From aeaadd525e32ce128a6d1bb771b7472eef36916e Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mon, 4 Mar 2019 12:06:49 +0100
Subject: [PATCH] Port koji to fedora-messaging

This commit:
- creates the rabbitmq user on the cluster
- installs the new dependencies, configuration and certificates
- installs the new fedmsg/fedora-messaging plugin by pulling it from
  pagure.io

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 playbooks/groups/koji-hub.yml                 | 27 +++++++
 roles/koji_hub/tasks/main.yml                 | 73 +++++++++++++++++++
 .../koji_hub/templates/fedora-messaging.toml  | 20 +++++
 3 files changed, 120 insertions(+)
 create mode 100644 roles/koji_hub/templates/fedora-messaging.toml

diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index 0bc8a44ac5..252ebe23a8 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -110,3 +110,30 @@
 
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
+
+# Setup the rabbitmq user so fedora-messaging can send messages
+- name: setup RabbitMQ
+  hosts: rabbitmq-stg[0]
+  #hosts: rabbitmq[0]:rabbitmq-stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: Create the RabbitMQ user
+      when: env == 'staging'
+      rabbitmq_user:
+        user: "koji{{ env_suffix }}"
+        vhost: /pubsub
+        read_priv: "^$"
+        write_priv: "amq\\.topic"
+        configure_priv: "^$"
+        state: present
+      tags:
+        - config
+        - fedora-messaging
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index 281e68b625..c127f8b6da 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -81,12 +81,85 @@
 
 - name: koji fedmsg plugin
   template: src=fedmsg-koji-plugin.py dest=/usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
+  when: env != 'staging'
   notify:
   - reload httpd
   tags:
   - config
   - koji_hub
 
+- name: install fedora-messaging as a dependency for the plugin
+  package: name={{ item }} state=present
+  when: env == 'staging'
+  with_items:
+  - python2-fedora-messaging
+  tags:
+  - packages
+  - koji_hub
+  - fedora-messaging
+
+- name: create the config folder for fedora-messaging
+  when: env == 'staging'
+  file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory
+  tags:
+  - koji_hub
+  - fedora-messaging
+
+- name: install the configuration file for fedora-messaging
+  template:
+      src=fedora-messaging.toml
+      dest=/etc/fedora-messaging/config.toml
+  when: env == 'staging'
+  tags:
+  - config
+  - koji_hub
+  - fedora-messaging
+
+- name: create folder where we'll place the certs
+  when: env == 'staging'
+  file: path=/etc/pki/rabbitmq/kojicert/ owner=root group=root mode=0755 state=directory
+  tags:
+  - config
+  - koji_hub
+  - fedora-messaging
+
+- name: deploy koji/rabbitmq certificate
+  copy: src={{ item.src }}
+        dest=/etc/pki/rabbitmq/kojicert/{{ item.dest }}
+        owner={{ item.owner }} group=root mode={{ item.mode }}
+  when: env == 'staging'
+  with_items:
+    - src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/koji{{ env_suffix }}.crt"
+      dest: koji.crt
+      owner: root
+      mode: 0644
+    - src: "{{private}}/files/rabbitmq/{{env}}/pki/private/koji{{ env_suffix }}.key"
+      dest: koji.key
+      owner: root
+      mode: "600"
+    - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+      dest: koji.ca
+      owner: root
+      mode: 0644
+  tags:
+  - config
+  - koji_hub
+  - fedora-messaging
+
+- name: koji fedora-messaging plugin - installed as fedmsg-koji-plugin
+  get_url:
+      url: https://pagure.io/koji-fedmsg-plugin/raw/master/f/fedmsg-koji-plugin.py
+      dest: /usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
+      mode: 0644
+      checksum: sha256:48cd361366544d435fc529197bb4dc4e72d01263c8f4066dccef9404ce0a70a6
+  when: env == 'staging'
+  notify:
+  - reload httpd
+  tags:
+  - config
+  - koji_hub
+  - fedora-messaging
+
 #
 # install keytabs
 #
diff --git a/roles/koji_hub/templates/fedora-messaging.toml b/roles/koji_hub/templates/fedora-messaging.toml
new file mode 100644
index 0000000000..9d194d3dee
--- /dev/null
+++ b/roles/koji_hub/templates/fedora-messaging.toml
@@ -0,0 +1,20 @@
+# A sample configuration for fedora-messaging. This file is in the TOML format.
+# For complete details on all configuration options, see the documentation.
+
+amqp_url = "amqps://koji{{ env_suffix }}:@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/%2Fpubsub"
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/kojicert/koji.ca"
+keyfile = "/etc/pki/rabbitmq/kojicert/koji.key"
+certfile = "/etc/pki/rabbitmq/kojicert/koji.crt"
+
+[client_properties]
+app = "Koji"