Ansible role to install and configure RabbitMQ server.
A good practice is to have, before using this, clear knowledge of what are the plugins you're going to need. By default, this role enables the management plugin, here is a example of a playbook that enables more plugins.
---
- name: queue service
hosts: your_hosts
become: true
roles:
- role: stone-payments.rabbitmq
rabbitmq_plugins:
- rabbitmq_management
- rabbitmq_shovel
- rabbitmq_shovel_management
To install requirements you can run this command: pipenv install --dev
Before using this role make sure that the machines that will compose the cluster connect to each other - via ping or name resolution. Also make sure that they can connect to the Internet to download RabbitMQ package.
For RedHat machines make sure the machines are subscribed. Also, this role requires the previous installation of the EPEL repositories. Alternatively, you can use our role stone-payments.epel to install EPEL.
# Take the package given by the OS/distrib (Debian-like only)
rabbitmq_os_package: false
# RabbitMQ repositories in katello
rabbitmq_repository_on_satellite:
- Stone_RabbitMQ_erlang_rhel7
- Stone_RabbitMQ_38_rhel7
# Always install RabbitMQ,
# unless it's already installed and you don't want it to be replaced
rabbitmq_install_enabled: true
# Install specific RabbitMQ version, unless it's redefined
rabbitmq_major: 3
rabbitmq_minor: 8
rabbitmq_patch: 5
rabbitmq_suffix: 1
rabbitmq_release: "*"
rabbitmq_version: "{{ rabbitmq_major }}.{{ rabbitmq_minor }}.{{ rabbitmq_patch }}"
rabbitmq_package: "{{ rabbitmq_version }}-{{ rabbitmq_suffix }}"
# TCP configuration
rabbitmq_conf_tcp_listeners_address: ""
rabbitmq_conf_tcp_listeners_port: 5672
# RabbitMQ configuration
rabbitmq_owner: rabbitmq
rabbitmq_group: rabbitmq
rabbitmq_home_path: /var/lib/rabbitmq/
rabbitmq_enabled_plugins_file_path: /etc/rabbitmq/enabled_plugins
rabbitmq_config_file_path: /etc/rabbitmq/rabbitmq.conf
rabbitmq_env_variables_file_path: /etc/rabbitmq/rabbitmq-env.conf
rabbitmq_conf_extra_settings:
rabbitmq_default_loglevel: warning
rabbitmq_erlang_cookie: ""
rabbitmq_erlang_cookie_file_path: "{{ rabbitmq_home_path }}.erlang.cookie"
# Variables can be overridden to adapt to the user case
rabbitmq_conf_disk_free_limit_mem_relative: 1.5
rabbitmq_conf_vm_memory_high_watermark: 0.4
rabbitmq_conf_num_acceptors_tcp: 10
# System number of open files
rabbitmq_service_d_path: /etc/systemd/system/rabbitmq-server.service.d
rabbitmq_system_number_open_files: 50000
# RabbitMQ cluster
rabbitmq_clustering_force: false
rabbitmq_clustering_enabled: false
rabbitmq_clustering_cluster_name: ""
rabbitmq_clustering_ha_default: true
rabbitmq_nodename_prefix: rabbit
rabbitmq_nodename: "{{ ansible_fqdn }}"
# RabbitMQ plugins
rabbitmq_manage_plugins: true
rabbitmq_bin_path: /usr/lib/rabbitmq/bin
rabbitmq_sbin_path: /usr/lib/rabbitmq/sbin
rabbitmq_plugins_prefix_path: /usr/lib/rabbitmq
rabbitmq_plugins:
- name: rabbitmq_management
state: enabled
- name: rabbitmq_shovel
state: enabled
- name: rabbitmq_shovel_management
state: enabled
# RabbitMQ Users
rabbitmq_manage_users: true
# The same format of the rabbitmq_users_default variable.
# The management UI requires authentication and authorization. For more details see: https://www.rabbitmq.com/management.html#permissions
rabbitmq_users: {}
rabbitmq_users_default:
admin:
password: rabbitmq
tags: administrator
# RabbitMQ Vhosts
rabbitmq_manage_vhosts: false # (true | false) to manage VHosts
rabbitmq_vhosts:
name_of_vhost:
state: present
set_limit: true # (Optional) Set this to configure vhost limits
max_connections: 0
max_queues: 0
# RabbitMQ Rest API Login Credentials
rabbitmq_api_login_credentials:
login_host: # (Mandatory) RabbitMQ Rest API host
login_port: # (Optional) RabbitMQ Rest API port. The default value is "15672".
login_protocol: # (Optional) RabbitMQ Rest API port. The default value is "http".
login_user: # (Optional) RabbitMQ Rest API user. The default value is "guest".
login_password: # (Mandatory) RabbitMQ Rest API user password
ca_cert: # (Optional) CA certificate to verify SSL connection to management API.
client_cert: # (Optional) Client certificate to send on SSL connections to management API.
client_key: # (Optional) Private key matching the client certificate.
