From fedd0b95f21fc3935e04325deeb4d93569fb2b1b Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sun, 11 Oct 2015 15:28:23 +0200 Subject: [PATCH] enable rabbitmq management and add admin permissions - allow database creation for gnuviechadmin user in local deployments to allow test runs - set administrator tag for gnuviechadmin user in rabbitmq - add all permissions on gnuviechadmin vhost to gnuviechadmin user - enable rabbitmq management plugin --- roots/gnuviechadmin/database.sls | 3 +++ roots/gnuviechadmin/queues.sls | 7 +++++++ roots/rabbitmq-server/init.sls | 6 ++++++ 3 files changed, 16 insertions(+) diff --git a/roots/gnuviechadmin/database.sls b/roots/gnuviechadmin/database.sls index 1323368..5e9c963 100644 --- a/roots/gnuviechadmin/database.sls +++ b/roots/gnuviechadmin/database.sls @@ -7,6 +7,9 @@ gnuviechadmin-database: - user: postgres - password: {{ salt['pillar.get']('gnuviechadmin-database:owner:password') }} - login: True + - createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True +{%- else %}False +{%- endif %} - require: - service: postgresql postgres_database.present: diff --git a/roots/gnuviechadmin/queues.sls b/roots/gnuviechadmin/queues.sls index 3a33604..e529dda 100644 --- a/roots/gnuviechadmin/queues.sls +++ b/roots/gnuviechadmin/queues.sls @@ -5,6 +5,13 @@ gnuviechadmin-queues: rabbitmq_user.present: - name: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }} - password: {{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }} + - tags: + - administrator + - perms: + - {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}: + - '.*' + - '.*' + - '.*' rabbitmq_vhost.present: - name: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }} - owner: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }} diff --git a/roots/rabbitmq-server/init.sls b/roots/rabbitmq-server/init.sls index 32ac09f..6c3c7f6 100644 --- a/roots/rabbitmq-server/init.sls +++ b/roots/rabbitmq-server/init.sls @@ -9,3 +9,9 @@ rabbitmq-server: guest: rabbitmq_user: - absent + +rabbitmq_management: + rabbitmq_plugin: + - enabled + - watch_in: + - service: rabbitmq-server