Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Set the sent_topics for openqa

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2023-05-15 15:06:01 +02:00
parent 11b3c5c935
commit 4d36f9ed50
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
3 changed files with 13 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

29
playbooks/groups/openqa.yml
View file

@ -45,9 +45,7 @@
username: "openqa" username: "openqa"
queue_name: "openqa{{ openqa_env_suffix }}_scheduler" queue_name: "openqa{{ openqa_env_suffix }}_scheduler"
routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}" routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}"
write_queues: sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(openqa|ci)\..*
- "ci"
- "openqa"
vars: vars:
# yes, even the staging scheduler listens to production, it # yes, even the staging scheduler listens to production, it
# has to or else it wouldn't schedule any jobs # has to or else it wouldn't schedule any jobs
@ -58,9 +56,7 @@
username: "openqa{{ openqa_env_suffix }}" username: "openqa{{ openqa_env_suffix }}"
queue_name: "openqa{{ openqa_env_suffix }}_resultsdb_reporter" queue_name: "openqa{{ openqa_env_suffix }}_resultsdb_reporter"
routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}" routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}"
write_queues: sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(openqa|ci)\..*
- "ci"
- "openqa"
vars: vars:
# for this role to work correctly we do need to look like a # for this role to work correctly we do need to look like a
# staging server # staging server
@ -68,12 +64,8 @@
env_suffix: "{{ openqa_env_suffix }}" env_suffix: "{{ openqa_env_suffix }}"
tags: ['rabbit'] tags: ['rabbit']
- role: rabbit/queue - role: rabbit/queue
username: "openqa{{ openqa_env_suffix }}"
queue_name: "openqa{{ openqa_env_suffix }}_wiki_reporter" queue_name: "openqa{{ openqa_env_suffix }}_wiki_reporter"
routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}" routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}"
write_queues:
- "ci"
- "openqa"
vars: vars:
# for this role to work correctly we do need to look like a # for this role to work correctly we do need to look like a
# staging server # staging server
@ -83,12 +75,7 @@
# relvalconsumer queue, we still use openqa auth for this as it's # relvalconsumer queue, we still use openqa auth for this as it's
# easy that way # easy that way
- role: rabbit/queue - role: rabbit/queue
username: "openqa"
queue_name: "openqa_relvalconsumer{{ relvalconsumer_env_suffix }}" queue_name: "openqa_relvalconsumer{{ relvalconsumer_env_suffix }}"
routing_keys: "{{ relvalconsumer_amqp_routing_keys }}"
write_queues:
- "ci"
- "openqa"
vars: vars:
# yes, even the staging scheduler listens to production, it # yes, even the staging scheduler listens to production, it
# has to or else it wouldn't schedule any jobs # has to or else it wouldn't schedule any jobs
@ -99,12 +86,8 @@
# relvalamiconsumer queue, we still use openqa auth for this as it's # relvalamiconsumer queue, we still use openqa auth for this as it's
# easy that way # easy that way
- role: rabbit/queue - role: rabbit/queue
username: "openqa"
queue_name: "openqa_relvalamiconsumer{{ relvalconsumer_env_suffix }}" queue_name: "openqa_relvalamiconsumer{{ relvalconsumer_env_suffix }}"
routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}" routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}"
write_queues:
- "ci"
- "openqa"
vars: vars:
# yes, even the staging updater listens to production, it # yes, even the staging updater listens to production, it
# has to as we never publish fedimg.image.publish on stg # has to as we never publish fedimg.image.publish on stg
@ -119,9 +102,7 @@
username: "openqa{{ checkcompose_env_suffix }}" username: "openqa{{ checkcompose_env_suffix }}"
queue_name: "openqa{{ checkcompose_env_suffix }}_checkcomp" queue_name: "openqa{{ checkcompose_env_suffix }}_checkcomp"
routing_keys: "{{ checkcompose_amqp_routing_keys }}" routing_keys: "{{ checkcompose_amqp_routing_keys }}"
write_queues: sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(openqa|ci)\..*
- "ci"
- "openqa"
vars: vars:
# for this role to work correctly we do need to look like a # for this role to work correctly we do need to look like a
# staging server # staging server
@ -133,12 +114,8 @@
# fedora_nightlies queue, we still use openqa auth for this as it's # fedora_nightlies queue, we still use openqa auth for this as it's
# easy that way # easy that way
- role: rabbit/queue - role: rabbit/queue
username: "openqa"
queue_name: "openqa_fedora_nightlies" queue_name: "openqa_fedora_nightlies"
routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}" routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}"
write_queues:
- "ci"
- "openqa"
vars: vars:
env: "production" env: "production"
tags: ['rabbit'] tags: ['rabbit']

6
roles/rabbit/queue/tasks/main.yml
View file

@ -15,8 +15,8 @@
# #
# Optional parameters: # Optional parameters:
# #
# - write_queues (list): A list of queue name prefixes to which the user will # - sent_topics (str): A regular expression that must match the topic when a
# be allowed to publish. # message is published by this user.
# - thresholds (dict): A dictionary with two keys: "warning" and "critical". # - thresholds (dict): A dictionary with two keys: "warning" and "critical".
# The values are numbers. Generate an alert in Nagios if # The values are numbers. Generate an alert in Nagios if
# the number of messages go above these values. # the number of messages go above these values.
@ -26,6 +26,7 @@
that: that:
- "queue_name.startswith(username)" - "queue_name.startswith(username)"
fail_msg: "Your queue name must be prefixed with your username" fail_msg: "Your queue name must be prefixed with your username"
when: username is defined
tags: tags:
- fedora-messaging - fedora-messaging
- rabbitmq_cluster - rabbitmq_cluster
@ -34,6 +35,7 @@
name: rabbit/user name: rabbit/user
vars: vars:
publish_only: false publish_only: false
when: username is defined
tags: tags:
- fedora-messaging - fedora-messaging
- rabbitmq_cluster - rabbitmq_cluster

6
roles/rabbit/user/tasks/main.yml
View file

@ -8,6 +8,11 @@
# #
# - username (str): the username to create in RabbitMQ, which should match the # - username (str): the username to create in RabbitMQ, which should match the
# CN of the certificate. # CN of the certificate.
#
# Optional parameters:
#
# - sent_topics (str): A regular expression that must match the topic when a
# message is published by this user.
# See https://www.rabbitmq.com/access-control.html#permissions for details on # See https://www.rabbitmq.com/access-control.html#permissions for details on
# the RabbitMQ permissions configuration. # the RabbitMQ permissions configuration.
@ -15,6 +20,7 @@
- name: Validate username {{ username }} - name: Validate username {{ username }}
assert: assert:
that: that:
- username is defined
- username != "admin" - username != "admin"
- username != "guest" - username != "guest"
- username != "nagios-monitoring" - username != "nagios-monitoring"