diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml index 3cb5314981..b8b89ffe26 100644 --- a/playbooks/openshift-apps/openscanhub.yml +++ b/playbooks/openshift-apps/openscanhub.yml @@ -128,6 +128,26 @@ template: service-resalloc-server.yml objectname: service-resalloc-server + # Configurations for Fedora messaging + - role: rabbit/user + username: "openscanhub{{ env_suffix }}" + sent_topics: ^org\.fedoraproject\.{{ env_short }}\.openscanhub\..* + - role: openshift/secret-file + app: openscanhub + secret_name: openscanhub-fedora-messaging-ca + key: fedora-messaging-openscanhub-ca.crt + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/secret-file + app: openscanhub + secret_name: openscanhub-fedora-messaging-key + key: fedora-messaging-openscanhub.key + privatefile: "rabbitmq/{{env}}/pki/private/openscanhub{{env_suffix}}.key" + - role: openshift/secret-file + app: openscanhub + secret_name: openscanhub-fedora-messaging-cert + key: fedora-messaging-openscanhub.crt + privatefile: "rabbitmq/{{env}}/pki/issued/openscanhub{{env_suffix}}.crt" + # sudo rbac-playbook -l staging -t delete openshift-apps/openscanhub.yml - role: openshift/object-delete app: openscanhub diff --git a/roles/openshift-apps/openscanhub/templates/deployment-fedora-osh-hub.yml b/roles/openshift-apps/openscanhub/templates/deployment-fedora-osh-hub.yml index 4ac63cc3ef..28fcaa7d76 100644 --- a/roles/openshift-apps/openscanhub/templates/deployment-fedora-osh-hub.yml +++ b/roles/openshift-apps/openscanhub/templates/deployment-fedora-osh-hub.yml @@ -40,6 +40,21 @@ spec: - mountPath: /etc/osh/worker-manager/id_rsa name: aws-openscanhub-key subPath: id_rsa + + # Fedora messaging configurations + - name: fedora-messaging-config-volume + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: fedora-messaging-cert-volume + mountPath: /etc/pki/rabbitmq/cert + readOnly: true + livenessProbe: exec: command: @@ -69,3 +84,17 @@ spec: secret: defaultMode: 400 secretName: aws-openscanhub-key + + # Fedora messaging configurations + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-configmap + - name: fedora-messaging-ca-volume + secret: + secretName: openscanhub-fedora-messaging-ca + - name: fedora-messaging-key-volume + secret: + secretName: openscanhub-fedora-messaging-key + - name: fedora-messaging-cert-volume + secret: + secretName: openscanhub-fedora-messaging-cert diff --git a/roles/openshift-apps/openscanhub/templates/fedora-messaging-config.toml b/roles/openshift-apps/openscanhub/templates/fedora-messaging-config.toml new file mode 100644 index 0000000000..ff83f5a036 --- /dev/null +++ b/roles/openshift-apps/openscanhub/templates/fedora-messaging-config.toml @@ -0,0 +1,8 @@ +amqp_url = "amqps://openscanhub:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +topic_prefix = "org.fedoraproject.{{ env_short }}.openscanhub" + +[tls] +ca_cert = "/etc/pki/rabbitmq/ca/fedora-messaging-openscanhub-ca.crt" +keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-openscanhub.key" +certfile = "/etc/pki/rabbitmq/cert/fedora-messaging-openscanhub.crt" diff --git a/roles/openshift-apps/openscanhub/templates/fedora-messaging-configmap.yml b/roles/openshift-apps/openscanhub/templates/fedora-messaging-configmap.yml new file mode 100644 index 0000000000..69418edbff --- /dev/null +++ b/roles/openshift-apps/openscanhub/templates/fedora-messaging-configmap.yml @@ -0,0 +1,11 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +- apiVersion: v1 + kind: ConfigMap + metadata: + name: fedora-messaging-configmap + labels: + app: openscanhub + data: + fedora-messaging-config.toml: |- + {{ load_file('fedora-messaging-config.toml') | indent(6) }}