmq | stop | Ensure that epmd service is stopped
become: yes
service:
name: epmd.service
enabled: no
state: stopped
- include: _stop_epmd.yml
0707010000005B000081A40000000000000000000000015FAD0DE00000070D000000000000000000000000000000000000004900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/workaround.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# See if we need to workaround RabbitMQ 3.4.3-3.6.0 reset problems.
#
---
- name: rabbitmq | workaround | Get RabbitMQ installed package version
shell: >
dpkg-query -W -f='${Version} ${status}\n' {{ item.package }} |
awk '/ok installed/{print $1}'
when: item.upgrade != ""
changed_when: false
register: _rabbitmq_workaround_version_result
with_items: rabbitmq_restart_packages
- name: rabbitmq | workaround | Check current installed package are constant
fail:
msg: "Inconstant RabbitMQ package found: {{ item.key }} : {{ item.value }}"
when: (item.value | length != 1)
with_dict: >
(rabbitmq_cp_hosts.ansible_cluster |
package_consistency_check(hostvars, '_rabbitmq_workaround_version_result'))
run_once_per: rabbitmq_cp.group_name
- name: rabbitmq | workaround | Set RabbitMQ workaround
debug:
msg: "Notify RabbitMQ workaround required: {{ item.item.package }}"
changed_when: true
when: item.skipped is not defined and
(item.stdout |
version_compare_smart(item.item.workround, '<'))
with_items: _rabbitmq_workaround_version_result.results
register: ardana_notify_rabbitmq_workaround_required
0707010000005C000081A40000000000000000000000015FAD0DE00000077F000000000000000000000000000000000000005200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/write-configuration.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# see: http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
- name: rabbitmq | write-configuration | Create rabbitmq-server.conf
become: yes
template:
src: rabbitmq-server.conf.j2
dest: "/usr/lib/tmpfiles.d/rabbitmq-server.conf"
owner: root
group: root
mode: 0644
register: ardana_notify_rabbitmq_reset_required
- name: rabbitmq | write-configuration | Create rabbitmq.config
become: yes
template:
src: rabbitmq.config.j2
dest: "{{ rabbitmq_etc_dir }}/rabbitmq.config"
owner: root
group: root
mode: 0644
register: ardana_notify_rabbitmq_reset_required
- name: rabbitmq | write-configuration | Check logrotate rabbitmq-server file
stat:
path: /etc/logrotate.d/rabbitmq-server
register: _rabbitmq_configure_logrotate_result
# Package RabbitMQ install will install logrotate by default as a dependent
- name: rabbitmq | write-configuration | Create logrotate rabbitmq-server file
become: yes
template:
src: rabbitmq-server.logrotate.j2
dest: /etc/logrotate.d/rabbitmq-server
owner: root
group: root
mode: 0644
when: (not _rabbitmq_configure_logrotate_result.stat.exists) or
(('LOG_PRO' in verb_hosts) and
(inventory_hostname not in groups[verb_hosts.LOG_PRO]))
0707010000005D000081A40000000000000000000000015FAD0DE00000113B000000000000000000000000000000000000004E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/tasks/write-tls-files.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# If we are told to regenerate all certs remove existing reqs.
# User is forcing a change so lets force a major change.
- name: rabbitmq | write-tls-files | Remove RabbitMQ cert requests
become: yes
file:
path: "{{ rabbitmq_tls.req_file }}"
state: absent
register: _rabbitmq_remove_cert_result
when: (rabbitmq_tls_certs_force_regeneration | bool)
# We only need a major upgrade set if replication is using TLS.
- name: rabbitmq | write-tls-files | Set major upgrade as we removed cert
debug:
msg: "Remove RabbitMQ cert requested forceing major upgrade"
changed_when: true
when: _rabbitmq_remove_cert_result.changed and
(rabbitmq_tls_replication | bool)
register: ardana_notify_rabbitmq_major_change
# Are any certificates on disk?
- name: rabbitmq | write-tls-files | Check cert file exists
become: yes
stat:
path: "{{ rabbitmq_tls.pem_file }}"
