diff --git a/awx/main/channels.py b/awx/main/channels.py index bf950b333f..5673166bb9 100644 --- a/awx/main/channels.py +++ b/awx/main/channels.py @@ -38,11 +38,12 @@ def unwrap_broadcast_msg(payload: dict): def get_broadcast_hosts(): Instance = apps.get_model('main', 'Instance') - return [h[0] for h in Instance.objects.filter(rampart_groups__controller__isnull=True) - .exclude(hostname=Instance.objects.me().hostname) - .order_by('hostname') - .values_list('hostname') - .distinct()] + instances = Instance.objects.filter(rampart_groups__controller__isnull=True) \ + .exclude(hostname=Instance.objects.me().hostname) \ + .order_by('hostname') \ + .values('hostname', 'ip_address') \ + .distinct() + return [i['ip_address'] or i['hostname'] for i in instances] def get_local_host(): diff --git a/awx/main/managers.py b/awx/main/managers.py index 610273119b..ea65b36234 100644 --- a/awx/main/managers.py +++ b/awx/main/managers.py @@ -3,6 +3,7 @@ import sys import logging +import os from django.db import models from django.conf import settings @@ -114,7 +115,7 @@ class InstanceManager(models.Manager): return node[0] raise RuntimeError("No instance found with the current cluster host id") - def register(self, uuid=None, hostname=None): + def register(self, uuid=None, hostname=None, ip_address=None): if not uuid: uuid = settings.SYSTEM_UUID if not hostname: @@ -122,13 +123,23 @@ class InstanceManager(models.Manager): with advisory_lock('instance_registration_%s' % hostname): instance = self.filter(hostname=hostname) if instance.exists(): - return (False, instance[0]) - instance = self.create(uuid=uuid, hostname=hostname, capacity=0) + instance = instance.get() + if instance.ip_address != ip_address: + instance.ip_address = ip_address + instance.save() + return (True, instance) + else: + return (False, instance) + instance = self.create(uuid=uuid, + hostname=hostname, + ip_address=ip_address, + capacity=0) return (True, instance) def get_or_register(self): if settings.AWX_AUTO_DEPROVISION_INSTANCES: - return self.register() + pod_ip = os.environ.get('MY_POD_IP') + return self.register(ip_address=pod_ip) else: return (False, self.me()) diff --git a/awx/main/migrations/0109_v370_instance_ip_address.py b/awx/main/migrations/0109_v370_instance_ip_address.py new file mode 100644 index 0000000000..f3c97d5cff --- /dev/null +++ b/awx/main/migrations/0109_v370_instance_ip_address.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2.8 on 2020-02-12 17:55 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('main', '0108_v370_unifiedjob_dependencies_processed'), + ] + + operations = [ + migrations.AddField( + model_name='instance', + name='ip_address', + field=models.CharField(blank=True, default=None, max_length=50, null=True, unique=True), + ), + ] diff --git a/awx/main/models/ha.py b/awx/main/models/ha.py index acc529a29a..ac7df97e10 100644 --- a/awx/main/models/ha.py +++ b/awx/main/models/ha.py @@ -53,6 +53,13 @@ class Instance(HasPolicyEditsMixin, BaseModel): uuid = models.CharField(max_length=40) hostname = models.CharField(max_length=250, unique=True) + ip_address = models.CharField( + blank=True, + null=True, + default=None, + max_length=50, + unique=True, + ) created = models.DateTimeField(auto_now_add=True) modified = models.DateTimeField(auto_now=True) last_isolated_check = models.DateTimeField( diff --git a/installer/inventory b/installer/inventory index b627a00b69..3b325d543b 100644 --- a/installer/inventory +++ b/installer/inventory @@ -38,7 +38,7 @@ dockerhub_base=ansible # kubernetes_ingress_tls_secret=awx-cert # Kubernetes and Openshift Install Resource Requests -# These are the request and limit values for a pod's container for task/web/rabbitmq/memcached/management. +# These are the request and limit values for a pod's container for task/web/redis/memcached/management. # The total amount of requested resources for a pod is the sum of all # resources requested by all containers in the pod # A cpu_request of 1500 is 1.5 cores for the container to start out with. @@ -52,8 +52,8 @@ dockerhub_base=ansible # task_mem_limit=4 # web_cpu_limit=1000 # web_mem_limit=2 -# rabbitmq_cpu_limit=1000 -# rabbitmq_mem_limit=3 +# redis_cpu_limit=1000 +# redis_mem_limit=3 # memcached_cpu_limit=1000 # memcached_mem_limit=2 # management_cpu_limit=2000 diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml index 4dc863ea9e..86680f6fa0 100644 --- a/installer/roles/kubernetes/defaults/main.yml +++ b/installer/roles/kubernetes/defaults/main.yml @@ -6,10 +6,6 @@ admin_user: 'admin' admin_email: 'root@localhost' admin_password: '' -rabbitmq_user: 'awx' -rabbitmq_password: '' -rabbitmq_erlang_cookie: '' - kubernetes_base_path: "{{ local_base_config_path|default('/tmp') }}/{{ kubernetes_deployment_name }}-config" kubernetes_task_version: "{{ tower_package_version | default(dockerhub_version) }}" @@ -24,16 +20,18 @@ web_cpu_request: 500 task_mem_request: 2 task_cpu_request: 1500 -rabbitmq_mem_request: 2 -rabbitmq_cpu_request: 500 +redis_mem_request: 2 +redis_cpu_request: 500 + +kubernetes_redis_image: "redis" +kubernetes_redis_image_tag: "latest" +kubernetes_redis_hostname: "localhost" +kubernetes_redis_port: "6379" memcached_hostname: localhost memcached_mem_request: 1 memcached_cpu_request: 500 -kubernetes_rabbitmq_version: "3.7.21" -kubernetes_rabbitmq_image: "ansible/awx_rabbitmq" - kubernetes_memcached_version: "latest" kubernetes_memcached_image: "memcached" @@ -56,6 +54,5 @@ custom_venvs_path: "/opt/custom-venvs" custom_venvs_python: "python2" ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt" -rabbitmq_use_ssl: false container_groups_image: "ansible/ansible-runner" diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml index d437d5f890..dc18eefe1c 100644 --- a/installer/roles/kubernetes/tasks/main.yml +++ b/installer/roles/kubernetes/tasks/main.yml @@ -194,10 +194,6 @@ when: kubernetes_web_image is not defined when: docker_registry is defined -- name: Generate SSL certificates for RabbitMQ, if needed - include_tasks: ssl_cert_gen.yml - when: "rabbitmq_use_ssl|default(False)|bool" - - name: Determine StatefulSet api version set_fact: kubernetes_statefulset_api_version: "{{ 'apps/v1' if kube_api_version is version('1.9', '>=') else 'apps/v1beta1' }}" diff --git a/installer/roles/kubernetes/tasks/ssl_cert_gen.yml b/installer/roles/kubernetes/tasks/ssl_cert_gen.yml deleted file mode 100644 index c1b7199028..0000000000 --- a/installer/roles/kubernetes/tasks/ssl_cert_gen.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- - -- name: Create temporary directory - tempfile: - state: directory - prefix: "tower-install-rmq-certs" - register: rmq_cert_tempdir - notify: remove-rmq_cert_tempdir - -- name: Generate CA private key - openssl_privatekey: - path: '{{ rmq_cert_tempdir.path }}/ca.key' - mode: "0600" - -- name: Generate CA CSR - openssl_csr: - path: '{{ rmq_cert_tempdir.path }}/ca.csr' - privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key' - common_name: 'rabbitmq-ca' - basic_constraints: 'CA:TRUE' - mode: "0600" - -- name: Generate CA certificate - openssl_certificate: - path: '{{ rmq_cert_tempdir.path }}/ca.crt' - csr_path: '{{ rmq_cert_tempdir.path }}/ca.csr' - privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key' - provider: selfsigned - selfsigned_not_after: "+36524d" - mode: "0600" - -- name: Generate server private key - openssl_privatekey: - path: '{{ rmq_cert_tempdir.path }}/server.key' - mode: "0600" - -- name: Generate server CSR - openssl_csr: - path: '{{ rmq_cert_tempdir.path }}/server.csr' - privatekey_path: '{{ rmq_cert_tempdir.path }}/server.key' - common_name: 'rabbitmq-server' - mode: "0600" - -- name: Generate server certificate - openssl_certificate: - path: "{{ rmq_cert_tempdir.path }}/server.crt" - csr_path: "{{ rmq_cert_tempdir.path }}/server.csr" - privatekey_path: "{{ rmq_cert_tempdir.path }}/server.key" - provider: ownca - ownca_path: "{{ rmq_cert_tempdir.path }}/ca.crt" - ownca_privatekey_path: "{{ rmq_cert_tempdir.path }}/ca.key" - ownca_not_after: "+36500d" - mode: "0600" - -- name: Create combined certificate - assemble: - src: "{{ rmq_cert_tempdir.path }}" - regexp: "server.crt|server.key" - dest: "{{ rmq_cert_tempdir.path }}/server-combined.pem" - mode: "0600" diff --git a/installer/roles/kubernetes/templates/configmap.yml.j2 b/installer/roles/kubernetes/templates/configmap.yml.j2 index 479e859b48..9b904e709d 100644 --- a/installer/roles/kubernetes/templates/configmap.yml.j2 +++ b/installer/roles/kubernetes/templates/configmap.yml.j2 @@ -205,3 +205,5 @@ data: USE_X_FORWARDED_PORT = True AWX_CONTAINER_GROUP_DEFAULT_IMAGE = "{{ container_groups_image }}" + BROADCAST_WEBSOCKETS_PORT = 8052 + BROADCAST_WEBSOCKETS_PROTOCOL = 'http' diff --git a/installer/roles/kubernetes/templates/credentials.py.j2 b/installer/roles/kubernetes/templates/credentials.py.j2 index f353796bb1..fd68abc523 100644 --- a/installer/roles/kubernetes/templates/credentials.py.j2 +++ b/installer/roles/kubernetes/templates/credentials.py.j2 @@ -12,14 +12,12 @@ DATABASES = { }, } } -BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( - "{{ rabbitmq_user }}", - "{{ rabbitmq_password }}", - "localhost", - "5672", - "awx") + +BROKER_URL = 'redis://{}:{}/'.format( + "{{ kubernetes_redis_hostname }}", + "{{ kubernetes_redis_port }}",) + CHANNEL_LAYERS = { - 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer', - 'ROUTING': 'awx.main.routing.channel_routing', - 'CONFIG': {'url': BROKER_URL}} -} + 'default': {'BACKEND': 'awx.main.channels.RedisGroupBroadcastChannelLayer', + 'CONFIG': {'hosts': [("{{ kubernetes_redis_hostname }}", {{ kubernetes_redis_port|int }})]}} +} \ No newline at end of file diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 2e1103e691..ec4c0a65a4 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -15,131 +15,6 @@ imagePullSecrets: - name: "{{ kubernetes_image_pull_secrets }}" {% endif %} ---- -kind: Service -apiVersion: v1 -metadata: - namespace: {{ kubernetes_namespace }} - name: rabbitmq - labels: - app: {{ kubernetes_deployment_name }} - type: LoadBalancer -spec: - type: NodePort - ports: - - name: http - protocol: TCP - port: 15672 - targetPort: 15672 - - name: amqp - protocol: TCP - port: 5672 - targetPort: 5672 - selector: - app: {{ kubernetes_deployment_name }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: rabbitmq-config - namespace: {{ kubernetes_namespace }} -data: - enabled_plugins: | - [rabbitmq_management,rabbitmq_peer_discovery_k8s]. - rabbitmq_definitions.json: | - { - "users":[{"name": "{{ rabbitmq_user }}", "password": "{{ rabbitmq_password }}", "tags": "administrator"}], - "permissions":[ - {"user":"{{ rabbitmq_user }}","vhost":"awx","configure":".