{"id":226,"sha1":"804bb6afc14b3636dcb70b4d46987e0341d8166e","playbook":{"id":3,"items":{"plays":46,"tasks":924,"results":1203,"hosts":15,"files":212,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-15T09:55:36.904008Z","ended":"2025-12-15T10:16:50.367261Z","duration":"00:21:13.463253","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n## APT Cache Options\ncache_timeout: 600\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\nrabbitmq_package_state: \"{{ package_state | default('latest') }}\"\n\n# Defined versions of RabbitMQ and Erlang\nrabbitmq_package_version: \"4.1.4-1\"\nrabbitmq_erlang_package_version: \"27.3.*-1\"\n\n# Inventory group containing the hosts for the cluster\nrabbitmq_host_group: \"rabbitmq_all\"\n\n# The local address used for the rabbitmq cluster node\nrabbitmq_node_address: \"{{ management_address | default(ansible_host) }}\"\n\nrabbit_system_user_name: rabbitmq\nrabbit_system_group_name: rabbitmq\n\n# Allow role to adjust /etc/hosts file\nrabbitmq_manage_hosts_entries: true\n\n# Hosts file entries\nrabbitmq_hosts_entries: >-\n {{ groups[rabbitmq_host_group] | map('extract', hostvars) | list |\n json_query(\n \"[].{address: rabbitmq_node_address || ansible_host , hostnames: [ansible_facts.hostname, ansible_facts.fqdn] }\"\n )\n }}\n\nrabbitmq_primary_cluster_node: \"{{ hostvars[groups[rabbitmq_host_group][0]]['ansible_facts']['hostname'] }}\"\n\n# Upgrading the RabbitMQ package requires shutting down the cluster. This variable makes upgrading\n# the version an explicit action.\nrabbitmq_upgrade: false\n\n# If the user does not want to upgrade but needs to rerun the playbooks for any reason the\n# upgrade/version state can be ignored by setting `rabbitmq_ignore_version_state=true`\nrabbitmq_ignore_version_state: false\n\nrabbitmq_package_url: \"\"\nrabbitmq_package_sha256: \"\"\nrabbitmq_package_path: \"\"\n\n# Mappings from Ansible reported architecture to distro release architecture\nrabbitmq_architecture_mapping:\n x86_64: amd64\n ppc64le: ppc64el\n s390x: s390x\n armv7l: armhf\n aarch64: arm64\n\n# Set the gpg keys needed to be imported\n# This should be a list of dicts, with each dict\n# giving a set of arguments to the applicable\n# package module. The following is an example for\n# systems using the apt package manager.\n# rabbitmq_gpg_keys:\n# - id: '0xC2E73424D59097AB'\n# keyserver: 'hkp://keyserver.ubuntu.com:80'\n# validate_certs: no\nrabbitmq_gpg_keys: \"{{ _rabbitmq_gpg_keys | default([]) }}\"\n\n# Set the URL for the RabbitMQ repository\nrabbitmq_repo_url: \"{{ _rabbitmq_repo_url | default(null) }}\"\n\n# Set the repo information for the RabbitMQ repository\nrabbitmq_repo: \"{{ _rabbitmq_repo | default({}) }}\"\n\n# Set the URL for the Erlang repository\nrabbitmq_erlang_repo_url: \"{{ _rabbitmq_erlang_repo_url | default(null) }}\"\n\n# Set the repo information for the Erlang repository\nrabbitmq_erlang_repo: \"{{ _rabbitmq_erlang_repo | default({}) }}\"\n\n# Choose file, distro, external_repo for rabbitmq_install_method.\nrabbitmq_install_method: \"{{ _rabbitmq_install_method }}\"\nrabbitmq_erlang_install_method: \"{{ _rabbitmq_erlang_install_method | default(rabbitmq_install_method) }}\"\n\n# Name of the rabbitmq cluster\nrabbitmq_cluster_name: rabbitmq_cluster1\n\n# Specify a partition recovery strategy (autoheal | pause_minority | ignore)\nrabbitmq_cluster_partition_handling: pause_minority\n\n# Rabbitmq open file limits\nrabbitmq_ulimit: 65536\n\n# Configure rabbitmq plugins\n# This should be a comma-separated list of plugin names.