register: _rabbitmq_tls_pem_file_result
# Are there any invalid certs? If yes, we need new certs.
- name: rabbitmq | write-tls-files | Check cert validity
become: yes
command: openssl verify {{ rabbitmq_tls.pem_file }}
when: _rabbitmq_tls_pem_file_result.stat.exists
register: _rabbitmq_cert_validity_checks_result
failed_when: "'error' in _rabbitmq_cert_validity_checks_result.stderr"
changed_when: false
# Delete the cert requests whose certs are invalid.
- name: rabbitmq | write-tls-files | Remove invalid cert requests
become: yes
file:
path: "{{ rabbitmq_tls.req_file }}"
state: absent
register: _rabbitmq_invalid_cert_result
when: _rabbitmq_tls_pem_file_result.stat.exists and
(_rabbitmq_cert_validity_checks_result | failed)
# We only need a major upgrade set if replication is using TLS.
- name: rabbitmq | write-tls-files | Set major upgrade as we removed cert
debug:
msg: "Invalid RabbitMQ cert forceing major upgrade"
changed_when: true
when: _rabbitmq_invalid_cert_result.changed and
(rabbitmq_tls_replication | bool)
register: ardana_notify_rabbitmq_major_change
# Are there any certs about to expire? The openssl -checkend option
# will return 1 if cert is about to expire. So we use it as a filter
# in the next step to replace the expiring certs.
- name: rabbitmq | write-tls-files | Check cert expiry
become: yes
command: >
openssl x509 -in {{ rabbitmq_tls.pem_file }} -checkend
{{ rabbitmq_tls_expiry_check }}
register: _rabbitmq_cert_expiry_checks_result
when: _rabbitmq_tls_pem_file_result.stat.exists
failed_when: false
changed_when: false
# Delete the cert requests whose certs are about to expire. And then
# run a minor change
- name: rabbitmq | write-tls-files | Remove expiring cert requests
become: yes
file:
path: "{{ rabbitmq_tls.req_file }}"
state: absent
when: _rabbitmq_tls_pem_file_result.stat.exists and
(_rabbitmq_cert_expiry_checks_result | failed)
register: ardana_notify_rabbitmq_reset_required
# Copy cert requests. A successful copy indicates that the
# corresponding cert needs to be copied too.
- name: rabbitmq | write-tls-files | Copy RabbitMQ cert requests
become: yes
copy:
src: "{{ rabbitmq_tls_certs_local_dir }}/{{ rabbitmq_cp.tls_filename }}.req"
dest: "{{ rabbitmq_tls.req_file }}"
owner: rabbitmq
group: rabbitmq
mode: 0400
register: _rabbitmq_cert_request_update_result
# If we are updating the pem file then we can run minor change.
- name: rabbitmq | write-tls-files | Copy RabbitMQ certs
become: yes
copy:
src: "{{ rabbitmq_tls_certs_local_dir }}/{{ rabbitmq_cp.tls_filename }}"
dest: "{{ rabbitmq_tls.pem_file }}"
owner: rabbitmq
group: rabbitmq
mode: 0400
when: _rabbitmq_cert_request_update_result.changed
register: ardana_notify_rabbitmq_reset_required
0707010000005E000041ED0000000000000000000000035FAD0DE000000000000000000000000000000000000000000000003E00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates0707010000005F000081A40000000000000000000000015FAD0DE0000002A5000000000000000000000000000000000000004F00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/erlang.cookie.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
{{ rabbitmq_cp.erlang_cookie }}
07070100000060000081A40000000000000000000000015FAD0DE0000002DD000000000000000000000000000000000000005300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq-env.conf.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
{% for key,value in rabbitmq_env|dictsort %}
{{ key | upper }}={{ value }}
{% endfor %}
07070100000061000081A40000000000000000000000015FAD0DE0000002C4000000000000000000000000000000000000005600000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq-server.conf.j2{#
#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
d {{ rabbitmq_env.pid_file | dirname }} 0755 rabbitmq rabbitmq
07070100000062000081A40000000000000000000000015FAD0DE000000362000000000000000000000000000000000000005B00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq-server.logrotate.j2{#
#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
{{ rabbitmq_env.log_base }}/*.log
{
daily
compress
