Adding rabbitmq modules

examples/playbooks/rabbitmq.yml

+---
+- hosts: rabbitmq
+  sudo: true
+  vars:
+    rabbitmq_version: 3.0.2-1
+
+  tasks:
+  - name: ensure python-software-properties is installed
+    apt: pkg=python-software-properties state=installed
+
+  - name: add rabbitmq official apt repository
+    apt_repository: repo='deb http://www.rabbitmq.com/debian/ testing main' state=present
+
+  - name: install rabbitmq
+    apt: pkg=rabbitmq-server=$rabbitmq_version state=installed force=yes
+
+  - name: enable rabbitmq plugins
+    rabbitmq_plugin: names=rabbitmq_management,rabbitmq_tracing state=enabled
+    notify:
+    - restart rabbitmq
+
+  - name: add users
+    rabbitmq_user: user=$item password=changeme tags=monitoring,$item vhost="/" configure_priv=".*" write_priv=".*" read_priv=".*" state=present
+    with_items:
+    - user1
+    - user2
+
+  - name: remove default guest user
+    rabbitmq_user: user=guest state=absent
+
+  handlers:
+  - name: restart rabbitmq
+    service: name=rabbitmq-server state=restarted
+

library/rabbitmq_plugin

+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+DOCUMENTATION = '''
+---
+module: rabbitmq_plugin
+short_description: Adds or removes users to RabbitMQ
+description:
+  - Enables or disables RabbitMQ plugins
+version_added: 1.1
+author: Chris Hoffman
+options:
+  names:
+    description:
+      - Comma-separated list of plugin names
+    required: true
+    default: null
+    aliases: [name]
+  new_only:
+    description:
+      - Only enable missing plugins
+      - Does not disable plugins that are not in the names list
+    required: false
+    default: no
+    choices: [yes, no]
+  state:
+    description:
+      - Specify if pluginss are to be enabled or disabled
+    required: false
+    default: enabled
+    choices: [enabled, disabled]
+examples:
+  - code: rabbitmq_plugin names=rabbitmq_management state=enabled
+    description: Enables the rabbitmq_management plugin
+'''
+
+class RabbitMqPlugins(object):
+    def __init__(self, module):
+        self.module = module
+
+    def _exec(self, args):
+        cmd = ["rabbitmq-plugins"]
+        rc, out, err = self.module.run_command(cmd + args, check_rc=True)
+        return out.splitlines()
+
+    def get_all(self):
+        return self._exec(["list", "-E", "-m"])
+
+    def enable(self, name):
+        if not self.module.check_mode:
+            self._exec(["enable", name])
+
+    def disable(self, name):
+        if not self.module.check_mode:
+            self._exec(["disable", name])
+
+def main():
+    arg_spec = dict(
+        names=dict(required=True, aliases=['name']),
+        new_only=dict(default='no', choices=BOOLEANS),
+        state=dict(default='enabled', choices=['enabled', 'disabled'])
+    )
+    module = AnsibleModule(
+        argument_spec=arg_spec,
+        supports_check_mode=True
+    )
+
+    names = module.params['names'].split(',')
+    new_only = module.boolean(module.params['new_only'])
+    state = module.params['state']
+
+    rabbitmq_plugins = RabbitMqPlugins(module)
+    enabled_plugins = rabbitmq_plugins.get_all()
+
+    enabled = []
+    disabled = []
+    if state == 'enabled':
+        if not new_only:
+            for plugin in enabled_plugins:
+                if plugin not in names:
+                    rabbitmq_plugins.disable(plugin)
+                    disabled.append(plugin)
+
+        for name in names:
+            if name not in enabled_plugins:
+                rabbitmq_plugins.enable(name)
+                enabled.append(name)
+    else:
+        for plugin in enabled_plugins:
+            if plugin in names:
+                rabbitmq_plugins.disable(plugin)
+                disabled.append(plugin)
+
+    changed = len(enabled) > 0 or len(disabled) > 0
+    module.exit_json(changed=changed, enabled=enabled, disabled=disabled)
+
+# this is magic, see lib/ansible/module_common.py
+#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
+main()

library/rabbitmq_user

+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+DOCUMENTATION = '''
+---
+module: rabbitmq_user
+short_description: Adds or removes users to RabbitMQ
+description:
+  - Add or remove users to RabbitMQ and assign permissions
+version_added: 1.1
+author: Chris Hoffman
+options:
+  user:
+    description:
+      - Name of user to add
+    required: true
+    default: null
+    aliases: [username, name]
+  password:
+    description:
+      - Password of user to add
+    required: false
+    default: null
+  tags:
+    description:
+      - User tags specified as comma delimited
+    required: false
+    default: null
+  vhost:
+    description:
+      - vhost to apply access privileges.
+    required: false
+    default: /
+  configure_priv:
+    description:
+      - Regular expression to restrict configure actions on a resource
+        for the specified vhost.
+      - By default all actions are restricted.
+    required: false
+    default: ^$
+  write_priv:
+    description:
+      - Regular expression to restrict configure actions on a resource
+        for the specified vhost.
+      - By default all actions are restricted.
+    required: false
+    default: ^$
+  read_priv:
+    description:
+      - Regular expression to restrict configure actions on a resource
+        for the specified vhost.
+      - By default all actions are restricted.
+    required: false
+    default: ^$
+  force:
+    description:
+      - Deletes and recreates the user.
+    required: false
+    default: no
+    choices: [yes, no]
+  state:
+    description:
+      - Specify if user is to be added or removed
+    required: false
+    default: present
+    choices: [present, absent]
+examples:
+  - code: rabbitmq_user user=joe password=changeme vhost="/" configure_priv=".*" read_priv=".*" write_priv=".*" state=present
+    description: Add user to server and assign full access control
+'''
+
+class RabbitMqUser(object):
+    def __init__(self, module, username, password, tags, vhost, configure_priv, write_priv, read_priv):
+        self.module = module
+        self.username = username
+        self.password = password
+        if tags is None:
+            self.tags = []
+        else:
+            self.tags = tags.split(',')
+
+        permissions = dict(
+            vhost=vhost,
+            configure_priv=configure_priv,
+            write_priv=write_priv,
+            read_priv=read_priv
+        )
+        self.permissions = permissions
+
+        self._tags = None
+        self._permissions = None
+
+    def _exec(self, args):
+        cmd = ["rabbitmqctl", "-q"]
+        rc, out, err = self.module.run_command(cmd + args, check_rc=True)
+        return out.splitlines()
+
+    def get(self):
+        users = self._exec(["list_users"])
+
+        for user_tag in users:
+            user, tags = user_tag.split('\t')
+
+            if user == self.username:
+                for c in ['[',']',' ']:
+                    tags = tags.replace(c, '')
+
+                if tags != '':
+                    self._tags = tags.split(',')
+                else:
+                    self._tags = []
+
+                self._permissions = self._get_permissions()
+
+                return True
+
+        return False
+
+    def _get_permissions(self):
+        perms_out = self._exec(["list_user_permissions", self.username])
+
+        for perm in perms_out:
+            vhost, configure_priv, write_priv, read_priv = perm.split('\t')
+            if vhost == self.permissions['vhost']:
+                return dict(vhost=vhost, configure_priv=configure_priv, write_priv=write_priv, read_priv=read_priv)
+
+        return dict()
+
+    def add(self):
+        if not self.module.check_mode:
+            self._exec(["add_user", self.username, self.password])
+
+
+    def delete(self):
+        if not self.module.check_mode:
+            self._exec(["delete_user", self.username])
+
+    def set_tags(self):
+        if not self.module.check_mode:
+            self._exec(["set_user_tags", self.username] + self.tags)
+
+    def set_permissions(self):
+        if not self.module.check_mode:
+            cmd = ["set_permissions"]
+            cmd.append('-p')
+            cmd.append(self.permissions['vhost'])
+            cmd.append(self.username)
+            cmd.append(self.permissions['configure_priv'])
+            cmd.append(self.permissions['write_priv'])
+            cmd.append(self.permissions['read_priv'])
+            self._exec(cmd)
+
+    def has_tags_modifications(self):
+        if (not self._tags and len(self.tags) > 0) or (not self.tags and len(self._tags) > 0):
+            return True
+        else:
+            for tag in self._tags:
+                if tag not in self.tags:
+                    return True
+
+            for tag in self.tags:
+                if tag not in self._tags:
+                    return True
+
+        return False
+
+    def has_permissions_modifications(self):
+        return self._permissions != self.permissions
+
+def main():
+    arg_spec = dict(
+        user=dict(required=True, aliases=['username', 'name']),
+        password=dict(default=None),
+        tags=dict(default=None),
+        vhost=dict(default='/'),
+        configure_priv=dict(default='^$'),
+        write_priv=dict(default='^$'),
+        read_priv=dict(default='^$'),
+        force=dict(default='no', choices=BOOLEANS),
+        state=dict(default='present', choices=['present', 'absent'])
+    )
+    module = AnsibleModule(
+        argument_spec=arg_spec,
+        supports_check_mode=True
+    )
+
+    username = module.params['user']
+    password = module.params['password']
+    tags = module.params['tags']
+    vhost = module.params['vhost']
+    configure_priv = module.params['configure_priv']
+    write_priv = module.params['write_priv']
+    read_priv = module.params['read_priv']
+    force = module.boolean(module.params['force'])
+    state = module.params['state']
+
+    rabbitmq_user = RabbitMqUser(module, username, password, tags, vhost, configure_priv, write_priv, read_priv)
+
+    changed = False
+    if rabbitmq_user.get():
+        if state == 'absent':
+            rabbitmq_user.delete()
+            changed = True
+        else:
+            if force:
+                rabbitmq_user.delete()
+                rabbitmq_user.add()
+                rabbitmq_user.get()
+                changed = True
+
+            if rabbitmq_user.has_tags_modifications():
+                rabbitmq_user.set_tags()
+                changed = True
+
+            if rabbitmq_user.has_permissions_modifications():
+                rabbitmq_user.set_permissions()
+                changed = True
+    elif state == 'present':
+        rabbitmq_user.add()
+        rabbitmq_user.set_tags()
+        rabbitmq_user.set_permissions()
+        changed = True
+
+    module.exit_json(changed=changed)
+
+# this is magic, see lib/ansible/module_common.py
+#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
+main()