-
Notifications
You must be signed in to change notification settings - Fork 1
/
rab_playbook.yml
212 lines (201 loc) · 8.25 KB
/
rab_playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
- name: prepare
hosts: all
gather_facts: no # не используем сбор фактов для ускорения выполнения
become: yes
vars:
rabbitmq_hosts: |
192.168.0.114 Deb11-x64-hw03
192.168.0.148 Deb11-x64
rabbitmq_cluster_master: Deb11-x64
update_hosts: true
rabbitmq_create_cluster: yes
rabbitmq_erlang_cookie: WKRBTTEQRYPTQOPUKSVF
rabbitmq_plugins:
- rabbitmq_management
# - rabbitmq_management_agent
# - rabbitmq_shovel
# - rabbitmq_shovel_management
#Handlers are tasks that only run when notified.
handlers:
- name: stop rabbitmq-server
service: name=rabbitmq-server state=stopped
- name: restart rabbitmq-server
service: name=rabbitmq-server state=restarted
- name: start rabbitmq-server
service: name=rabbitmq-server state=started
tasks:
- name: "Istall team RabbitMQ's main signing key"
ansible.builtin.get_url:
url: https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA
dest: /usr/share/keyrings/com.rabbitmq.team.asc
mode: '0644'
force: true
- name: "Community mirror of Cloudsmith: modern Erlang repository"
ansible.builtin.get_url:
url: https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key
dest: /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.asc
mode: '0644'
force: true
- name: "Community mirror of Cloudsmith: RabbitMQ repository"
ansible.builtin.get_url:
url: https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key
dest: /usr/share/keyrings/rabbitmq.9F4587F226208342.asc
mode: '0644'
force: true
- name: "create repo file"
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/rabbitmq.list
content: |
## Provides modern Erlang/OTP releases from a Cloudsmith mirror
##
deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.asc] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/debian bullseye main
deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.asc] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/debian bullseye main
deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.asc] https://ppa2.novemberain.com/rabbitmq/rabbitmq-erlang/deb/debian bullseye main
deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.asc] https://ppa2.novemberain.com/rabbitmq/rabbitmq-erlang/deb/debian bullseye main
## Provides RabbitMQ from a Cloudsmith mirror
##
deb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.asc] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/debian bullseye main
deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.asc] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/debian bullseye main
# another mirror for redundancy
deb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.asc] https://ppa2.novemberain.com/rabbitmq/rabbitmq-server/deb/debian bullseye main
deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.asc] https://ppa2.novemberain.com/rabbitmq/rabbitmq-server/deb/debian bullseye main
- name: update apt cache
apt:
update_cache: yes
# - name: perform upgrade of all packages to the latest version
# apt:
# upgrade: dist
# force_apt_get: yes
- name: install pip
apt:
name:
- python3
- python3-pip
state: fixed
changed_when: false
- name: install python pika
pip:
name:
- pika
executable: pip3
- name: update apt cache
apt:
update_cache: yes
# - name: perform upgrade of all packages to the latest version
# apt:
# upgrade: dist
# force_apt_get: yes
- name: install python pika
pip:
name:
- pika
executable: pip3
- name: install Erlang packages and Deps
apt:
name:
- curl
- gnupg
- apt-transport-https
- erlang-base
- erlang-asn1
- erlang-crypto
- erlang-eldap
- erlang-ftp
- erlang-inets
- erlang-mnesia
- erlang-os-mon
- erlang-parsetools
- erlang-public-key
- erlang-runtime-tools
- erlang-snmp
- erlang-ssl
- erlang-syntax-tools
- erlang-tftp
- erlang-tools
- erlang-xmerl
- name: install Rabbitmq
apt:
name: rabbitmq-server
state: fixed
- name: change hosts
blockinfile:
path: /etc/hosts
block: "{{ rabbitmq_hosts }}"
owner: root
group: root
mode: 0644
when: update_hosts
- name: backup old erlang cookie
shell: cp -a /var/lib/rabbitmq/.erlang.cookie /var/lib/rabbitmq/.erlang.cookie.old
changed_when: false
#Таск для копирования файла-шаблона erlang.cookie в целевую директорию с заданным владельцем и правами
- name: updating rabbitmq erlang cookie
template:
src: erlang.cookie.j2
dest: /var/lib/rabbitmq/.erlang.cookie
owner: rabbitmq
group: rabbitmq
mode: 0400
#Tasks can instruct one or more handlers to execute using the notify keyword. The notify keyword can be applied to a task and accepts a list of handler names that are notified on a task change.
notify:
restart rabbitmq-server
when: rabbitmq_create_cluster
#Meta tasks are a special kind of task which can influence Ansible internal execution or state. flush_handlers makes Ansible run any handler tasks which have thus far been notified.
- meta: flush_handlers
- name: remove old erlang cookie
file:
path: /var/lib/rabbitmq/.erlang.cookie.old
state: absent
changed_when: false
#Включаем менеджмент плагин
- name: Enable the plugins is installed
rabbitmq_plugin:
names: "{{ item }}"
# prefix: /usr/lib/rabbitmq
state: enabled
# new_only: yes
with_items: "{{ rabbitmq_plugins }}"
notify:
restart rabbitmq-server
#Запускаем службу
- name: rabbitmq service started and enabled
service:
name: rabbitmq-server
enabled: yes
state: started
#Добавляем текущий хост в кластер
- name: add to cluster
block:
- name: stop rabbitmq app
command: rabbitmqctl stop_app
- name: add this node to cluster
command: rabbitmqctl join_cluster rabbit@{{ rabbitmq_cluster_master }}
- name: start rabbitmq app
command: rabbitmqctl start_app
# when: rabbitmq_create_cluster == "yes"
#Добавляем нового пользователя и назначение ему прав и тега. rc 70: user already exists
- name: create rabbitmqSTR user
shell: rabbitmqctl add_user rabbitmqSTR qwerty
register: res
failed_when: res.rc != 70 and res.rc != 0
changed_when: res.rc != 70
- name: list permissions for rabbitmqSTR user
shell: rabbitmqctl list_permissions
register: list_permissions
changed_when: false
- name: set permissions on / vhost
shell: rabbitmqctl set_permissions rabbitmqSTR ".*" ".*" ".*"
when: list_permissions.stdout.find("rabbitmqSTR") == -1
- name: set user tag
shell: rabbitmqctl set_user_tags rabbitmqSTR administrator
when: list_permissions.stdout.find("rabbitmqSTR") == -1
#Проверяем политики репликации очередей в кластере и назначем ha-all
- name: check if ha-mode is already enabled
shell: rabbitmqctl list_policies
register: list_policies
changed_when: false
- name: set ha-mode to exactly two nodes for all queues for backup
shell: rabbitmqctl set_policy ha-all "" '{"ha-mode":"all","ha-sync-mode":"automatic"}'
register: res
failed_when: res.rc != 0
when: list_policies.stdout.find("ha-all") == -1