From 055cdb614f276b252d82bbcd13d2fb82ba3c7bf8 Mon Sep 17 00:00:00 2001
From: Brendan Reilly <breilly@redhat.com>
Date: Wed, 17 Feb 2021 15:38:56 -0500
Subject: [PATCH] Fix celery config for MBS

---
 inventory/group_vars/mbs_backend     |  2 +-
 inventory/group_vars/mbs_backend_stg |  2 +-
 roles/mbs/common/templates/config.py | 17 ++++++++++++-----
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/inventory/group_vars/mbs_backend b/inventory/group_vars/mbs_backend
index c5ebc9edb6..5b23edb8f5 100644
--- a/inventory/group_vars/mbs_backend
+++ b/inventory/group_vars/mbs_backend
@@ -41,7 +41,7 @@ csi_relationship: |
 
     NOTE - this system has a KRB service principal with elevated koji privileges.
 
-mbs_broker_url: "amqps://mbs{{ env_suffix }}@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fmbs"
+mbs_broker_url: "amqps://mbs-private-queue{{ env_suffix }}@rabbitmq{{ env_suffix }}.fedoraproject.org//mbs-private-queue"
 mbs_num_workers: 3
 mbs_systemd_wait_for_rabbitmq: true
 mbs_frontend: false
diff --git a/inventory/group_vars/mbs_backend_stg b/inventory/group_vars/mbs_backend_stg
index 0684585acd..7774f11a44 100644
--- a/inventory/group_vars/mbs_backend_stg
+++ b/inventory/group_vars/mbs_backend_stg
@@ -48,7 +48,7 @@ csi_relationship: |
 
     NOTE - this system has a KRB service principal with elevated koji privileges.
 
-mbs_broker_url: "amqps://mbs{{ env_suffix }}@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fmbs"
+mbs_broker_url: "amqps://mbs-private-queue{{ env_suffix }}@rabbitmq{{ env_suffix }}.fedoraproject.org//mbs-private-queue"
 mbs_num_workers: 3
 mbs_systemd_wait_for_rabbitmq: true
 mbs_frontend: false
diff --git a/roles/mbs/common/templates/config.py b/roles/mbs/common/templates/config.py
index 3a1ebe2e65..2c360b5cc6 100644
--- a/roles/mbs/common/templates/config.py
+++ b/roles/mbs/common/templates/config.py
@@ -1,4 +1,5 @@
 from os import path
+import ssl
 
 # FIXME: workaround for this moment till confdir, dbdir (installdir etc.) are
 # declared properly somewhere/somehow
@@ -20,13 +21,19 @@ class BaseConfiguration(object):
     PORT = 5000
 
     CELERY_BROKER_URL = '{{ mbs_broker_url }}'
-    CELERY_CONFIG = {
-        'certfile': "/etc/module-build-service/mbs-private-queue{{env_suffix}}.crt",
-        'keyfile': "/etc/module-build-service/mbs-private-queue{{env_suffix}}.key",
-        'ca_certs': "/etc/module-build-service/ca.crt",
-        'broker_login_method': "EXTERNAL",
+    CELERY_BROKER_TRANSPORT_OPTIONS = {
+        "ssl":
+        {
+            'certfile': "/etc/module-build-service/mbs-private-queue{{env_suffix}}.crt",
+            'keyfile': "/etc/module-build-service/mbs-private-queue{{env_suffix}}.key",
+            'ca_certs': "/etc/module-build-service/ca.crt",
+            'cert_reqs': ssl.CERT_REQUIRED,
+            'ssl_version': ssl.PROTOCOL_TLSv1_2,
+        },
     }
 
+    CELERY_BROKER_LOGIN_METHOD = "EXTERNAL"
+
     # Global network-related values, in seconds
     NET_TIMEOUT = 120
     NET_RETRY_INTERVAL = 30