Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

MBS uses SSL auth for celery

Browse source
This commit is contained in:
Brendan Reilly 2021-01-28 13:17:12 -05:00
parent 8ed43bb25e
commit 2ce9d8e8d3
5 changed files with 29 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/mbs_backend
View file

@ -41,6 +41,6 @@ csi_relationship: |
NOTE - this system has a KRB service principal with elevated koji privileges. NOTE - this system has a KRB service principal with elevated koji privileges.
mbs_broker_url: "amqp://mbs{{ env_suffix }}:{{ mbs_backend_amqp_password}}@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fmbs" mbs_broker_url: "amqps://mbs{{ env_suffix }}@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fmbs"
mbs_num_workers: 3 mbs_num_workers: 3
mbs_systemd_wait_for_rabbitmq: true mbs_systemd_wait_for_rabbitmq: true

2
inventory/group_vars/mbs_backend_stg
View file

@ -48,6 +48,6 @@ csi_relationship: |
NOTE - this system has a KRB service principal with elevated koji privileges. NOTE - this system has a KRB service principal with elevated koji privileges.
mbs_broker_url: "amqp://mbs{{ env_suffix }}:{{ mbs_backend_amqp_password}}@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fmbs" mbs_broker_url: "amqps://mbs{{ env_suffix }}@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fmbs"
mbs_num_workers: 3 mbs_num_workers: 3
mbs_systemd_wait_for_rabbitmq: true mbs_systemd_wait_for_rabbitmq: true

2
roles/mbs/common/tasks/main.yml
View file

@ -143,12 +143,10 @@
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org" delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
rabbitmq_user: rabbitmq_user:
user: "mbs{{ env_suffix }}" user: "mbs{{ env_suffix }}"
password: "{{ mbs_backend_amqp_password }}"
vhost: /mbs vhost: /mbs
configure_priv: .* configure_priv: .*
read_priv: .* read_priv: .*
write_priv: .* write_priv: .*
update_password: always
tags: tags:
- rabbitmq_cluster - rabbitmq_cluster
- config - config

6
roles/mbs/common/templates/config.py
View file

@ -20,6 +20,12 @@ class BaseConfiguration(object):
PORT = 5000 PORT = 5000
CELERY_BROKER_URL = '{{ mbs_broker_url }}' CELERY_BROKER_URL = '{{ mbs_broker_url }}'
CELERY_CONFIG = {
'certfile': "/etc/module-build-service/mbs-private-queue{{env_suffix}}.crt",
'keyfile': "/etc/module-build-service/mbs-private-queue{{env_suffix}}.key",
'ca_certs': "/etc/module-build-service/ca.crt",
'broker_login_method': "EXTERNAL",
}
# Global network-related values, in seconds # Global network-related values, in seconds
NET_TIMEOUT = 120 NET_TIMEOUT = 120

21
roles/rabbitmq_cluster/tasks/apps.yml
View file

@ -254,3 +254,24 @@
- centos-odcs - centos-odcs
# CENTOS ODCS END # CENTOS ODCS END
# MBS BEGIN
- name: MBS User
run_once: true
include_role:
name: rabbit/user
vars:
username: mbs{{ env_suffix }}
- name: MBS Queue
run_once: true
include_role:
name: rabbit/queue
vars:
username: mbs{{ env_suffix }}
queue_name: mbs{{ env_suffix }}
# TTL: 10 days (in miliseconds)
message_ttl: 864000000
routing_keys:
- "mbs.{{ env_short }}.gitlab.#"
# MBS END