# RabbitMQ Queues
## To manage RabbitMQ Queues you need use Rest Api Login Credentials
## For more parameters see the official ansible documentation for this module at https://docs.ansible.com/ansible/latest/modules/rabbitmq_queue_module.html
rabbitmq_manage_queues: false # (true | false) to manage Queues
rabbitmq_queues:
name_of_queue:
vhost: # (Optional) Set this to configure vhost for queue. The default value is "/".
state: present
# RabbitMQ Exchanges
## To manage RabbitMQ Exchanges you need use Rest Api Login Credentials
rabbitmq_manage_exchanges: false # (true | false) to manage Exchanges
## For more parameters see the official ansible documentation for this module at https://docs.ansible.com/ansible/latest/modules/rabbitmq_exchange_module.html
rabbitmq_exchanges:
name_of_exchange:
vhost: # (Optional) Set this to configure vhost for exchange. The default value is "/".
type: # (Optional) Set this to configure type for exchange. The default value is "direct".
state: present
# RabbitMQ Bindings
## To manage RabbitMQ Bindings you need use Rest Api Login Credentials
rabbitmq_manage_bindings: false # (true | false) to manage Bindings
## For more parameters see the official ansible documentation for this module at https://docs.ansible.com/ansible/latest/modules/rabbitmq_binding_module.html
rabbitmq_bindings:
name_of_source_exchange_binding:
vhost: # (Optional) Set this to configure vhost for binding. The default value is "/".
type: # (Mandatory) Set this to configure type for binding.
destination: # (Mandatory) Set the destination exchange or queue for the binding.
routing_key: # (Optional) Set this to configure routing key for the binding.. The default value is "#".
state: present
# RabbitMQ Policy
rabbitmq_manage_policies: false # (true | false) to manage Policy
rabbitmq_policies:
name_of_policy:
vhost: ""
pattern: ".*"
tags:
ha-mode: ""
ha-sync-mode: ""
# Config Newrelic to monitoring RabbitMQ
newrelic_license:
rabbitmq_newrelic_agent_enabled: false
rabbitmq_newrelic_agent_config_file_path: /etc/newrelic-infra/integrations.d/rabbitmq-config.yml
rabbitmq_newrelic_command: all
rabbitmq_newrelic_hostname: localhost
rabbitmq_newrelic_port: 15672
rabbitmq_newrelic_use_ssl: false
rabbitmq_newrelic_username: admin
rabbitmq_newrelic_password: rabbitmq
rabbitmq_newrelic_config_path: "{{ rabbitmq_config_file_path }}"
rabbitmq_newrelic_queues:
rabbitmq_newrelic_exchanges:
rabbitmq_newrelic_vhosts:
rabbitmq_newrelic_labels:
env: ""
role: ""
None yet.
- hosts: servers
roles:
- stone-payments.rabbitmq
By default this role will install the currently last upstream version of RabbitMQ (which is 3.8.5). If you want to install any other version you must give the version numbers.
- hosts: servers
roles:
- role: stone-payments.rabbitmq
rabbitmq_major: 3
rabbitmq_minor: 8
rabbitmq_patch: 16
By default the role will try the configure the NODENAME with rabbit@{{ ansible_nodename }}
when clustering is enabled, if you want to customize the node name, you can substitute the NODENAME with the variables rabbitmq_nodename_prefix
.
Others specific RabbitMQ environment variables can also be given.
vars:
rabbitmq_conf_env:
RABBITMQ_NODE_IP_ADDRESS: "127.0.0.2"
You can alter:
- Memory watermark (
rabbitmq_conf_disk_free_limit_mem_relative
); - Free disk space limit (
rabbitmq_conf_vm_memory_high_watermark
); - Number of system's open files (
rabbitmq_system_number_open_files
).
vars:
rabbitmq_conf_disk_free_limit_mem_relative: 1.5
rabbitmq_conf_vm_memory_high_watermark: 0.4
rabbitmq_system_number_open_files: 50000
To create a cluster you just have to run this role against the target nodes and give some extra vars.
- name: queue service clustered
hosts: group2
become: true
roles:
- role: stone-payments.rabbitmq
rabbitmq_erlang_cookie: <your_cookie>
rabbitmq_clustering_enabled: true
To create a cluster using FQDN for hosts, just set USE_LONGNAME.
vars:
rabbitmq_conf_env:
USE_LONGNAME: "true"
Notice that the cookie is hash string that can be of any size. A good practice is use a hash of 20 characters. This is the syncronization cookie used by erlang to create the cluster.
Use this playbook as a practical example.
This role implements unit tests with molecule
and testinfra
. Notice that we only support Molecule 2.0 or greater. You can install molecule with:
pipenv install --dev --three
After having Molecule setup, you can run the tests with this steps:
molecule test [-s scenario_name]
- Add tests for the connection/read/write of rabbit's queues
- Test removing flush_handlers from clustering step
- Bug: when the master is down and the clustering step is run all the other nodes will go down.
Just open a PR. We love PRs!
MIT