Update to 2021-12-01 19:13

roles/rabbitmq_server/tasks/conf.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Remove unused config
+  file: path=/etc/rabbitmq/rabbitmq.config state=absent
+  when: rabbitmq_conf == 'rabbit.conf'
+  notify: restart rabbitmq-server
+  tags: rabbit
+
+  # Create a self signed cert. This is needed even if a cert is later obtained with dehydrated as
+  # turnserver must be started before that
+- import_tasks: ../includes/create_selfsigned_cert.yml
+  vars:
+    - cert_path: /etc/rabbitmq/ssl/cert.pem
+    - cert_key_path: /etc/rabbitmq/ssl/key.pem
+    - cert_user: rabbitmq
+  tags: rabbitmq
+
+- name: Deploy configuration
+  template: src={{ rabbitmq_conf }}.j2 dest=/etc/rabbitmq/{{ rabbitmq_conf }}
+  notify: restart rabbitmq-server
+  tags: rabbitmq
+
+- name: Deploy plugins to enable
+  template: src=enabled_plugins.j2 dest=/etc/rabbitmq/enabled_plugins
+  notify: restart rabbitmq-server
+  tags: rabbitmq

roles/rabbitmq_server/tasks/facts.yml

@@ -0,0 +1,12 @@
+---
+
+  # On EL8 and newer, rabbitmq config uses the new format
+- set_fact: rabbitmq_conf={{ ansible_distribution_major_version is version('8','>=') | ternary('rabbitmq.conf','rabbitmq.config') }}
+  tags: rabbitmq
+
+- when: rabbitmq_letsencrypt_cert is defined or rabbitmq_ssl_cert_path is not defined or rabbitmq_ssl_key_path is not defined
+  block:
+    - set_fact: rabbitmq_ssl_cacert_path='/etc/rabbitmq/ssl/chain.pem'
+    - set_fact: rabbitmq_ssl_cert_path='/etc/rabbitmq/ssl/cert.pem'
+    - set_fact: rabbitmq_ssl_key_path='/etc/rabbitmq/ssl/key.pem'
+  tags: rabbitmq

roles/rabbitmq_server/tasks/install.yml

@@ -0,0 +1,22 @@
+---
+
+- name: Install RabbitMQ
+  yum:
+    name:
+      - rabbitmq-server
+  tags: rabbitmq
+
+- name: Install pre/post backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/rabbitmq mode=755
+  loop:
+    - pre
+    - post
+  tags: rabbitmq
+
+- name: Create directories
+  file: path=/etc/rabbitmq/ssl state=directory owner=rabbitmq group=rabbitmq mode=700
+  tags: rabbitmq
+
+- name: Install dehydrated hook
+  template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/rabbitmq.sh mode=755
+  tags: rabbitmq

roles/rabbitmq_server/tasks/iptables.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Handle RabbitMQ Server port in the firewall
+  iptables_raw:
+    name: "{{ item.name }}"
+    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
+  loop:
+    - name: rabbitmq_port
+      port: "{{ rabbitmq_port }}"
+      src_ip: "{{ rabbitmq_src_ip }}"
+    - name: rabbitmq_ssl_port
+      port: "{{ rabbitmq_ssl_port }}"
+      src_ip: "{{ rabbitmq_ssl_src_ip }}"
+    - name: rabbitmq_web_port
+      port: "{{ rabbitmq_web_port }}"
+      src_ip: "{{ rabbitmq_web_src_ip }}"
+  tags: firewall,rabbitmq

roles/rabbitmq_server/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+
+- include: facts.yml
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml

roles/rabbitmq_server/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable the service
+  service: name=rabbitmq-server state=started enabled=True
+  tags: rabbitmq