diff --git a/playbooks/openshift-apps/release-monitoring.yml b/playbooks/openshift-apps/release-monitoring.yml index 6b979f6133..dcd83827ad 100644 --- a/playbooks/openshift-apps/release-monitoring.yml +++ b/playbooks/openshift-apps/release-monitoring.yml @@ -15,6 +15,30 @@ appowners: - jcline - zlopez + - role: openshift/secret-file + app: release-monitoring + secret_name: release-monitoring-fedmsg-key + key: fedmsg-release-monitoring.key + privatefile: fedmsg-certs/keys/release-monitoring.stg.release-monitoring.org.key + when: env == "staging" + - role: openshift/secret-file + app: release-monitoring + secret_name: release-monitoring-fedmsg-cert + key: fedmsg-release-monitoring.crt + privatefile: fedmsg-certs/keys/release-monitoring.stg.release-monitoring.org.crt + when: env == "staging" + - role: openshift/secret-file + app: release-monitoring + secret_name: release-monitoring-fedmsg-key + key: fedmsg-release-monitoring.key + privatefile: fedmsg-certs/keys/release-monitoring.release-monitoring.org.key + when: env != "staging" + - role: openshift/secret-file + app: release-monitoring + secret_name: release-monitoring-fedmsg-cert + key: fedmsg-release-monitoring.crt + privatefile: fedmsg-certs/keys/release-monitoring.release-monitoring.org.crt + when: env != "staging" - role: openshift/object app: release-monitoring file: imagestream.yml diff --git a/roles/openshift-apps/release-monitoring/files/deploymentconfig.yml b/roles/openshift-apps/release-monitoring/files/deploymentconfig.yml index 9e64a6c7e1..134142fda3 100644 --- a/roles/openshift-apps/release-monitoring/files/deploymentconfig.yml +++ b/roles/openshift-apps/release-monitoring/files/deploymentconfig.yml @@ -47,6 +47,15 @@ items: - name: config-volume mountPath: /etc/anitya readOnly: true + - name: fedmsg-config-volume + mountPath: /etc/fedmsg.d/ + readOnly: true + - name: fedmsg-key-volume + mountPath: /etc/pki/fedmsg/key + readOnly: true + - name: fedmsg-crt-volume + mountPath: /etc/pki/fedmsg/crt + readOnly: true readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 5 @@ -63,6 +72,15 @@ items: - name: config-volume configMap: name: release-monitoring-configmap + - name: fedmsg-config-volume + configMap: + name: fedmsg-configmap + - name: fedmsg-key-volume + secret: + secretName: release-monitoring-fedmsg-key + - name: fedmsg-crt-volume + secret: + secretName: release-monitoring-fedmsg-crt triggers: - imageChangeParams: automatic: true diff --git a/roles/openshift-apps/release-monitoring/templates/configmap.yml b/roles/openshift-apps/release-monitoring/templates/configmap.yml index 3c4a83e022..b5e9444e73 100644 --- a/roles/openshift-apps/release-monitoring/templates/configmap.yml +++ b/roles/openshift-apps/release-monitoring/templates/configmap.yml @@ -1,128 +1,159 @@ --- apiVersion: v1 -kind: ConfigMap -metadata: - name: release-monitoring-configmap - labels: - app: release-monitoring -data: - anitya.toml: |- - # This is a TOML-format file. For the spec, see https://github.com/toml-lang/toml#spec +kind: List +metadata: {} +items: +- apiVersion: v1 + kind: ConfigMap + metadata: + name: release-monitoring-configmap + labels: + app: release-monitoring + data: + anitya.toml: |- + # This is a TOML-format file. For the spec, see https://github.com/toml-lang/toml#spec - # Secret key used to generate the CSRF token in the forms. + # Secret key used to generate the CSRF token in the forms. {% if env == 'staging' %} - secret_key = '{{ stg_anitya_secrect_key }}' + secret_key = '{{ stg_anitya_secrect_key }}' {% else %} - secret_key = '{{ anitya_secret_key }}' + secret_key = '{{ anitya_secret_key }}' {% endif %} - # The lifetime of the session, in seconds. - permanent_session_lifetime = 3600 + # The lifetime of the session, in seconds. + permanent_session_lifetime = 3600 {% if env == 'staging' %} - db_url = "postgresql://{{ anitya_stg_db_user }}:{{ anitya_stg_db_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }}" + db_url = "postgresql://{{ anitya_stg_db_user }}:{{ anitya_stg_db_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }}" {% else %} - db_url = "postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}" + db_url = "postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}" {% endif %} - # List of admins - anitya_web_admins = [ - "922611f6-2371-49b7-a6fd-464e77856259", - ] + # List of admins + anitya_web_admins = [ + "922611f6-2371-49b7-a6fd-464e77856259", + ] - # The email to use in the 'From' header when sending emails. - admin_email = "admin@fedoraproject.org" + # The email to use in the 'From' header when sending emails. + admin_email = "admin@fedoraproject.org" - # The SMTP server to send mail through - smtp_server = "smtp.example.com" + # The SMTP server to send mail through + smtp_server = "smtp.example.com" - # Whether or not to send emails to MAIL_ADMIN via SMTP_SERVER when HTTP 500 - # errors occur. - email_errors = false + # Whether or not to send emails to MAIL_ADMIN via SMTP_SERVER when HTTP 500 + # errors occur. + email_errors = false - # List of users that are not allowed to sign in - blacklisted_users = [] + # List of users that are not allowed to sign in + blacklisted_users = [] - librariesio_platform_whitelist = [ - 'pypi', - 'rubygems', - ] + librariesio_platform_whitelist = [ + 'pypi', + 'rubygems', + ] - social_auth_authentication_backends = [ - 'social_core.backends.fedora.FedoraOpenId', - 'social_core.backends.yahoo.YahooOpenId', - 'social_core.backends.open_id.OpenIdAuth', - ] + social_auth_authentication_backends = [ + 'social_core.backends.fedora.FedoraOpenId', + 'social_core.backends.yahoo.YahooOpenId', + 'social_core.backends.open_id.OpenIdAuth', + ] - # Default regular expression used for backend - default_regex = """\ - %(name)s(?:[-_]?