Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

waiverdb: use fedora-messaging in prod.

Browse source 
New version of waiverdb has dropped support for fedmsg

Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna 2019-05-16 14:51:41 +02:00
parent ab4db86c3c
commit c58d0339f0
3 changed files with 0 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

17
playbooks/openshift-apps/waiverdb.yml
View file

@ -41,35 +41,18 @@
secret_name: waiverdb-fedora-messaging-key
key: waiverdb.key
privatefile: "rabbitmq/{{env}}/pki/private/waiverdb{{env_suffix}}.key"
when: env == "staging"
- role: openshift/secret-file
app: waiverdb
secret_name: waiverdb-fedora-messaging-crt
key: waiverdb.crt
privatefile: "rabbitmq/{{env}}/pki/issued/waiverdb{{env_suffix}}.crt"
when: env == "staging"
- role: openshift/secret-file
app: waiverdb
secret_name: waiverdb-fedora-messaging-ca
key: waiverdb.ca
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
when: env == "staging"
- role: openshift/secret-file
app: waiverdb
secret_name: waiverdb-fedmsg-key
key: fedmsg-waiverdb.key
privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.key
when: env != "staging"
- role: openshift/secret-file
app: waiverdb
secret_name: waiverdb-fedmsg-crt
key: fedmsg-waiverdb.crt
privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.crt
when: env != "staging"
- role: openshift/object
app: waiverdb

25
roles/openshift-apps/waiverdb/templates/buildconfig.yml
View file

@ -8,33 +8,8 @@ spec:
runPolicy: Serial
source:
dockerfile: |-
{% if env == 'staging' %}
# See imagestream.yml for the definition
FROM waiverdb-upstream:latest
{% else %}
# See imagestream.yml for the definition
FROM waiverdb-upstream:latest
# fedmsg needs a username.
ENV USER=waiverdb
# Become root during build to chmod
USER 0
# create a symlink for configuring fedmsg.
RUN ln -sfn /etc/fedmsg-waiverdb.d/waiverdb.py /etc/fedmsg.d/zz_waiverdb.py
# And another two for putting the certs in place.
RUN mkdir -p /etc/pki/fedmsg/
RUN ln -sf /etc/pki/fedmsg/key/fedmsg-waiverdb.key /etc/pki/fedmsg/waiverdb.key
RUN ln -sf /etc/pki/fedmsg/crt/fedmsg-waiverdb.crt /etc/pki/fedmsg/waiverdb.crt
# Make sure fedmsg can write its CRL.
RUN chmod 777 /var/run/fedmsg/
# Become non-root again
USER 1001
{% endif %}
strategy:
type: Docker
dockerStrategy:

24
roles/openshift-apps/waiverdb/templates/deploymentconfig.yml
View file

@ -40,7 +40,6 @@ spec:
- name: secret-volume
mountPath: /etc/secret
readOnly: true
{% if env == 'staging' %}
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
@ -53,17 +52,6 @@ spec:
- name: fedora-messaging-config-volume
mountPath: /etc/fedora-messaging
readOnly: true
{% else %}
- name: fedmsg-key-volume
mountPath: /etc/pki/fedmsg/key
readOnly: true
- name: fedmsg-crt-volume
mountPath: /etc/pki/fedmsg/crt
readOnly: true
- name: fedmsg-config-volume
mountPath: /etc/fedmsg-waiverdb.d
readOnly: true
{% endif %}
env:
- name: DATABASE_PASSWORD
valueFrom:
@ -97,7 +85,6 @@ spec:
- name: secret-volume
secret:
secretName: waiverdb-secret
{% if env == 'staging' %}
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-configmap
@ -110,17 +97,6 @@ spec:
- name: fedora-messaging-key-volume
secret:
secretName: waiverdb-fedora-messaging-key
{% else %}
- name: fedmsg-config-volume
configMap:
name: waiverdb-fedmsg-configmap
- name: fedmsg-key-volume
secret:
secretName: waiverdb-fedmsg-key
- name: fedmsg-crt-volume
secret:
secretName: waiverdb-fedmsg-crt
{% endif %}
triggers:
- type: ImageChange
imageChangeParams: