Greenwave: Configure staging to use Fedora Messaging

Signed-off-by: Clement Verna <cverna@tutanota.com>
2019-04-02 15:48:39 +02:00 · 2019-04-02 15:48:39 +02:00 · 1c421f1b76
commit 1c421f1b76
parent cac1c82e89
5 changed files with 176 additions and 6 deletions
--- a/playbooks/openshift-apps/greenwave.yml
+++ b/playbooks/openshift-apps/greenwave.yml
@ -9,6 +9,8 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
+    - role: rabbit/user
+      username: "greenwave{{ env_suffix }}"
  # The openshift/project role breaks if the project already exists:
  # https://pagure.io/fedora-infrastructure/issue/6404
  - role: openshift/project
@ -24,15 +26,21 @@
      - apply-appowners
  - role: openshift/secret-file
    app: greenwave
-    secret_name: greenwave-fedmsg-key
-    key: fedmsg-greenwave.key
-    privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.key
+    secret_name: greenwave-fedora-messaging-key
+    key: greenwave.key
+    privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key"
    when: env == "staging"
  - role: openshift/secret-file
    app: greenwave
-    secret_name: greenwave-fedmsg-crt
-    key: fedmsg-greenwave.crt
-    privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.crt
+    secret_name: greenwave-fedora-messaging-crt
+    key: greenwave.crt
+    privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt"
+    when: env == "staging"
+  - role: openshift/secret-file
+    app: greenwave
+    secret_name: greenwave-fedora-messaging-ca
+    key: greenwave.ca
+    privatefile: "rabbitmq/{{env}}/pki/ca.crt"
    when: env == "staging"
  - role: openshift/secret-file
    app: greenwave
--- a/roles/openshift-apps/greenwave/templates/buildconfig.yml
+++ b/roles/openshift-apps/greenwave/templates/buildconfig.yml
@ -8,6 +8,10 @@ spec:
  runPolicy: Serial
  source:
    dockerfile: |-
+{% if env == 'staging' %}
+      # See imagestream.yml for the definition
+      FROM greenwave-upstream:latest
+{% else %}
      # See imagestream.yml for the definition
      FROM greenwave-upstream:latest

@ -31,6 +35,7 @@ spec:
      # Become non-root again
      USER 1001
      ENTRYPOINT docker/install-ca.sh && gunicorn-3 --workers 8 --timeout 127 --bind 0.0.0.0:8080 --access-logfile=- --enable-stdio-inheritance greenwave.wsgi:app
+{% endif %}
  strategy:
    type: Docker
    dockerStrategy:
--- a/roles/openshift-apps/greenwave/templates/config.toml
+++ b/roles/openshift-apps/greenwave/templates/config.toml
@ -0,0 +1,67 @@
+# A sample configuration for fedora-messaging. This file is in the TOML format.
+# For complete details on all configuration options, see the documentation
+# https://fedora-messaging.readthedocs.io/en/latest/configuration.html.
+
+amqp_url = "amqp://greenwave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+publish_exchange = "amq.topic"
+
+callback = "greenwave.consumers.fedora_messaging_consumer:fedora_messaging_callback"
+
+# Note the double brackets below.
+# To add another binding, add another [[bindings]] section.
