diff --git a/playbooks/openshift-apps/coreos-ostree-importer.yml b/playbooks/openshift-apps/coreos-ostree-importer.yml index f2fedf195a..8f3ef60173 100644 --- a/playbooks/openshift-apps/coreos-ostree-importer.yml +++ b/playbooks/openshift-apps/coreos-ostree-importer.yml @@ -8,6 +8,15 @@ - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + - fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}" + - fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}" + - fedora_messaging_routing_keys: + - "org.fedoraproject.*.coreos.build.request.ostree-import" + - fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem" + - fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem" + - fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem" + roles: - role: openshift/project app: coreos-ostree-importer @@ -17,6 +26,40 @@ - jlebon - kevin + # Fedora Messaging User/Queue information + - role: rabbit/user + username: "{{ fedora_messaging_username }}" + - role: rabbit/queue + username: "{{ fedora_messaging_username }}" + queue_name: "{{ fedora_messaging_queue_name }}" + routing_keys: "{{ fedora_messaging_routing_keys }}" + thresholds: + warning: 10 + critical: 100 + + # Fedora Messaging secrets + - role: openshift/secret-file + app: coreos-ostree-importer + secret_name: fedora-messaging-ca + key: "{{ fedora_messaging_ca_file }}" + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/secret-file + app: coreos-ostree-importer + secret_name: fedora-messaging-crt + key: "{{ fedora_messaging_cert_file }}" + privatefile: "rabbitmq/{{env}}/pki/issued/coreos-ostree-importer-{{env_suffix}}.crt" + - role: openshift/secret-file + app: coreos-ostree-importer + secret_name: fedora-messaging-key + key: "{{ fedora_messaging_key_file }}" + privatefile: "rabbitmq/{{env}}/pki/private/coreos-ostree-importer-{{env_suffix}}.key" + + # Fedora Messaging config + - role: openshift/object + app: coreos-ostree-importer + template: configmap.yml + objectname: configmap.yml + - role: openshift/object app: coreos-ostree-importer template: imagestream.yml diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml b/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml new file mode 100644 index 0000000000..ebebf02c3f --- /dev/null +++ b/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml @@ -0,0 +1,12 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fedora-messaging-configmap + labels: + app: coreos-ostree-importer +data: + config.toml: |- + {{ load_file('fedora-messaging.toml') | indent }} + diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml b/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml index dd9d7e7e79..da6aeb58bc 100644 --- a/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml +++ b/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml @@ -25,6 +25,21 @@ spec: volumeMounts: - name: fedora-ostree-content-volume mountPath: /mnt/koji + - name: fedora-messaging-config + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca + mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}" + subPath: "{{ fedora_messaging_ca_file }}" + readOnly: true + - name: fedora-messaging-crt + mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}" + subPath: "{{ fedora_messaging_cert_file }}" + readOnly: true + - name: fedora-messaging-key + mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}" + subPath: "{{ fedora_messaging_key_file }}" + readOnly: true image: "" imagePullPolicy: IfNotPresent resources: {} @@ -32,6 +47,18 @@ spec: - name: fedora-ostree-content-volume persistentVolumeClaim: claimName: fedora-ostree-content-volume + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-configmap + - name: fedora-messaging-ca-volume + secret: + secretName: fedora-messaging-ca + - name: fedora-messaging-crt-volume + secret: + secretName: fedora-messaging-crt + - name: fedora-messaging-key-volume + secret: + secretName: fedora-messaging-key restartPolicy: Always test: false triggers: diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/fedora-messaging.toml b/roles/openshift-apps/coreos-ostree-importer/templates/fedora-messaging.toml new file mode 100644 index 0000000000..3af3c8e0b3 --- /dev/null +++ b/roles/openshift-apps/coreos-ostree-importer/templates/fedora-messaging.toml @@ -0,0 +1,93 @@ +# Broker address +amqp_url = "amqps://{{ fedora_messaging_username }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +# The topic_prefix configuration value will add a prefix to the topics of every sent message. +# This is used for migrating from fedmsg, and should not be used afterwards. +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +[tls] +ca_cert = "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}" +keyfile = "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}" +certfile = "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}" + +# Set the Application name/url/email +[client_properties] +app = "CoreOS OSTree Importer" +app_url = "https://github.com/coreos/fedora-coreos-releng-automation/tree/master/coreos-ostree-importer" +app_contacts_email = ["coreos@lists.fedoraproject.org"] + +[exchanges."amq.topic"] +type = "topic" +durable = true +auto_delete = false +arguments = {} + +# We'll use the coreos queue name +[queues."{{ fedora_messaging_queue_name }}"] +durable = true +auto_delete = false +exclusive = true +arguments = {} + +# We care about the ostree-import message topic +[[bindings]] +queue = "{{ fedora_messaging_queue_name }}" +exchange = "amq.topic" +routing_keys = [ +{% for key in fedora_messaging_routing_keys %} + "{{ key }}", +{% endfor %} +] + +[consumer_config] +example_key = "for my consumer" + +[qos] +prefetch_size = 0 +prefetch_count = 25 + +[log_config] +version = 1 +disable_existing_loggers = true + +# Adjust the log formatting based on preference +[log_config.formatters.simple] +format = "%(asctime)s %(levelname)s %(name)s - %(message)s" + +[log_config.handlers.console] +class = "logging.StreamHandler" +formatter = "simple" +stream = "ext://sys.stdout" + +# Set level to WARNING, otherwise too chatty +[log_config.loggers.fedora_messaging] +level = "WARNING" +propagate = false +handlers = ["console"] + +# Set level to WARNING, otherwise too chatty +[log_config.loggers.twisted] +level = "WARNING" +propagate = false +handlers = ["console"] + +[log_config.loggers.pika] +level = "WARNING" +propagate = false +handlers = ["console"] + +# If your consumer sets up a logger, you must add a configuration for it +# here in order for the messages to show up. e.g. if it set up a logger +# called 'example_printer', you could do: +#[log_config.loggers.example_printer] +#level = "INFO" +#propagate = false +#handlers = ["console"] + +[log_config.root] +level = "ERROR" +handlers = ["console"]