debops.rabbitmq_server default variables

APT packages


List of base APT packages to install for RabbitMQ service.

rabbitmq_server__base_packages: [ 'rabbitmq-server' ]

List of additional APT packages to install with RabbitMQ service.

rabbitmq_server__packages: []

System configuration


Name of the UNIX system account used by RabbitMQ service.

rabbitmq_server__user: 'rabbitmq'

Name of the UNIX system group used by RabbitMQ service.

rabbitmq_server__group: 'rabbitmq'

List of additional UNIX groups to add the RabbitMQ user into. The ssl-cert UNIX group is used for the X.509 private key access.

rabbitmq_server__append_groups: '{{ ["ssl-cert"] if rabbitmq_server__pki | bool else [] }}'

Absolute path of the RabbitMQ home directory.

rabbitmq_server__home: '/var/lib/rabbitmq'

Resource utilization


Floating point which tells RabbitMQ how much of the free disk space relative to system RAM it should expect before allowing for operation. The default value tells RabbitMQ to expect twice the amount of available RAM to be free on the disk.

See for more details.

rabbitmq_server__relative_disk_free_limit: 2.0

Advanced Message Queuing Protocol (AMQP) configuration


List of IP addresses or CIDR subnets which are allowed to connect to the RabbitMQ service over plaintext amqp:// connection.

If the TLS support is enabled, only the hosts and subnets specified in this list will be allowed to connect.

If the TLS support is disabled, and nothing is specified, anybody will be able to connect over plaintext. You can specify the entries to limit the connections to selected IPs and subnets.

rabbitmq_server__amqp_allow: []

List of IP addresses or CIDR subnets which are allowed to connect to the RabbitMQ service over TLS amqps:// connection.

If this list is empty, anybody can connect over encrypted connection.

rabbitmq_server__amqps_allow: []

RabbitMQ environment

These variables define contents of the /etc/rabbitmq/rabbitmq-env.conf configuration file. This file is sourced by the RabbitMQ init script and should contain shell environment variables that should be defined in the server environment. Each variable is a YAML dictionary, dictionary keys are variable names (they will be written as uppercase automatically), dictionary values are environment values.

You can find the list of known environment variables in the RabbitMQ documentation:


The RabbitMQ environment variables defined on all hosts in the Ansible inventory.

rabbitmq_server__environment: {}

The RabbitMQ environment variables defined on hosts in a specific Ansible inventory group.

rabbitmq_server__group_environment: {}

The RabbitMQ environment variables defined on specific hosts in the Ansible inventory.

rabbitmq_server__host_environment: {}

The variable which combines all of the environment variables and is used in the configuration template.

rabbitmq_server__combined_environment: '{{ rabbitmq_server__environment
                                           | combine(rabbitmq_server__group_environment,
                                                     rabbitmq_server__host_environment) }}'

RabbitMQ main configuration

These variables define the contents of the /etc/rabbitmq/rabbitmq.config configuration file. See rabbitmq_server__config for more details.


The default configuration defined by the debops.rabbitmq_server Ansible role.


  - name: 'ssl'
    state: '{{ "present" if rabbitmq_server__pki | bool else "ignore" }}'

      - name: 'versions'
        value: [ 'tlsv1.2', 'tlsv1.1' ]
        type: 'atom'

      - name: 'ciphers'
        value: |
            {{ rabbitmq_server__ssl_ciphers | indent(2) }}
        type: 'raw'
        state: '{{ "present"
                   if rabbitmq_server__ssl_ciphers
                   else "ignore" }}'

      - client_renegotiation: False

      - secure_renegotiate: True

      - reuse_sessions: True

      - honor_cipher_order: True

      - honor_ecc_order: True

  - name: 'rabbit'
    state: '{{ "present" if rabbitmq_server__pki | bool else "ignore" }}'

      - name: 'tcp_listeners'
        comment: |
          Listen for TCP connections only on the 'localhost' interface
          when the TLS support is enabled
        value: |
          [{"", 5672},
           {"::1",       5672}]
        type: 'raw'
        state: '{{ "ignore" if rabbitmq_server__amqp_allow else "present" }}'