\n# Any plugin not listed will be disabled automatically.\n# rabbitmq_plugins:\n# - name: rabbitmq_management,rabbitmq_prometheus\n# state: enabled\nrabbitmq_plugins:\n - name: rabbitmq_management\n state: enabled\n\n# Storage location for SSL certificate authority\nrabbitmq_pki_dir: \"{{ openstack_pki_dir | default('/etc/pki/rabbitmq-ca') }}\"\n\n# Delegated host for operating the certificate authority\nrabbitmq_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# Create a certificate authority if one does not already exist\nrabbitmq_pki_create_ca: \"{{ openstack_pki_authorities is not defined | bool }}\"\nrabbitmq_pki_regen_ca: \"\"\nrabbitmq_pki_authorities:\n - name: \"RabbitMQRoot\"\n country: \"GB\"\n state_or_province_name: \"England\"\n organization_name: \"Example Corporation\"\n organizational_unit_name: \"IT Security\"\n cn: \"RabbitMQ Root CA\"\n provider: selfsigned\n basic_constraints: \"CA:TRUE\"\n key_usage:\n - digitalSignature\n - cRLSign\n - keyCertSign\n not_after: \"+3650d\"\n - name: \"RabbitMQIntermediate\"\n country: \"GB\"\n state_or_province_name: \"England\"\n organization_name: \"Example Corporation\"\n organizational_unit_name: \"IT Security\"\n cn: \"RabbitMQ Intermediate CA\"\n provider: ownca\n basic_constraints: \"CA:TRUE,pathlen:0\"\n key_usage:\n - digitalSignature\n - cRLSign\n - keyCertSign\n not_after: \"+3650d\"\n signed_by: \"RabbitMQRoot\"\n\n# Installation details for certificate authorities\nrabbitmq_pki_install_ca:\n - name: \"RabbitMQRoot\"\n condition: \"{{ rabbitmq_pki_create_ca }}\"\n\n# Rabbitmq server certificate\nrabbitmq_pki_keys_path: \"{{ rabbitmq_pki_dir ~ '/certs/private/' }}\"\nrabbitmq_pki_certs_path: \"{{ rabbitmq_pki_dir ~ '/certs/certs/' }}\"\nrabbitmq_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('RabbitMQIntermediate') }}\"\nrabbitmq_pki_intermediate_cert_path: >-\n {{ rabbitmq_pki_dir ~ '/roots/' ~ rabbitmq_pki_intermediate_cert_name ~ '/certs/' ~ rabbitmq_pki_intermediate_cert_name ~ '.crt' }}\nrabbitmq_pki_regen_cert: \"\"\nrabbitmq_pki_certificates:\n - name: \"rabbitmq_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ 'DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ rabbitmq_node_address ~ ',DNS:' ~ ansible_facts['fqdn'] }}\"\n signed_by: \"{{ rabbitmq_pki_intermediate_cert_name }}\"\n\n# RabbitMQ destination files for SSL certificates\nrabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem\nrabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key\nrabbitmq_ssl_ca_cert: /etc/rabbitmq/rabbitmq-ca.pem\n\n# Installation details for SSL certificates\nrabbitmq_pki_install_certificates:\n - src: \"{{ rabbitmq_user_ssl_cert | default(rabbitmq_pki_certs_path ~ 'rabbitmq_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ rabbitmq_ssl_cert }}\"\n owner: \"rabbitmq\"\n group: \"rabbitmq\"\n mode: \"0644\"\n - src: \"{{ rabbitmq_user_ssl_key | default(rabbitmq_pki_keys_path ~ 'rabbitmq_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ rabbitmq_ssl_key }}\"\n owner: \"rabbitmq\"\n group: \"rabbitmq\"\n mode: \"0600\"\n - src: \"{{ rabbitmq_user_ssl_ca_cert | default(rabbitmq_pki_intermediate_cert_path) }}\"\n dest: \"{{ rabbitmq_ssl_ca_cert }}\"\n owner: \"rabbitmq\"\n group: \"rabbitmq\"\n mode: \"0644\"\n\n# Define user-provided SSL certificates in:\n# /etc/openstack_deploy/user_variables.yml\n# rabbitmq_user_ssl_cert: \n# rabbitmq_user_ssl_key: \n# rabbitmq_user_ssl_ca_cert: \n\n# These are highly recommended for TLSv1.2 but cannot be used\n# with TLSv1.3. If TLSv1.3 is enabled, these lines will not