From 1c421f1b760cae307c593ca93659704f011609df Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Tue, 2 Apr 2019 15:48:39 +0200 Subject: [PATCH] Greenwave: Configure staging to use Fedora Messaging Signed-off-by: Clement Verna --- playbooks/openshift-apps/greenwave.yml | 20 +++-- .../greenwave/templates/buildconfig.yml | 5 ++ .../greenwave/templates/config.toml | 67 ++++++++++++++++ .../greenwave/templates/configmap.yml | 13 ++++ .../greenwave/templates/deploymentconfig.yml | 77 +++++++++++++++++++ 5 files changed, 176 insertions(+), 6 deletions(-) create mode 100644 roles/openshift-apps/greenwave/templates/config.toml diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml index 3b2c1f8f62..f8f1780763 100644 --- a/playbooks/openshift-apps/greenwave.yml +++ b/playbooks/openshift-apps/greenwave.yml @@ -9,6 +9,8 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: + - role: rabbit/user + username: "greenwave{{ env_suffix }}" # The openshift/project role breaks if the project already exists: # https://pagure.io/fedora-infrastructure/issue/6404 - role: openshift/project @@ -24,15 +26,21 @@ - apply-appowners - role: openshift/secret-file app: greenwave - secret_name: greenwave-fedmsg-key - key: fedmsg-greenwave.key - privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.key + secret_name: greenwave-fedora-messaging-key + key: greenwave.key + privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key" when: env == "staging" - role: openshift/secret-file app: greenwave - secret_name: greenwave-fedmsg-crt - key: fedmsg-greenwave.crt - privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.crt + secret_name: greenwave-fedora-messaging-crt + key: greenwave.crt + privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt" + when: env == "staging" + - role: openshift/secret-file + app: greenwave + secret_name: greenwave-fedora-messaging-ca + key: greenwave.ca + privatefile: "rabbitmq/{{env}}/pki/ca.crt" when: env == "staging" - role: openshift/secret-file app: greenwave diff --git a/roles/openshift-apps/greenwave/templates/buildconfig.yml b/roles/openshift-apps/greenwave/templates/buildconfig.yml index 3ed86258fe..46d7b12ddd 100644 --- a/roles/openshift-apps/greenwave/templates/buildconfig.yml +++ b/roles/openshift-apps/greenwave/templates/buildconfig.yml @@ -8,6 +8,10 @@ spec: runPolicy: Serial source: dockerfile: |- +{% if env == 'staging' %} + # See imagestream.yml for the definition + FROM greenwave-upstream:latest +{% else %} # See imagestream.yml for the definition FROM greenwave-upstream:latest @@ -31,6 +35,7 @@ spec: # Become non-root again USER 1001 ENTRYPOINT docker/install-ca.sh && gunicorn-3 --workers 8 --timeout 127 --bind 0.0.0.0:8080 --access-logfile=- --enable-stdio-inheritance greenwave.wsgi:app +{% endif %} strategy: type: Docker dockerStrategy: diff --git a/roles/openshift-apps/greenwave/templates/config.toml b/roles/openshift-apps/greenwave/templates/config.toml new file mode 100644 index 0000000000..a2f8ec931c --- /dev/null +++ b/roles/openshift-apps/greenwave/templates/config.toml @@ -0,0 +1,67 @@ +# A sample configuration for fedora-messaging. This file is in the TOML format. +# For complete details on all configuration options, see the documentation +# https://fedora-messaging.readthedocs.io/en/latest/configuration.html. + +amqp_url = "amqp://greenwave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +publish_exchange = "amq.topic" + +callback = "greenwave.consumers.fedora_messaging_consumer:fedora_messaging_callback" + +# Note the double brackets below. +# To add another binding, add another [[bindings]] section. +[[bindings]] +queue = "greenwave" +exchange = "amq.topic" +routing_keys = [ + "org.fedoraproject.prod.taskotron.result.new", + "org.fedoraproject.stg.taskotron.result.new", + "org.fedoraproject.prod.waiver.new", + "org.fedoraproject.stg.waiver.new", +] + +[tls] +ca_cert = "/etc/pki/rabbitmq/ca/greenwave.ca" +keyfile = "/etc/pki/rabbitmq/key/greenwave.key" +certfile = "/etc/pki/rabbitmq/crt/greenwave.crt" + +[client_properties] +app = "greenwave" + +[queues.greenwave] +durable = true +auto_delete = false +exclusive = false +arguments = {} + +[qos] +prefetch_size = 0 +prefetch_count = 25 + +[log_config] +version = 1 +disable_existing_loggers = true + +[log_config.formatters.simple] +format = "[%(name)s %(levelname)s] %(message)s" + +[log_config.handlers.console] +class = "logging.StreamHandler" +formatter = "simple" +stream = "ext://sys.stdout" + +[log_config.loggers.fedora_messaging] +level = "INFO" +propagate = false +handlers = ["console"] + +[log_config.root] +level = "WARNING" +handlers = ["console"] + +# greenwave consumer configuration +[consumer_config] +topic_prefix = 'org.fedoraproject' +environment = '{{ env }}' +waiverdb_topic_suffix = 'waiver.new' +resultsdb_topic_suffix = 'taskotron.result.new' diff --git a/roles/openshift-apps/greenwave/templates/configmap.yml b/roles/openshift-apps/greenwave/templates/configmap.yml index 6c29a88226..67ada03b4a 100644 --- a/roles/openshift-apps/greenwave/templates/configmap.yml +++ b/roles/openshift-apps/greenwave/templates/configmap.yml @@ -258,3 +258,16 @@ data: greenwave_api_url='https://greenwave-web-greenwave.app.os.fedoraproject.org/api/v1.0' {% endif %} ) +{% if env == 'staging' %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fedora-messaging-configmap + labels: + app: greenwave +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +data: + config.toml: |- + {{ load_file('config.toml') | indent }} +{% endif %} diff --git a/roles/openshift-apps/greenwave/templates/deploymentconfig.yml b/roles/openshift-apps/greenwave/templates/deploymentconfig.yml index 82f93e709a..26599eec7a 100644 --- a/roles/openshift-apps/greenwave/templates/deploymentconfig.yml +++ b/roles/openshift-apps/greenwave/templates/deploymentconfig.yml @@ -55,6 +55,82 @@ spec: kind: ImageStreamTag name: greenwave:latest - type: ConfigChange +{% if env == 'staging' %} +--- +# For fedmsg consumers +apiVersion: v1 +kind: DeploymentConfig +metadata: + name: greenwave-fedmsg-consumers + labels: + app: greenwave + service: fedmsg-consumers +spec: + replicas: 1 + selector: + service: fedmsg-consumers + template: + metadata: + labels: + app: greenwave + service: fedmsg-consumers + spec: + containers: + - name: fedmsg-consumers + image: registry/greenwave:latest + ports: + - containerPort: 8081 + command: + - fedora-messaging consume" + volumeMounts: + - name: config-volume + mountPath: /etc/greenwave + readOnly: true + - name: fedora-messaging-config-volume + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: /etc/pki/rabbitmq/crt + readOnly: true + resources: + limits: + memory: 384Mi + volumes: + # Give the fedmsg-consumer container access to the general config + - name: config-volume + configMap: + name: greenwave-configmap + # But *also* access to the fedmsg-specific config + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-configmap + # And... this secret volume gets set up in the playbook + - name: fedora-messaging-ca-volume + secret: + secretName: greenwave-fedora-messaging-ca + - name: fedora-messaging-key-volume + secret: + secretName: greenwave-fedora-messaging-key + - name: fedora-messaging-crt-volume + secret: + secretName: greenwave-fedora-messaging-crt + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - fedmsg-consumers + from: + kind: ImageStreamTag + name: greenwave:latest + - type: ConfigChange +{% else %} --- # For fedmsg consumers apiVersion: v1 @@ -123,6 +199,7 @@ spec: kind: ImageStreamTag name: greenwave:latest - type: ConfigChange +{% endif %} --- # For memcached apiVersion: v1