diff --git a/playbooks/openshift-apps/monitor_gating.yml b/playbooks/openshift-apps/monitor_gating.yml index 1d2efd40a0..8200f769d4 100644 --- a/playbooks/openshift-apps/monitor_gating.yml +++ b/playbooks/openshift-apps/monitor_gating.yml @@ -24,6 +24,24 @@ secret_name: monitor-gating-keytab service: packagerbot + - role: openshift/secret-file + app: monitor-gating + secret_name: monitor-gating-fedora-messaging-key + key: monitor-gating.key + privatefile: "rabbitmq/{{env}}/pki/private/monitor-gating{{env_suffix}}.key" + + - role: openshift/secret-file + app: monitor-gating + secret_name: monitor-gating-fedora-messaging-crt + key: monitor-gating.crt + privatefile: "rabbitmq/{{env}}/pki/issued/monitor-gating{{env_suffix}}.crt" + + - role: openshift/secret-file + app: monitor-gating + secret_name: monitor-gating-fedora-messaging-ca + key: monitor-gating.ca + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/object app: monitor-gating template: imagestream.yml diff --git a/roles/openshift-apps/monitor-gating/templates/config.toml b/roles/openshift-apps/monitor-gating/templates/config.toml new file mode 100644 index 0000000000..c51c9ec949 --- /dev/null +++ b/roles/openshift-apps/monitor-gating/templates/config.toml @@ -0,0 +1,15 @@ +# Configuration for fedora-messaging. This file is in the TOML format. +# For complete details on all configuration options, see the documentation. + +amqp_url = "amqps://monitor-gating{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +[tls] +ca_cert = "/etc/pki/rabbitmq/ca/monitor-gating.ca" +keyfile = "/etc/pki/rabbitmq/key/monitor-gating.key" +certfile = "/etc/pki/rabbitmq/crt/monitor-gating.crt" diff --git a/roles/openshift-apps/monitor-gating/templates/configmap.yml b/roles/openshift-apps/monitor-gating/templates/configmap.yml new file mode 100644 index 0000000000..4c4d568f2a --- /dev/null +++ b/roles/openshift-apps/monitor-gating/templates/configmap.yml @@ -0,0 +1,11 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fedora-messaging-configmap + labels: + app: monitor-gating +data: + config.toml: |- + {{ load_file('config.toml') | indent }} diff --git a/roles/openshift-apps/monitor-gating/templates/deploymentconfig.yml b/roles/openshift-apps/monitor-gating/templates/deploymentconfig.yml index 3129b45e10..ee53f5b18d 100644 --- a/roles/openshift-apps/monitor-gating/templates/deploymentconfig.yml +++ b/roles/openshift-apps/monitor-gating/templates/deploymentconfig.yml @@ -43,7 +43,22 @@ spec: - name: monitor-gating-ssh-volume mountPath: /opt/ssh/ readOnly: true + - name: fedora-messaging-config-volume + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: /etc/pki/rabbitmq/crt + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true volumes: + - name: keytab-volume + secret: + secretName: monitor-gating-keytab - name: monitor-gating-secret-volume secret: secretName: monitor-gating-secret @@ -53,10 +68,18 @@ spec: secret: secretName: monitor-gating-ssh defaultMode: 0660 - - name: keytab-volume + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-configmap + - name: fedora-messaging-ca-volume secret: - secretName: monitor-gating-keytab - + secretName: monitor-gating-fedora-messaging-ca + - name: fedora-messaging-crt-volume + secret: + secretName: monitor-gating-fedora-messaging-crt + - name: fedora-messaging-key-volume + secret: + secretName: monitor-gating-fedora-messaging-key triggers: - type: ConfigChange - type: ImageChange