MM: use secret-file instead

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

playbooks/openshift-apps/mirrormanager.yml

@@ -97,22 +97,12 @@
       annotations:
         haproxy.router.openshift.io/timeout: 5m
 
-    # Fedora Messaging
+    # SSH key to get the access logs
     - role: openshift/secret-file
       app: mirrormanager
-      secret_name: fedora-messaging-ca
+      secret_name: ssh_mirrorlist_proxies_key
-      key: cacert.pem
+      key: ssh_mirrorlist_proxies.key
-      privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      privatefile: "mirrormanager/id_rsa.pub"
-    - role: openshift/secret-file
-      app: mirrormanager
-      secret_name: fedora-messaging-crt
-      key: fmn-cert.pem
-      privatefile: "rabbitmq/{{env}}/pki/issued/fmn{{env_suffix}}.crt"
-    - role: openshift/secret-file
-      app: mirrormanager
-      secret_name: fedora-messaging-key
-      key: fmn-key.pem
-      privatefile: "rabbitmq/{{env}}/pki/private/fmn{{env_suffix}}.key"
 
     # Deployment config
     - role: openshift/object

roles/openshift-apps/mirrormanager/files/deploymentconfig.yml

@@ -46,20 +46,9 @@ spec:
         - name: scripts
           mountPath: "/opt/scripts"
           readOnly: true
-        - name: fedora-messaging-config
+        - name: ssh-key
-          mountPath: "/etc/fedora-messaging"
+          mountPath: /etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key
-          readOnly: true
+          subPath: ssh_mirrorlist_proxies.key
-        - name: fedora-messaging-ca
-          mountPath: /etc/pki/fedora-messaging/cacert.pem
-          subPath: cacert.pem
-          readOnly: true
-        - name: fedora-messaging-crt
-          mountPath: /etc/pki/fedora-messaging/cert.pem
-          subPath: cert.pem
-          readOnly: true
-        - name: fedora-messaging-key
-          mountPath: /etc/pki/fedora-messaging/key.pem
-          subPath: key.pem
           readOnly: true
         # - name: ipa-config
         #   mountPath: "/etc/ipa"
@@ -101,18 +90,9 @@ spec:
       - name: scripts
         configMap:
           name: scripts
-      - name: fedora-messaging-config
+      - name: ssh-key
-        configMap:
-          name: fedora-messaging-config
-      - name: fedora-messaging-ca
         secret:
-          secretName: fedora-messaging-ca
+          secretName: ssh_mirrorlist_proxies_key
-      - name: fedora-messaging-crt
-        secret:
-          secretName: fedora-messaging-crt
-      - name: fedora-messaging-key
-        secret:
-          secretName: fedora-messaging-key
       # - name: ipa-config
       #   configMap:
       #     name: ipa-client-config

roles/openshift-apps/mirrormanager/templates/configmap.yml

@@ -34,12 +34,3 @@ items:
   data:
     create_statistics.sh: |-
       {{ load_file('create_statistics.sh') | indent(6) }}
-- apiVersion: v1
-  kind: ConfigMap
-  metadata:
-    name: fedora-messaging-config
-    labels:
-      app: mirrormanager
-  data:
-    config.toml: |-
-      {{ load_file('fedora-messaging.toml') | indent(6) }}

roles/openshift-apps/mirrormanager/templates/create_statistics.sh

@@ -4,7 +4,7 @@ MIRRORLIST_PROXIES="{% for host in groups['mirrorlist_proxies'] %} {{ host }} {%
 
 MIRRORLIST_LOGDIR="/var/log/mirrormanager"
 MIRRORLIST_LOGFILES="mirrorlist1.service.log mirrorlist2.service.log"
-SSH_KEY="/etc/mirrormanager-secrets/ssh_mirrorlist_proxies.key"
+SSH_KEY="/etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key"
 REMOTE_USER="mirrormanager"
 
 SSH="ssh -i ${SSH_KEY}"

roles/openshift-apps/mirrormanager/templates/secrets.yml

@@ -9,5 +9,3 @@ metadata:
 stringData:
   client_secrets.json: |-
     {{ load_file('client_secrets.json') | indent }}
-  ssh_mirrorlist_proxies.key: |-
-    {{ load_file(private + '/files/mirrormanager/id_rsa.pub') | indent }}