jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 08:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-01-26 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-01-26 16:00:08 +01:00
parent 1454d0ec5c
commit 010ec37bf3
9 changed files with 44 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/rabbitmq_server/tasks/conf.yml
View File

@@ -6,8 +6,8 @@
notify: restart rabbitmq-server
tags: rabbit
# Create a self signed cert. This is needed even if a cert is later obtained with dehydrated as
# turnserver must be started before that
# Create a self signed cert. This is needed even if a cert is later obtained with dehydrated as
# rabbitmq must be started before that
- import_tasks: ../includes/create_selfsigned_cert.yml
vars:
- cert_path: /etc/rabbitmq/ssl/cert.pem
@@ -15,6 +15,16 @@
- cert_user: rabbitmq
tags: rabbitmq
- name: Check if the cert chain exists
stat: path=/etc/rabbitmq/ssl/chain.pem
register: rabbitmq_ssl_chain
tags: rabbitmq
- name: Copy the cert on the chain file
copy: src=/etc/rabbitmq/ssl/cert.pem dest=/etc/rabbitmq/ssl/chain.pem remote_src=True
when: not rabbitmq_ssl_chain.stat.exists
tags: rabbitmq
- name: Deploy configuration
template: src={{ rabbitmq_conf }}.j2 dest=/etc/rabbitmq/{{ rabbitmq_conf }}
notify: restart rabbitmq-server

6
roles/rabbitmq_server/tasks/facts.yml
View File

@@ -1,12 +1,14 @@
---
# On EL8 and newer, rabbitmq config uses the new format
# On EL8 and newer, rabbitmq config uses the new format
- set_fact: rabbitmq_conf={{ ansible_distribution_major_version is version('8','>=') | ternary('rabbitmq.conf','rabbitmq.config') }}
tags: rabbitmq
- when: rabbitmq_letsencrypt_cert is defined or rabbitmq_ssl_cert_path is not defined or rabbitmq_ssl_key_path is not defined
# When obtaining the cert with Let's Encrypt, or when using the default self-signed certificate
- when: rabbitmq_letsencrypt_cert is defined or (rabbitmq_ssl_cert_path is not defined or rabbitmq_ssl_key_path is not defined)
block:
- set_fact: rabbitmq_ssl_cacert_path='/etc/rabbitmq/ssl/chain.pem'
- set_fact: rabbitmq_ssl_cert_path='/etc/rabbitmq/ssl/cert.pem'
- set_fact: rabbitmq_ssl_key_path='/etc/rabbitmq/ssl/key.pem'
tags: rabbitmq

2
roles/rabbitmq_server/templates/rabbitmq.conf.j2
View File

@@ -3,8 +3,10 @@ listeners.ssl.default = {{ rabbitmq_ssl_port }}
{% if rabbitmq_ssl_cacert_path is defined %}
ssl_options.cacertfile = {{ rabbitmq_ssl_cacert_path }}
{% endif %}
{% if rabbitmq_ssl_cert_path is defined and rabbitmq_ssl_key_path is defined %}
ssl_options.certfile = {{ rabbitmq_ssl_cert_path }}
ssl_options.keyfile = {{ rabbitmq_ssl_key_path }}
{% endif %}
loopback_users.guest = {{ rabbitmq_guest_from_anywhere | ternary('false','true') }}
management.tcp.port = {{ rabbitmq_web_port }}
management.tcp.ip = 0.0.0.0