diff --git a/roles/rabbitmq_server/defaults/main.yml b/roles/rabbitmq_server/defaults/main.yml index 7c6ba2b..7375d73 100644 --- a/roles/rabbitmq_server/defaults/main.yml +++ b/roles/rabbitmq_server/defaults/main.yml @@ -6,5 +6,13 @@ rabbitmq_port: 5672 # Access to the plain port rabbitmq_src_ip: [] +# HTTP API / Web management interface +rabbitmq_web_port: 15672 +rabbitmq_web_src_ip: [] + # Should the guest user available from anywhere ? If False, it'll only be accepted from loopback rabbitmq_guest_from_anywhere: False + +# List of plugins to enable +rabbitmq_plugins: + - rabbitmq_management diff --git a/roles/rabbitmq_server/tasks/conf.yml b/roles/rabbitmq_server/tasks/conf.yml index e847e92..43e581b 100644 --- a/roles/rabbitmq_server/tasks/conf.yml +++ b/roles/rabbitmq_server/tasks/conf.yml @@ -1,6 +1,17 @@ --- +- name: Remove unused config + file: path=/etc/rabbitmq/rabbitmq.config state=absent + when: rabbitmq_conf == 'rabbit.conf' + notify: restart rabbitmq-server + tags: rabbit + - name: Deploy configuration - template: src=rabbitmq.config.j2 dest=/etc/rabbitmq/rabbitmq.config + template: src={{ rabbitmq_conf }}.j2 dest=/etc/rabbitmq/{{ rabbitmq_conf }} + notify: restart rabbitmq-server + tags: rabbitmq + +- name: Deploy plugins to enable + template: src=enabled_plugins.j2 dest=/etc/rabbitmq/enabled_plugins notify: restart rabbitmq-server tags: rabbitmq diff --git a/roles/rabbitmq_server/tasks/facts.yml b/roles/rabbitmq_server/tasks/facts.yml new file mode 100644 index 0000000..446619a --- /dev/null +++ b/roles/rabbitmq_server/tasks/facts.yml @@ -0,0 +1,5 @@ +--- + + # On EL8 and newer, rabbitmq config uses the new format +- set_fact: rabbitmq_conf={{ ansible_distribution_major_version is version('8','>=') | ternary('rabbitmq.conf','rabbitmq.config') }} + tags: rabbitmq diff --git a/roles/rabbitmq_server/tasks/iptables.yml b/roles/rabbitmq_server/tasks/iptables.yml index 9a958bc..2096aed 100644 --- a/roles/rabbitmq_server/tasks/iptables.yml +++ b/roles/rabbitmq_server/tasks/iptables.yml @@ -2,7 +2,14 @@ - name: Handle RabbitMQ Server port in the firewall iptables_raw: - name: rabbitmq_port - state: "{{ (rabbitmq_src_ip | length > 0) | ternary('present','absent') }}" - rules: "-A INPUT -m state --state NEW -p tcp --dport {{ rabbitmq_port }} -s {{ rabbitmq_src_ip | join(',') }} -j ACCEPT" + name: "{{ item.name }}" + state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}" + rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT" + loop: + - name: rabbitmq_port + port: "{{ rabbitmq_port }}" + src_ip: "{{ rabbitmq_src_ip }}" + - name: rabbitmq_web_port + port: "{{ rabbitmq_web_port }}" + src_ip: "{{ rabbitmq_web_src_ip }}" tags: firewall,rabbitmq diff --git a/roles/rabbitmq_server/tasks/main.yml b/roles/rabbitmq_server/tasks/main.yml index ddfcf45..1530fdd 100644 --- a/roles/rabbitmq_server/tasks/main.yml +++ b/roles/rabbitmq_server/tasks/main.yml @@ -1,5 +1,6 @@ --- +- include: facts.yml - include: install.yml - include: conf.yml - include: iptables.yml diff --git a/roles/rabbitmq_server/templates/enabled_plugins.j2 b/roles/rabbitmq_server/templates/enabled_plugins.j2 new file mode 100644 index 0000000..1349e73 --- /dev/null +++ b/roles/rabbitmq_server/templates/enabled_plugins.j2 @@ -0,0 +1 @@ +[{{ rabbitmq_plugins | join(',') }}]. diff --git a/roles/rabbitmq_server/templates/rabbitmq.conf.j2 b/roles/rabbitmq_server/templates/rabbitmq.conf.j2 new file mode 100644 index 0000000..afa88be --- /dev/null +++ b/roles/rabbitmq_server/templates/rabbitmq.conf.j2 @@ -0,0 +1,4 @@ +listeners.tcp.default = {{ rabbitmq_port }} +loopback_users.guest = {{ rabbitmq_guest_from_anywhere | ternary('false','true') }} +management.tcp.port = {{ rabbitmq_web_port }} +management.tcp.ip = 0.0.0.0