Page MenuHomeDevCentral
Differential D2792

WIP: Configure RabbitMQ credentials from Vault
ClosedPublic
Actions

Authored by dereckson on Feb 9 2023, 23:19.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 13:53
Unknown Object (File)
Fri, Nov 22, 04:20
Unknown Object (File)
Tue, Nov 19, 05:07
Unknown Object (File)
Fri, Nov 15, 03:31
Unknown Object (File)
Thu, Nov 14, 20:09
Unknown Object (File)
Mon, Nov 11, 07:15
Unknown Object (File)
Sun, Nov 10, 03:25
Unknown Object (File)
Fri, Nov 8, 13:49
View All Files
Subscribers
None

Details

Reviewers
DorianWinty
dereckson
Maniphest Tasks
T752: Salt configuration for White Rabbit
Commits
rOPS037842dec76b: WIP: Configure RabbitMQ credentials from Vault
Summary

RabbitMQ clusters need the following important credentials:

  • Erlang cookie, to allow cluster components to communicate
  • An administrator account to allow maintenance tasks

Both are stored in Vault, cookie can be set in host data volume,
administrator account is set when container is initialized.
A file-as-flag is then created to indicate that's part is done.

References:

Ref T752

Test Plan

Provision white-rabbit on docker-002

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
rabbitmq-vault
Build Status
Buildable 4430
Build 4697: arc lint + arc unit

Event Timeline

dereckson created this revision.Feb 9 2023, 23:19
Harbormaster completed remote builds in B4422: Diff 7088.Feb 9 2023, 23:19
dereckson requested review of this revision.Feb 9 2023, 23:19
dereckson mentioned this in D2761: Provision Notifications center integration environment.Feb 9 2023, 23:21
dereckson retitled this revision from Configure RabbitMQ credentials from Vault to WIP: Configure RabbitMQ credentials from Vault.Feb 10 2023, 01:27
dereckson planned changes to this revision.Feb 10 2023, 01:29
dereckson added inline comments.
roles/paas-docker/containers/rabbitmq.sls
67

Switching do cmd.script, and wait 20 seconds RabbitMQ started:

docker logs white-rabbit
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0> Server startup complete; 7 plugins started.
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_prometheus
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_mqtt
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_web_stomp
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_stomp
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_management
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_web_dispatch
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_management_agent
2023-02-10 00:28:58.228618+00:00 [info] <0.678.0> Created user 'root'
2023-02-10 00:28:58.279681+00:00 [info] <0.685.0> Successfully set user tags for user 'root' to [administrator]

How to properly escape password is still to determine, yaml_squote doesn't give correct result.

dereckson updated this revision to Diff 7097.Feb 14 2023, 21:11

Rebased against docker-001 config. Ready to review.

Harbormaster completed remote builds in B4430: Diff 7097.Feb 14 2023, 21:11
dereckson accepted this revision.Feb 20 2023, 23:30

Works correctly on docker-002 for white-rabbit container.

This revision is now accepted and ready to land.Feb 20 2023, 23:30
Closed by commit rOPS037842dec76b: WIP: Configure RabbitMQ credentials from Vault (authored by dereckson). · Explain WhyFeb 20 2023, 23:31
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPS037842dec76b: WIP: Configure RabbitMQ credentials from Vault.

Revision Contents
Changeset List

PathSize
pillar/
credentials/
8 lines
paas/
3 lines
roles/
paas-docker/
containers/
files/
rabbitmq/
9 lines
23 lines

Diff 7097

View Options

pillar/credentials/vault.sls

Loading...
View Options

pillar/paas/docker.sls

Loading...
View Options

roles/paas-docker/containers/files/rabbitmq/add_user_root.sh.jinja

Loading...
View Options

roles/paas-docker/containers/rabbitmq.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator