Configure RabbitMQ user tags in nova-cell role

The RabbitMQ 'openstack' user has the 'administrator' tag assigned via the RabbitMQ definitions.json file. Since the Train release, the nova-cell role also configures the RabbitMQ user, but omits the tag. This causes the tag to be removed from the user, which prevents it from accessing the management UI and API. This change adds support for configuring user tags to the service-rabbitmq role, and sets the administrator tag by default. Change-Id: I7a5d6fe324dd133e0929804d431583e5b5c1853d Closes-Bug: #1875786

Configure RabbitMQ user tags in nova-cell role
869e3f21 · Jeffrey Zhang · Mark Goddard · 12a0ffa3 · 869e3f21 · 869e3f21
Commit 869e3f21 authored 4 years ago by Jeffrey Zhang Committed by Mark Goddard 4 years ago
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@@ -161,6 +161,8 @@ nova_cell_rpc_port: "{{ om_rpc_port }}"
 nova_cell_rpc_group_name: "{{ om_rpc_group }}"
 nova_cell_rpc_transport: "{{ om_rpc_transport }}"
 nova_cell_rpc_vhost: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else om_rpc_vhost }}"
+nova_cell_rpc_tags:
+  - "administrator"
 nova_cell_notify_user: "{{ nova_cell_rpc_user }}"
 nova_cell_notify_password: "{{ nova_cell_rpc_password }}"
@@ -168,6 +170,7 @@ nova_cell_notify_port: "{{ nova_cell_rpc_port }}"
 nova_cell_notify_group_name: "{{ nova_cell_rpc_group_name }}"
 nova_cell_notify_transport: "{{ nova_cell_rpc_transport }}"
 nova_cell_notify_vhost: "{{ nova_cell_rpc_vhost }}"
+nova_cell_notify_tags: "{{ nova_cell_rpc_tags }}"
 # External Rabbit users should override these
 nova_cell_rpc_transport_url: "{{ nova_cell_rpc_transport }}://{% for host in groups[nova_cell_rpc_group_name] %}{{ nova_cell_rpc_user }}:{{ nova_cell_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_rpc_vhost }}"
@@ -178,10 +181,12 @@ nova_cell_rpc_rabbitmq_users:
  - user: "{{ nova_cell_rpc_user }}"
    password: "{{ nova_cell_rpc_password }}"
    vhost: "{{ nova_cell_rpc_vhost }}"
+    tags: "{{ nova_cell_rpc_tags }}"
 nova_cell_notify_rabbitmq_users:
  - user: "{{ nova_cell_notify_user }}"
    password: "{{ nova_cell_notify_password }}"
    vhost: "{{ nova_cell_notify_vhost }}"
+    tags: "{{ nova_cell_notify_tags }}"
 ####################
 # Docker

--- a/ansible/roles/service-rabbitmq/defaults/main.yml
+++ b/ansible/roles/service-rabbitmq/defaults/main.yml
@@ -21,5 +21,6 @@ service_rabbitmq_delay: 10
 # 'user'
 # 'password'
 # 'vhost'
+# 'tags'
 # Virtual hosts in this list will also be created.
 service_rabbitmq_users: []
--- a/ansible/roles/service-rabbitmq/tasks/main.yml
+++ b/ansible/roles/service-rabbitmq/tasks/main.yml
@@ -22,6 +22,7 @@
          vhost: "{{ item.vhost }}"
          configure_priv: ".*"
          read_priv: ".*"
+          tags: "{{ item.tags | default([]) | join(',') }}"
          write_priv: ".*"
        user: rabbitmq
      loop: "{{ service_rabbitmq_users }}"

--- a/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml
+++ b/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml
+---
+fixes:
+  - |
+    Fixes an issue with RabbitMQ where tags would be removed from the
+    ``openstack`` user after deploying Nova. This prevents the user from
+    accessing the RabbitMQ management UI. `LP#1875786
+    <https://launchpad.net/bugs/1875786>`__