      - ssl_listeners: [ 5671 ]

      - name: 'ssl_options'
        value: |
          [{cacertfile,           "{{ rabbitmq_server__cacertfile }}"},
           {certfile,             "{{ rabbitmq_server__certfile }}"},
           {keyfile,              "{{ rabbitmq_server__keyfile }}"},
           {% if rabbitmq_server__ssl_dhparam %}
          {dhfile,               "{{ rabbitmq_server__ssl_dhparam }}"},
           {% endif -%}
           {versions,             ['tlsv1.2', 'tlsv1.1']},
           {depth,                2},
           {% if rabbitmq_server__ssl_ciphers %}
          {ciphers,              [
                                    {{ rabbitmq_server__ssl_ciphers | indent(26) }}
           {% endif -%}
           {honor_cipher_order,   true},
           {honor_ecc_order,      true},
           {client_renegotiation, false},
           {secure_renegotiate,   true},
           {reuse_sessions,       true},
           {verify,               verify_peer},
           {fail_if_no_peer_cert, false}]
        type: 'raw'

  - name: 'rabbit'

      - name: 'disk_free_limit'
        value: '{mem_relative, {{ rabbitmq_server__relative_disk_free_limit }}{{ "}" }}'
        type: 'raw'

List of RabbitMQ configuration options defined for all hosts in the Ansible inventory.

rabbitmq_server__config: []

List of RabbitMQ configuration options defined for hosts in a specific Ansible inventory group.

rabbitmq_server__group_config: []

List of RabbitMQ configuration options defined for specific hosts in the Ansible inventory.

rabbitmq_server__host_config: []

A string that identifies another Ansible role that uses the debops.rabbitmq_server role as a dependency. This value is needed to correctly store the dependent configuration options. See Usage as a role dependency for more details.

rabbitmq_server__dependent_role: ''

Specify the state of the dependent configuration options, either present (options should be included in the configuration file) or absent (options should be removed from the configuration file). See Usage as a role dependency for more details.

rabbitmq_server__dependent_state: 'present'

List of RabbitMQ configuration options defined by another Ansible role and specified using role dependent variables.

rabbitmq_server__dependent_config: []

Actual variable used in the combined RabbitMQ configuration that unwraps the dependent configuration specified by other Ansible roles and converts it into format understood by the debops.rabbitmq_server configuration template. See Usage as a role dependency for more details.

rabbitmq_server__dependent_config_filter: '{{ lookup("template",
                                              | from_yaml }}'

List that combines RabbitMQ configuration variables and passes them to the template file.

rabbitmq_server__combined_config: '{{ rabbitmq_server__default_config
                                      + rabbitmq_server__dependent_config_filter
                                      + rabbitmq_server__config
                                      + rabbitmq_server__group_config
                                      + rabbitmq_server__host_config }}'

RabbitMQ plugin configuration

These variables specify what RabbitMQ plugins should be enabled on a given host. See rabbitmq_server__plugins for more details.


List of default RabbitMQ plugins enabled by this Ansible role.


  # Required on all hosts by RabbitMQ Management Console
  - name: 'rabbitmq_management_agent'

List of RabbitMQ plugins to enable on all hosts in the Ansible inventory.

rabbitmq_server__plugins: []

List of RabbitMQ plugins to enable on hosts in a specific Ansible inventory group.

rabbitmq_server__group_plugins: []

List of RabbitMQ plugins to enable on specific hosts in the Ansible inventory.

rabbitmq_server__host_plugins: []

Combined list of RabbitMQ plugins passed to the Ansible module.

rabbitmq_server__combined_plugins: '{{ rabbitmq_server__default_plugins
                                       + rabbitmq_server__plugins
                                       + rabbitmq_server__group_plugins
                                       + rabbitmq_server__host_plugins }}'

RabbitMQ virtual host configuration

These variables can be used to configure RabbitMQ virtual hosts. See rabbitmq_server__vhosts for more details.


List of RabbitMQ virtual hosts managed on all hosts in the Ansible inventory.

rabbitmq_server__vhosts: []

List of RabbitMQ virtual hosts managed on hosts in specific Ansible inventory group.

rabbitmq_server__group_vhosts: []

List of RabbitMQ virtual hosts managed on specific hosts in the Ansible inventory.

rabbitmq_server__host_vhosts: []

List of RabbitMQ virtual hosts that are mentioned in parameter configuration. Each virtual host will be created if not already present.

rabbitmq_server__parameters_vhosts: '{{ lookup("template",
                                        "lookup/rabbitmq_server__parameters_vhosts.j2") }}'

List of RabbitMQ virtual hosts that are mentioned in policy configuration. Each virtual host will be created if not already present.

rabbitmq_server__policies_vhosts: '{{ lookup("template",
                                      "lookup/rabbitmq_server__policies_vhosts.j2") }}'

List of RabbitMQ virtual hosts that are mentioned in user account configuration. Each virtual host will be created if not already present.

rabbitmq_server__accounts_vhosts: '{{ lookup("template",
                                      "lookup/rabbitmq_server__accounts_vhosts.j2") }}'

Combined list of RabbitMQ virtual hosts passed to the Ansible task.

rabbitmq_server__combined_vhosts: '{{ rabbitmq_server__vhosts
                                      + rabbitmq_server__group_vhosts
                                      + rabbitmq_server__host_vhosts
                                      + rabbitmq_server__parameters_vhosts
                                      + rabbitmq_server__policies_vhosts
                                      + rabbitmq_server__accounts_vhosts }}'

RabbitMQ vhost limits

These variables can be used to define RabbitMQ virtual host limits (maximum number of connections and queues). See rabbitmq_server__vhost_limits for more details.


List of vhost limits which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__vhost_limits: []

List of vhost limits which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_vhost_limits: []

List of vhost limits which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_vhost_limits: []

Combined list of all vhost limits used in role tasks and templates.

rabbitmq_server__combined_vhost_limits: '{{ rabbitmq_server__vhost_limits
                                          + rabbitmq_server__group_vhost_limits
                                          + rabbitmq_server__host_vhost_limits }}'

RabbitMQ parameter configuration

These variables can be used to manage RabbitMQ parameters. See rabbitmq_server__parameters for more details.


List of RabbitMQ parameters which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__parameters: []

List of RabbitMQ parameters which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_parameters: []

List of RabbitMQ parameters which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_parameters: []

Combined list of all RabbitMQ parameters passed to the Ansible task.

rabbitmq_server__combined_parameters: '{{ rabbitmq_server__parameters
                                          + rabbitmq_server__group_parameters
                                          + rabbitmq_server__host_parameters }}'

RabbitMQ policy configuration

These variables can be used to manage RabbitMQ policies. See rabbitmq_server__policies for more details.


List of RabbitMQ policies which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__policies: []

List of RabbitMQ policies which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_policies: []

List of RabbitMQ policies which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_policies: []

Combined list of all RabbitMQ policies passed to the Ansible task.

rabbitmq_server__combined_policies: '{{ rabbitmq_server__policies
                                        + rabbitmq_server__group_policies
                                        + rabbitmq_server__host_policies }}'

RabbitMQ user account configuration

These variables can be used to manage RabbitMQ user accounts. See rabbitmq_server__accounts for more details.


List of automatically managed administrator accounts, based of the admin users managed by the debops.core Ansible role.

rabbitmq_server__admin_accounts: '{{ lookup("template",
                                     "lookup/rabbitmq_server__admin_accounts.j2") }}'

List of default RabbitMQ user accounts defined by the role.