*","write":".*","read":".*"} - ], - "vhosts":[{"name":"awx"}], - "policies":[ - {"vhost":"awx","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}} - ] - } - rabbitmq.conf: | - ## Clustering - management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json - cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s - cluster_formation.k8s.host = kubernetes.default.svc - cluster_formation.k8s.address_type = ip - cluster_formation.node_cleanup.interval = 10 - cluster_formation.node_cleanup.only_log_warning = false - cluster_partition_handling = autoheal - ## queue master locator - queue_master_locator=min-masters - ## enable guest user - loopback_users.guest = false -{% if rabbitmq_use_ssl|default(False)|bool %} - ssl_options.cacertfile=/etc/pki/rabbitmq/ca.crt - ssl_options.certfile=/etc/pki/rabbitmq/server-combined.pem - ssl_options.verify=verify_peer -{% endif %} - rabbitmq-env.conf: | - NODENAME=${RABBITMQ_NODENAME} - USE_LONGNAME=true -{% if rabbitmq_use_ssl|default(False)|bool %} - ERL_SSL_PATH=$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell) - SSL_ADDITIONAL_ERL_ARGS="-pa '$ERL_SSL_PATH' -proto_dist inet_tls -ssl_dist_opt server_certfile /etc/pki/rabbitmq/server-combined.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" - SERVER_ADDITIONAL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS $SSL_ADDITIONAL_ERL_ARGS" - CTL_ERL_ARGS="$SSL_ADDITIONAL_ERL_ARGS" -{% endif %} - -{% if kubernetes_context is defined %} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: endpoint-reader - namespace: {{ kubernetes_namespace }} -rules: -- apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: endpoint-reader - namespace: {{ kubernetes_namespace }} -subjects: -- kind: ServiceAccount - name: awx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: endpoint-reader -{% endif %} - -{% if openshift_host is defined %} ---- -kind: Role -apiVersion: v1 -metadata: - name: endpoint-reader - namespace: {{ kubernetes_namespace }} -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] ---- -kind: RoleBinding -apiVersion: v1 -metadata: - name: endpoint-reader - namespace: {{ kubernetes_namespace }} -roleRef: - name: endpoint-reader - namespace: {{ kubernetes_namespace }} -subjects: - - kind: ServiceAccount - name: awx - namespace: {{ kubernetes_namespace }} -userNames: - - system:serviceaccount:{{ kubernetes_namespace }}:awx -{% endif %} - --- apiVersion: {{ kubernetes_statefulset_api_version }} kind: StatefulSet @@ -165,7 +40,6 @@ spec: service: django app: {{ kubernetes_deployment_name }} spec: - serviceAccountName: awx terminationGracePeriodSeconds: 10 {% if custom_venvs is defined %} {% set trusted_hosts = "" %} @@ -266,7 +140,7 @@ spec: {% if web_cpu_limit is defined %} cpu: "{{ web_cpu_limit }}m" {% endif %} - - name: {{ kubernetes_deployment_name }}-celery + - name: {{ kubernetes_deployment_name }}-task securityContext: privileged: true image: "{{ kubernetes_task_image }}:{{ kubernetes_task_version }}" @@ -303,6 +177,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.uid + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP resources: requests: memory: "{{ task_mem_request }}Gi" @@ -316,72 +194,25 @@ spec: {% if task_cpu_limit is defined %} cpu: "{{ task_cpu_limit }}m" {% endif %} - - name: {{ kubernetes_deployment_name }}-rabbit - image: "{{ kubernetes_rabbitmq_image }}:{{ kubernetes_rabbitmq_version }}" + - name: {{ kubernetes_deployment_name }}-redis + image: {{ kubernetes_redis_image }}:{{ kubernetes_redis_image_tag }} imagePullPolicy: Always ports: - - name: http + - name: redis protocol: TCP - containerPort: 15672 - - name: amqp - protocol: TCP - containerPort: 5672 - livenessProbe: - exec: - command: - - /usr/local/bin/healthchecks/rabbit_health_node.py - initialDelaySeconds: 30 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /usr/local/bin/healthchecks/rabbit_health_node.py - initialDelaySeconds: 10 - timeoutSeconds: 10 - env: - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: RABBITMQ_USE_LONGNAME - value: "true" - - name: RABBITMQ_NODENAME - value: "rabbit@$(MY_POD_IP)" - - name: RABBITMQ_ERLANG_COOKIE - valueFrom: - secretKeyRef: - name: "{{ kubernetes_deployment_name }}-secrets" - key: rabbitmq_erlang_cookie - - name: K8S_SERVICE_NAME - value: "rabbitmq" - - name: RABBITMQ_USER - value: {{ rabbitmq_user }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ kubernetes_deployment_name }}-secrets" - key: rabbitmq_password - volumeMounts: - - name: rabbitmq-config - mountPath: /etc/rabbitmq - - name: rabbitmq-healthchecks - mountPath: /usr/local/bin/healthchecks -{% if rabbitmq_use_ssl|default(False)|bool %} - - name: "{{ kubernetes_deployment_name }}-rabbitmq-certs-vol" - mountPath: /etc/pki/rabbitmq -{% endif %} + containerPort: 6379 resources: requests: - memory: "{{ rabbitmq_mem_request }}Gi" - cpu: "{{ rabbitmq_cpu_request }}m" -{% if rabbitmq_mem_limit is defined or rabbitmq_cpu_limit is defined %} + memory: "{{ redis_mem_request }}Gi" + cpu: "{{ redis_cpu_request }}m" +{% if redis_mem_limit is defined or redis_cpu_limit is defined %} limits: {% endif %} -{% if rabbitmq_mem_limit is defined %} - memory: "{{ rabbitmq_mem_limit }}Gi" +{% if redis_mem_limit is defined %} + memory: "{{ redis_mem_limit }}Gi" {% endif %} -{% if rabbitmq_cpu_limit is defined %} - cpu: "{{ rabbitmq_cpu_limit }}m" +{% if redis_cpu_limit is defined %} + cpu: "{{ redis_cpu_limit }}m" {% endif %} - name: {{ kubernetes_deployment_name }}-memcached image: "{{ kubernetes_memcached_image }}:{{ kubernetes_memcached_version }}" @@ -458,68 +289,6 @@ spec: - key: secret_key path: SECRET_KEY - - name: rabbitmq-config - configMap: - name: rabbitmq-config - items: - - key: rabbitmq.conf - path: rabbitmq.conf - - key: enabled_plugins - path: enabled_plugins - - key: rabbitmq_definitions.json - path: rabbitmq_definitions.json - - key: rabbitmq-env.conf - path: rabbitmq-env.conf - -{% if rabbitmq_use_ssl|default(False)|bool %} - - name: "{{ kubernetes_deployment_name }}-rabbitmq-certs-vol" - secret: - secretName: "{{ kubernetes_deployment_name }}-rabbitmq-certs" - items: - - key: rabbitmq_ssl_cert - path: 'server.crt' - - key: rabbitmq_ssl_key - path: 'server.key' - - key: rabbitmq_ssl_cacert - path: 'ca.crt' - - key: rabbitmq_ssl_combined - path: 'server-combined.pem' -{% endif %} - - name: rabbitmq-healthchecks - configMap: - name: {{ kubernetes_deployment_name }}-healthchecks - items: - - key: rabbit_health_node.py - path: rabbit_health_node.py - defaultMode: 0755 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ kubernetes_deployment_name }}-healthchecks - namespace: {{ kubernetes_namespace }} -data: - rabbit_health_node.py: | - #!