delaycompress
missingok
notifempty
maxsize 45M
rotate 7
sharedscripts
postrotate
/usr/sbin/rabbitmqctl rotate_logs > /dev/null
endscript
}
07070100000063000081A40000000000000000000000015FAD0DE0000009E1000000000000000000000000000000000000005100000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/rabbitmq.config.j2{#
#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[
{kernel, [
{inet_dist_listen_min, {{ rabbitmq_cp.inet_dist_listen_port }}},
{inet_dist_listen_max, {{ rabbitmq_cp.inet_dist_listen_port }}},
{inet_default_listen_options, [
{nodelay,true},
{sndbuf,65535},
{recbuf,65535},
{keepalive, true}
]},
{inet_default_connect_options, [
{nodelay,true},
{keepalive, true}
]}
]},
{% if (rabbitmq_tls_enabled | bool) %}
{ssl, [{versions, ['tlsv1.2']}]},
{% endif %}
{rabbit, [
{tcp_listeners, [
{% for addr in rabbitmq_cp.tcp_bind_addresses %}
{"{{ addr.ip }}", {{ addr.port }}}{% if not loop.last %},{% endif %}
{% endfor %}
]},
{% if (rabbitmq_tls_enabled | bool) %}
{ssl_listeners, [
{% for addr in rabbitmq_cp.tls_bind_addresses %}
{"{{ addr.ip }}", {{ addr.port }}}{% if not loop.last %},{% endif %}
{% endfor %}
]},
{ssl_options, [
{keyfile, "{{ rabbitmq_tls.pem_file }}"},
{certfile, "{{ rabbitmq_tls.pem_file }}"},
{versions, ['tlsv1.2']},
{verify, verify_none},
{fail_if_no_peer_cert, false}
]},
{% endif %}
{% if (rabbitmq_clustered | bool) %}
{cluster_partition_handling, {{ rabbitmq_config.cluster_partition_handling }}},
{queue_master_locator, <<"min-masters">>},
{% endif %}
{disk_free_limit, {{ rabbitmq_config.disk_free_limit }}},
{loopback_users, []},
{vm_memory_high_watermark, {{ rabbitmq_config.vm_memory_high_watermark }}},
{hipe_compile, {{ rabbitmq_config.hipe_compile | lower }}}
]}{% if ("rabbitmq_management" in (rabbitmq_plugins | default([], true))) %},
{rabbitmq_management, [
{listener, [
{port, {{ rabbitmq_cp.management_address.port }}},
{ip, "{{ rabbitmq_cp.management_address.ip }}"},
{ssl, {{ rabbitmq_tls_enabled | lower }}}
]},
{rates_mode, {{ rabbitmq_config.rates_mode }}}
]}
{% endif %}
].
07070100000064000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000004300000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/suse07070100000065000081A40000000000000000000000015FAD0DE000000297000000000000000000000000000000000000005C00000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/templates/suse/epmd.socket-port.conf.j2{#
#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#}
[Socket]
ListenStream={{ rabbitmq_cp.management_address.ip }}:4369
FreeBind=true
07070100000066000041ED0000000000000000000000025FAD0DE000000000000000000000000000000000000000000000003900000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/vars07070100000067000081A40000000000000000000000015FAD0DE00000044A000000000000000000000000000000000000004400000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/vars/debian.yml
# (c) Copyright 2017 Hewlett Packard Enterprise Development LP
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# List of packages we register a restart.
rabbitmq_restart_packages:
- upgrade: major
workround: "1:18.3.1-dfsg-1+hpelinux1"
package: erlang-base
- upgrade: "{%- if rabbitmq_config.hipe_compile -%}
major
{%- endif -%}"
workround: "1:18.3.1-dfsg-1+hpelinux1"
package: erlang-base-hipe
- upgrade: major
workround: "1:18.3.1-dfsg-1+hpelinux1"
package: erlang-nox
- upgrade: check
workround: 3.6.1
package: rabbitmq-server
07070100000068000081A40000000000000000000000015FAD0DE0000003E2000000000000000000000000000000000000004200000000ardana-mq-8.0+git.1605176800.52cccfa/roles/rabbitmq/vars/suse.yml
# (c) Copyright 2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Placeholder for Erlang SSL module path. Expect to be overwritten
# by the tasks when setting up SSL for distribution.
erl_ssl_path:
# List of packages we register a restart.
rabbitmq_restart_packages:
- upgrade: check
workround: 0.0.0
package: rabbitmq-server
- upgrade: check
workround: 0.0.0
package: rabbitmq-server-plugins
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!377 blocks