+[[bindings]]
+queue = "greenwave"
+exchange = "amq.topic"
+routing_keys = [
+    "org.fedoraproject.prod.taskotron.result.new",
+    "org.fedoraproject.stg.taskotron.result.new",
+    "org.fedoraproject.prod.waiver.new",
+    "org.fedoraproject.stg.waiver.new",
+]
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/ca/greenwave.ca"
+keyfile = "/etc/pki/rabbitmq/key/greenwave.key"
+certfile = "/etc/pki/rabbitmq/crt/greenwave.crt"
+
+[client_properties]
+app = "greenwave"
+
+[queues.greenwave]
+durable = true
+auto_delete = false
+exclusive = false
+arguments = {}
+
+[qos]
+prefetch_size = 0
+prefetch_count = 25
+
+[log_config]
+version = 1
+disable_existing_loggers = true
+
+[log_config.formatters.simple]
+format = "[%(name)s %(levelname)s] %(message)s"
+
+[log_config.handlers.console]
+class = "logging.StreamHandler"
+formatter = "simple"
+stream = "ext://sys.stdout"
+
+[log_config.loggers.fedora_messaging]
+level = "INFO"
+propagate = false
+handlers = ["console"]
+
+[log_config.root]
+level = "WARNING"
+handlers = ["console"]
+
+# greenwave consumer configuration
+[consumer_config]
+topic_prefix = 'org.fedoraproject'
+environment = '{{ env }}'
+waiverdb_topic_suffix = 'waiver.new'
+resultsdb_topic_suffix = 'taskotron.result.new'
--- a/roles/openshift-apps/greenwave/templates/configmap.yml
+++ b/roles/openshift-apps/greenwave/templates/configmap.yml
@ -258,3 +258,16 @@ data:
      greenwave_api_url='https://greenwave-web-greenwave.app.os.fedoraproject.org/api/v1.0'
 {% endif %}
    )
+{% if env == 'staging' %}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-messaging-configmap
+  labels:
+    app: greenwave
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+data:
+  config.toml: |-
+    {{ load_file('config.toml') | indent }}
+{% endif %}
--- a/roles/openshift-apps/greenwave/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/greenwave/templates/deploymentconfig.yml
@ -55,6 +55,82 @@ spec:
        kind: ImageStreamTag
        name: greenwave:latest
  - type: ConfigChange
+{% if env == 'staging' %}
+---
+# For fedmsg consumers
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  name: greenwave-fedmsg-consumers
+  labels:
+    app: greenwave
+    service: fedmsg-consumers
+spec:
+  replicas: 1
+  selector:
+    service: fedmsg-consumers
+  template:
+    metadata:
+      labels:
+        app: greenwave
+        service: fedmsg-consumers
+    spec:
+      containers:
+      - name: fedmsg-consumers
+        image: registry/greenwave:latest
+        ports:
+        - containerPort: 8081
+        command:
+        - fedora-messaging consume"
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/greenwave
+          readOnly: true
+        - name: fedora-messaging-config-volume
+          mountPath: /etc/fedora-messaging
+          readOnly: true
+        - name: fedora-messaging-ca-volume
+          mountPath: /etc/pki/rabbitmq/ca
+          readOnly: true
+        - name: fedora-messaging-key-volume
+          mountPath: /etc/pki/rabbitmq/key
+          readOnly: true
+        - name: fedora-messaging-crt-volume
+          mountPath: /etc/pki/rabbitmq/crt
+          readOnly: true
+        resources:
+          limits:
+            memory: 384Mi
+      volumes:
+      # Give the fedmsg-consumer container access to the general config
+      - name: config-volume
+        configMap:
+          name: greenwave-configmap
+      # But *also* access to the fedmsg-specific config
+      - name: fedora-messaging-config-volume
+        configMap:
+          name: fedora-messaging-configmap
+      # And... this secret volume gets set up in the playbook
+      - name: fedora-messaging-ca-volume
+        secret:
+          secretName: greenwave-fedora-messaging-ca
+      - name: fedora-messaging-key-volume
+        secret:
+          secretName: greenwave-fedora-messaging-key
+      - name: fedora-messaging-crt-volume
+        secret:
+          secretName: greenwave-fedora-messaging-crt
+  triggers:
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+      - fedmsg-consumers
+      from:
+        kind: ImageStreamTag
+        name: greenwave:latest
+  - type: ConfigChange
+{% else %}
 ---
 # For fedmsg consumers
 apiVersion: v1
@ -123,6 +199,7 @@ spec:
        kind: ImageStreamTag
        name: greenwave:latest
  - type: ConfigChange
+{% endif %}
 ---
 # For memcached
 apiVersion: v1