Configure fedmsg in a better way and give it bodhi03's cert.

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
2018-04-16 20:31:30 +00:00 · 2018-04-16 20:31:30 +00:00 · c92f1f0c5d
commit c92f1f0c5d
parent d769f6230e
4 changed files with 52 additions and 1 deletions
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@ -14,6 +14,30 @@
    description: bodhi
    appowners:
    - bowlofeggs
+  - role: openshift/secret-file
+    app: bodhi
+    secret_name: bodhi-fedmsg-key
+    key: fedmsg-bodhi.key
+    privatefile: fedmsg-certs/keys/bodhi-bodhi01.stg.fedoraproject.org.key
+    when: env == "staging"
+  - role: openshift/secret-file
+    app: bodhi
+    secret_name: bodhi-fedmsg-key
+    key: fedmsg-bodhi.key
+    privatefile: fedmsg-certs/keys/bodhi-bodhi03.fedoraproject.org.key
+    when: env != "staging"
+  - role: openshift/secret-file
+    app: bodhi
+    secret_name: bodhi-fedmsg-crt
+    key: fedmsg-bodhi.crt
+    privatefile: fedmsg-certs/keys/bodhi-bodhi01.stg.fedoraproject.org.crt
+    when: env == "staging"
+  - role: openshift/secret-file
+    app: bodhi
+    secret_name: bodhi-fedmsg-crt
+    key: fedmsg-bodhi.crt
+    privatefile: fedmsg-certs/keys/bodhi-bodhi03.fedoraproject.org.crt
+    when: env != "staging"
  - { role: openshift/object, vars: {app: bodhi, file: imagestream.yml }}
  - { role: openshift/object, vars: {app: bodhi, template: buildconfig.yml }}
  - { role: openshift/start-build, vars: {app: bodhi, name: bodhi-web }}
--- a/roles/bodhi2/base/templates/configmap.yml
+++ b/roles/bodhi2/base/templates/configmap.yml
@ -9,3 +9,13 @@ data:
  production.ini: |-
    {%- macro production_ini() %}    {% include "production.ini.j2" %}{%- endmacro -%}
    {{ production_ini() | indent() }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedmsg-configmap
+  labels:
+    app: bodhi
+data:
+  bodhi.py: |-
+    config = {'active': True}
--- a/roles/openshift-apps/bodhi/files/deploymentconfig.yml
+++ b/roles/openshift-apps/bodhi/files/deploymentconfig.yml
@ -42,6 +42,15 @@ items:
            readOnly: true
          - name: cache-volume
            mountPath: /var/cache/bodhi
+          - name: fedmsg-config-volume
+            mountPath: /etc/fedmsg.d/bodhi.py
+            readOnly: true
+          - name: fedmsg-key-volume
+            mountPath: /etc/pki/fedmsg/key
+            readOnly: true
+          - name: fedmsg-crt-volume
+            mountPath: /etc/pki/fedmsg/crt
+            readOnly: true
          readinessProbe:
            timeoutSeconds: 1
            initialDelaySeconds: 5
@ -60,6 +69,15 @@ items:
            name: bodhi-configmap
        - name: cache-volume
          emptyDir: {}
+        - name: fedmsg-config-volume
+          configMap:
+            name: fedmsg-configmap
+        - name: fedmsg-key-volume
+          secret:
+            secretName: bodhi-fedmsg-key
+        - name: fedmsg-crt-volume
+          secret:
+            secretName: bodhi-fedmsg-crt
    triggers:
    - imageChangeParams:
        automatic: true
--- a/roles/openshift-apps/bodhi/templates/buildconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/buildconfig.yml
@ -21,7 +21,6 @@ items:
 {% endif %}
        RUN dnf install -y bodhi-server python2-gunicorn
        RUN mv /usr/share/bodhi/bodhi.wsgi /usr/lib/python2.7/site-packages/bodhiwsgi.py
-        RUN echo "config = {'active': True}" > /etc/fedmsg.d/bodhi.py
        EXPOSE 8080
        ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- bodhiwsgi
      type: Dockerfile