/usr/bin/env python - try: - from http.client import HTTPConnection - except ImportError: - from httplib import HTTPConnection - import sys - import os - import base64 - authsecret = base64.b64encode(os.getenv('RABBITMQ_USER') + ':' + os.getenv('RABBITMQ_PASSWORD')) - conn=HTTPConnection('localhost:15672') - conn.request('GET', '/api/healthchecks/node', headers={'Authorization': 'Basic %s' % authsecret}) - r1 = conn.getresponse() - if r1.status != 200: - sys.stderr.write('Received http error %i\\n' % (r1.status)) - sys.exit(1) - body = r1.read() - if body != '{"status":"ok"}': - sys.stderr.write('Received body: %s' % body) - sys.exit(2) - sys.exit(0) --- apiVersion: v1 kind: Service @@ -536,22 +305,7 @@ spec: targetPort: 8052 selector: name: {{ kubernetes_deployment_name }}-web-deploy ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ kubernetes_deployment_name }}-rmq-mgmt - namespace: {{ kubernetes_namespace }} - labels: - name: {{ kubernetes_deployment_name }}-rmq-mgmt -spec: - type: ClusterIP - ports: - - name: rmqmgmt - port: 15672 - targetPort: 15672 - selector: - name: {{ kubernetes_deployment_name }}-web-deploy + {% if kubernetes_context is defined %} --- apiVersion: extensions/v1beta1 diff --git a/installer/roles/kubernetes/templates/environment.sh.j2 b/installer/roles/kubernetes/templates/environment.sh.j2 index e10e7107b2..08c2608633 100644 --- a/installer/roles/kubernetes/templates/environment.sh.j2 +++ b/installer/roles/kubernetes/templates/environment.sh.j2 @@ -5,5 +5,3 @@ DATABASE_PORT={{ pg_port|default('5432') }} DATABASE_PASSWORD={{ pg_password | quote }} MEMCACHED_HOST={{ memcached_hostname|default('localhost') }} MEMCACHED_PORT={{ memcached_port|default('11211') }} -RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }} -RABBITMQ_PORT={{ rabbitmq_port|default('5672') }} diff --git a/installer/roles/kubernetes/templates/management-pod.yml.j2 b/installer/roles/kubernetes/templates/management-pod.yml.j2 index 14d8b61cc5..0aaa2ab007 100644 --- a/installer/roles/kubernetes/templates/management-pod.yml.j2 +++ b/installer/roles/kubernetes/templates/management-pod.yml.j2 @@ -12,6 +12,7 @@ spec: containers: - name: ansible-tower-management image: "{{ kubernetes_task_image }}:{{ kubernetes_task_version }}" + imagePullPolicy: Always command: ["sleep", "infinity"] volumeMounts: - name: {{ kubernetes_deployment_name }}-application-config diff --git a/installer/roles/kubernetes/templates/secret.yml.j2 b/installer/roles/kubernetes/templates/secret.yml.j2 index 799f1adb57..989cb4485f 100644 --- a/installer/roles/kubernetes/templates/secret.yml.j2 +++ b/installer/roles/kubernetes/templates/secret.yml.j2 @@ -7,22 +7,5 @@ metadata: type: Opaque data: secret_key: "{{ secret_key | b64encode }}" - rabbitmq_password: "{{ rabbitmq_password | b64encode }}" - rabbitmq_erlang_cookie: "{{ rabbitmq_erlang_cookie | b64encode }}" credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" - -{% if rabbitmq_use_ssl|default(False)|bool %} ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: {{ kubernetes_namespace }} - name: "{{ kubernetes_deployment_name }}-rabbitmq-certs" -type: Opaque -data: - rabbitmq_ssl_cert: "{{ lookup('file', rmq_cert_tempdir.path + '/server.crt') | b64encode }}" - rabbitmq_ssl_key: "{{ lookup('file', rmq_cert_tempdir.path + '/server.key') | b64encode }}" - rabbitmq_ssl_cacert: "{{ lookup('file', rmq_cert_tempdir.path + '/ca.crt') | b64encode }}" - rabbitmq_ssl_combined: "{{ lookup('file', rmq_cert_tempdir.path + '/server-combined.pem') | b64encode }}" -{% endif %}