Koschei: install fedora-messaging configuration

roles/openshift-apps/koschei/templates/backend-config.yml

@@ -5,5 +5,14 @@ metadata:
 stringData:
   config-backend.cfg: |
     {{ lookup('template', roles_path + '/openshift-apps/koschei/templates/config-backend.cfg.j2') | indent }}
+  fedora-messaging.toml: |
+    {{ lookup('template', roles_path + '/openshift-apps/koschei/templates/fedora-messaging.toml.j2') | indent }}
   krb5.conf: |
     {{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }}
+data:
+  rabbitmq-ca.crt: |
+    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/ca.crt') | b64encode | indent }}
+  rabbitmq-client.crt: |
+    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/issued/' + app + env_suffix + '.crt') | b64encode | indent }}
+  rabbitmq-client.key: |
+    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/private/' + app + env_suffix + '.key') | b64encode | indent }}

roles/openshift-apps/koschei/templates/backend-deployment.yml

@@ -25,6 +25,8 @@ spec:
             value: /etc/koschei/krb5.conf
           - name: KRB5_CLIENT_KTNAME
             value: /etc/krb5.keytab
+          - name: FEDORA_MESSAGING_CONF
+            value: /etc/koschei/fedora-messaging.toml
         volumeMounts:
         - name: config
           mountPath: /etc/koschei

roles/openshift-apps/koschei/templates/fedora-messaging.toml.j2

@@ -0,0 +1,12 @@
+amqp_url = "amqps://koschei{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/koschei/rabbitmq-ca.crt"
+certfile = "/etc/koschei/rabbitmq-client.crt"
+keyfile = "/etc/koschei/rabbitmq-client.key"