(?:minsrc|src|source))?[-_]([^-/_\\s]+?)(?i)(?:[-_]\ - (?:minsrc|src|source|asc|release))?\\.(?:tar|t[bglx]z|tbz2|zip)\ - """ + # Default regular expression used for backend + default_regex = """\ + %(name)s(?:[-_]?(?:minsrc|src|source))?[-_]([^-/_\\s]+?)(?i)(?:[-_]\ + (?:minsrc|src|source|asc|release))?\\.(?:tar|t[bglx]z|tbz2|zip)\ + """ - # Github access token + # Github access token {% if env == 'staging' %} - github_access_token = "{{ github_stg_release_monitoring }}" + github_access_token = "{{ github_stg_release_monitoring }}" {% else %} - github_access_token = "{{ github_prod_release_monitoring }}" + github_access_token = "{{ github_prod_release_monitoring }}" {% endif %} - # The logging configuration, in dictConfig format. - [anitya_log_config] - version = 1 - disable_existing_loggers = false + # The logging configuration, in dictConfig format. + [anitya_log_config] + version = 1 + disable_existing_loggers = false - [anitya_log_config.formatters] - [anitya_log_config.formatters.simple] - format = "[%(name)s %(levelname)s] %(message)s" + [anitya_log_config.formatters] + [anitya_log_config.formatters.simple] + format = "[%(name)s %(levelname)s] %(message)s" - [anitya_log_config.handlers] - [anitya_log_config.handlers.console] - class = "logging.StreamHandler" - formatter = "simple" - stream = "ext://sys.stdout" + [anitya_log_config.handlers] + [anitya_log_config.handlers.console] + class = "logging.StreamHandler" + formatter = "simple" + stream = "ext://sys.stdout" - [anitya_log_config.loggers] - [anitya_log_config.loggers.anitya] - level = "INFO" - propagate = false - handlers = ["console"] + [anitya_log_config.loggers] + [anitya_log_config.loggers.anitya] + level = "INFO" + propagate = false + handlers = ["console"] - [anitya_log_config.root] - level = "ERROR" - handlers = ["console"] - alembic.ini: |- - [alembic] - script_location = anitya:db/migrations - sourceless = false + [anitya_log_config.root] + level = "ERROR" + handlers = ["console"] + alembic.ini: |- + [alembic] + script_location = anitya:db/migrations + sourceless = false {% if env == 'staging' %} - sqlalchemy.url = postgresql://{{ anitya_stg_db_admin_user }}:{{ anitya_stg_db_admin_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }} + sqlalchemy.url = postgresql://{{ anitya_stg_db_admin_user }}:{{ anitya_stg_db_admin_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }} {% else %} - sqlalchemy.url = postgresql://{{ anitya_db_admin_user }}:{{ anitya_db_admin_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }} + sqlalchemy.url = postgresql://{{ anitya_db_admin_user }}:{{ anitya_db_admin_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }} {% endif %} - [loggers] - keys = root,sqlalchemy,alembic - [handlers] - keys = console - [formatters] - keys = generic - [logger_root] - level = WARN - handlers = console - qualname = - [logger_sqlalchemy] - level = WARN - handlers = - qualname = sqlalchemy.engine - [logger_alembic] - level = INFO - handlers = - qualname = alembic - [handler_console] - class = StreamHandler - args = (sys.stderr,) - level = NOTSET - formatter = generic - [formatter_generic] - format = %(levelname)-5.5s [%(name)s] %(message)s - datefmt = %H:%M:%S + [loggers] + keys = root,sqlalchemy,alembic + [handlers] + keys = console + [formatters] + keys = generic + [logger_root] + level = WARN + handlers = console + qualname = + [logger_sqlalchemy] + level = WARN + handlers = + qualname = sqlalchemy.engine + [logger_alembic] + level = INFO + handlers = + qualname = alembic + [handler_console] + class = StreamHandler + args = (sys.stderr,) + level = NOTSET + formatter = generic + [formatter_generic] + format = %(levelname)-5.5s [%(name)s] %(message)s + datefmt = %H:%M:%S +- apiVersion: v1 + kind: ConfigMap + metadata: + name: fedmsg-configmap + labels: + app: release-monitoring + data: + anitya.py: |- + import socket + config = { + "active": True, + "sign_messages": True, + "validate_signatures": True, + "crypto_backend": "x509", + "ssldir": "/etc/pki/fedmsg/" + "certnames": { + "release-monitoring." + socket.gethostname(): "release-monitoring", + }, + "topic_prefix": "org.release-monitoring", +{% if env == 'staging' %} + "environment": "stg", + "relay_inbound": ["tcp://busgateway01.stg.phx2.fedoraproject.org:9941"], +{% else %} + "environment": "prod", + "relay_inbound": ["tcp://busgateway01.phx2.fedoraproject.org:9941"], +{% endif %} + }