  # Remove the default user account
  - name: 'guest'
    state: 'absent'

List of RabbitMQ user accounts which should be managed on all hosts in the Ansible inventory.

rabbitmq_server__accounts: []

List of RabbitMQ user accounts which should be managed on hosts in a specific Ansible inventory group.

rabbitmq_server__group_accounts: []

List of RabbitMQ user accounts which should be managed on specific hosts in the Ansible inventory.

rabbitmq_server__host_accounts: []

Combined list of RabbitMQ user accounts, passed to the Ansible task.

rabbitmq_server__combined_accounts: '{{ rabbitmq_server__admin_accounts
                                        + rabbitmq_server__default_accounts
                                        + rabbitmq_server__accounts
                                        + rabbitmq_server__group_accounts
                                        + rabbitmq_server__host_accounts }}'

The default RabbitMQ virtual host which will be configured for the RabbitMQ administrator accounts.

rabbitmq_server__admin_default_vhost: '/'

The default length of the autogenerated user account passwords.

rabbitmq_server__account_password_length: '32'

RabbitMQ user limits

These variables can be used to define RabbitMQ per-user limits (maximum number of connections and used channels). See rabbitmq_server__user_limits for more details.


List of user limits which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__user_limits: []

List of user limits which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_user_limits: []

List of user limits which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_user_limits: []

Combined list of all user limits used in role tasks and templates.

rabbitmq_server__combined_user_limits: '{{ rabbitmq_server__user_limits
                                           + rabbitmq_server__group_user_limits
                                           + rabbitmq_server__host_user_limits }}'

RabbitMQ exchanges

These variables can be used to define RabbitMQ exchanges which receive messages for processing. See rabbitmq_server__exchanges for more details.


List of exchanges which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__exchanges: []

List of exchanges which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_exchanges: []

List of exchanges which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_exchanges: []

Combined list of all exchanges used in role tasks and templates.

rabbitmq_server__combined_exchanges: '{{ rabbitmq_server__exchanges
                                         + rabbitmq_server__group_exchanges
                                         + rabbitmq_server__host_exchanges }}'

RabbitMQ queues

These variables can be used to define RabbitMQ queues which store processed messages for consumers. See rabbitmq_server__queues for more details.


List of queues which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__queues: []

List of queues which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_queues: []

List of queues which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_queues: []

Combined list of all queues used in role tasks and templates.

rabbitmq_server__combined_queues: '{{ rabbitmq_server__queues
                                      + rabbitmq_server__group_queues
                                      + rabbitmq_server__host_queues }}'

RabbitMQ bindings

These variables can be used to define RabbitMQ bindings which connect exchanges and queues. See rabbitmq_server__bindings for more details.


List of bindings which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__bindings: []

List of bindings which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_bindings: []

List of bindings which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_bindings: []

Combined list of all bindings used in role tasks and templates.

rabbitmq_server__combined_bindings: '{{ rabbitmq_server__bindings
                                        + rabbitmq_server__group_bindings
                                        + rabbitmq_server__host_bindings }}'

RabbitMQ feature flags

These variables can be used to define RabbitMQ feature flags which should be present on specific or all RabbitMQ nodes. See rabbitmq_server__feature_flags for more details.


List of feature flags which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__feature_flags: []

List of feature flags which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_feature_flags: []

List of feature flags which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_feature_flags: []

Combined list of all feature flags used in role tasks and templates.

rabbitmq_server__combined_feature_flags: '{{ rabbitmq_server__feature_flags
                                             + rabbitmq_server__group_feature_flags
                                             + rabbitmq_server__host_feature_flags }}'

RabbitMQ global parameters

These variables can be used to define RabbitMQ global parameters on one or more RabbitMQ nodes. See rabbitmq_server__global_parameters for more details.


List of global parameters which should be configured on all hosts in the Ansible inventory.

rabbitmq_server__global_parameters: []

List of global parameters which should be configured on hosts in specific Ansible inventory group.

rabbitmq_server__group_global_parameters: []

List of global parameters which should be configured on specific hosts in the Ansible inventory.

rabbitmq_server__host_global_parameters: []

Combined list of all global parameters used in role tasks and templates.

rabbitmq_server__combined_global_parameters: '{{ rabbitmq_server__global_parameters
                                                 + rabbitmq_server__group_global_parameters
                                                 + rabbitmq_server__host_global_parameters }}'

RabbitMQ cluster configuration


List of IP addresses or CIDR subnets which are allowed to communicate with the RabbitMQ service to form a cluster (TCP ports 4369, 25672). If nothing is specified, no direct cluster communication is allowed.

rabbitmq_server__cluster_allow: []

Public Key Infrastructure configuration

These variables configure the PKI environment for RabbitMQ service using the debops.pki Ansible role. See its documentation for more details.