be\n# inserted into the config\nrabbitmq_ssl_client_renegotiation: false\nrabbitmq_ssl_secure_renegotiate: true\n\n# Supported TLS protocol versions\nrabbitmq_ssl_tls_versions:\n - \"tlsv1.2\"\n\n# Mutual TLS control\nrabbitmq_ssl_verify: \"verify_none\"\nrabbitmq_ssl_fail_if_no_peer_cert: false\n\n# Recommended ciphers taken from https://www.rabbitmq.com/ssl.html\nrabbitmq_ssl_ciphers:\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDH-ECDSA-AES256-GCM-SHA384\"\n - \"ECDH-RSA-AES256-GCM-SHA384\"\n - \"DHE-RSA-AES256-GCM-SHA384\"\n - \"DHE-DSS-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDH-ECDSA-AES128-GCM-SHA256\"\n - \"ECDH-RSA-AES128-GCM-SHA256\"\n - \"DHE-RSA-AES128-GCM-SHA256\"\n - \"DHE-DSS-AES128-GCM-SHA256\"\n\n# RabbitMQ erlang VM parameters\nrabbitmq_async_threads: 128\nrabbitmq_process_limit: 1048576\n\n# Limit memory consumption of the erlang VM\nrabbitmq_memory_high_watermark: 0.2\n\nrabbitmq_env_use_longname: false\n\n# Extra arguments passed to Erlang on startup\n# rabbitmq_erlang_extra_args: \"+sbwt none +sbwtdcpu none +sbwtdio none +stbt nnts\"\nrabbitmq_erlang_extra_args: \"\"\n\n# RabbitMQ collect statistics interval\nrabbitmq_collect_statistics_interval: 5000\n\n# RabbitMQ Management service bind address\nrabbitmq_management_bind_address: 0.0.0.0\nrabbitmq_management_bind_tcp_port: 15672\nrabbitmq_management_bind_tls_port: 15671\nrabbitmq_management_ssl: true\n\n# RabbitMQ Management rates mode\nrabbitmq_management_rates_mode: basic\n\n# Precompile RabbitMQ with HiPE\nrabbitmq_hipe_compile: false\n\n# Disable non-TLS listeners\nrabbitmq_disable_non_tls_listeners: false\n\n# RabbitMQ logging options\n# See https://www.rabbitmq.com/logging.html for the logging options\nrabbitmq_log:\n journald: true\n file: false\n\n# RabbitMQ policies\n# Used to tune performance characteristics of OpenStack messaging\n#\n# Example override that uses HA queues only for telemetry and sets message\n# expiry for RPC messages\n#\n# rabbitmq_policies:\n# - name: \"heat_rpc_expire\"\n# pattern: '^heat-engine-listener\\\\.'\n# tags: \"expires=3600000\"\n# priority: 1\n# - name: \"results_expire\"\n# pattern: '^results\\\\.'\n# tags: \"expires=3600000\"\n# priority: 1\n# - name: \"tasks_expire\"\n# pattern: '^results\\\\.'\n# tags: \"expires=3600000\"\n# priority: 1\n# - name: \"ha-notif\"\n# pattern: '^(event|metering|notifications)\\.'\n# tags: \"ha-sync-mode=automatic\"\n# priority: 0\n# state:present\n# If policy needs to be removed, provide `state: absent`\n# - name: \"HA\"\n# pattern: '^(?!(amq\\.)|(.*_fanout_)|(reply_)).*'\n# tags: \"ha-mode=all\"\n# state: absent\n#\nrabbitmq_policies: []\nrabbitmq_apply_openstack_policies: false\nrabbitmq_openstack_policies:\n - name: CQv2\n pattern: \".*\"\n priority: 0\n tags:\n queue-version: 2\n\nrabbitmq_port_bindings:\n ssl_listeners:\n \"0.0.0.0\": 5671\n tcp_listeners:\n \"0.0.0.0\": 5672\n\nrabbitmq_additional_config: {}\n\nrabbitmq_init_overrides:\n Service:\n LimitNOFILE: \"{{ rabbitmq_ulimit }}\"\n Restart: on-failure\n RestartSec: 2\n\n# Mnesia configuration\n# The Mnesia dump_log_write_threshold option controls\n# how often the dumping occurs\n# Increase this value can increase the performances,\n# reducing the IO.\n# Increase it in case of:\n# Mnesia is overloaded: {dump_log,write_threshold}.\n# The default value is 100\nmnesia_dump_log_write_threshold: 300\n","created":"2025-12-15T09:55:40.762554Z","updated":"2025-12-15T09:55:40.762594Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-rabbitmq_server/defaults/main.yml"}