Enable or disable PKI support.

rabbitmq_server__pki: '{{ True
                          if (ansible_local.pki.enabled | d() and
                              ansible_local.pki.enabled | bool) else False }}'

Absolute path to the directory with PKI realms.

rabbitmq_server__pki_path: '{{ ansible_local.pki.path | d("/etc/pki/realms") }}'

Name of the PKI realm to use by the RabbitMQ service.

rabbitmq_server__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'

Name of the Certificate Authority certificate file to use.

rabbitmq_server__pki_ca: '{{ | d("CA.crt") }}'

Name of the X.509 certificate file to use.

rabbitmq_server__pki_crt: '{{ ansible_local.pki.crt | d("default.crt") }}'

Name of the X.509 private key file to use.

rabbitmq_server__pki_key: '{{ ansible_local.pki.key | d("default.key") }}'

Absolute path of the Certificate Authority certificate to use.

rabbitmq_server__cacertfile: '{{ rabbitmq_server__pki_path
                                 + "/" + rabbitmq_server__pki_realm
                                 + "/" + rabbitmq_server__pki_ca }}'

Absolute path of the X.509 certificate to use.

rabbitmq_server__certfile: '{{ rabbitmq_server__pki_path
                               + "/" + rabbitmq_server__pki_realm
                               + "/" + rabbitmq_server__pki_crt }}'

Absolute path of the X.509 private key to use.

rabbitmq_server__keyfile: '{{ rabbitmq_server__pki_path
                              + "/" + rabbitmq_server__pki_realm
                              + "/" + rabbitmq_server__pki_key }}'

List of TLS/SSL protocol versions supported by the RabbitMQ service.

rabbitmq_server__ssl_versions: [ 'tlsv1.2', 'tlsv1.1' ]

A Erlang raw string which contains a list of TLS/SSL ciphers to allow by the server. Contents of this variable are gathered by the Ansible local facts.

rabbitmq_server__ssl_ciphers: '{{ ansible_local.rabbitmq_server.raw_erlang_ssl_ciphers | d("") }}'

Path to the file with Diffie-Hellman parameters to use by the RabbitMQ service. See debops.dhparam Ansible role for more details.

rabbitmq_server__ssl_dhparam: '{{ (ansible_local.dhparam[rabbitmq_server__ssl_dhparam_set]
                                   if (ansible_local | d() and ansible_local.dhparam | d() and
                                       ansible_local.dhparam[rabbitmq_server__ssl_dhparam_set] | d())
                                   else "") }}'

Name of the dhparam set to use.

rabbitmq_server__ssl_dhparam_set: 'default'

Configuration for other Ansible roles


Configuration for the debops.etc_services Ansible role.


  - name: 'einc'
    port: '25672'
    comment: 'Erlang Inter-Node Communication (RabbitMQ)'

Configuration for the debops.ferm Ansible role.


  - name: 'rabbitmq-amqp'
    type: 'accept'
    saddr: '{{ rabbitmq_server__amqp_allow }}'
    dport: [ 'amqp' ]
    accept_any: '{{ False if rabbitmq_server__pki | bool else True }}'

  - name: 'rabbitmq-amqps'
    type: 'accept'
    saddr: '{{ rabbitmq_server__amqps_allow }}'
    dport: [ 'amqps' ]
    accept_any: True
    rule_state: '{{ "present" if rabbitmq_server__pki | bool else "absent" }}'

  - name: 'rabbitmq-cluster'
    type: 'accept'
    saddr: '{{ rabbitmq_server__cluster_allow }}'
    dport: [ 'epmd', 'einc' ]
    accept_any: False