diff --git a/playbooks/openshift-apps/fmn.yml b/playbooks/openshift-apps/fmn.yml index 69aafca25b..89c40693f8 100644 --- a/playbooks/openshift-apps/fmn.yml +++ b/playbooks/openshift-apps/fmn.yml @@ -1,3 +1,8 @@ +# +# Fedora Messaging Notifications (FMN) +# + + - name: setup the database hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org gather_facts: no @@ -34,16 +39,22 @@ username: "fmn{{ env_suffix }}" queue_name: "fmn{{ env_suffix }}" routing_keys: + # The FMN queue is subscribed to everything - "#" thresholds: warning: 50 critical: 500 + # FMN sends messages when a rule is changed, to invalidate its cache sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fmn\..* tags: - config - fedora-messaging - rabbitmq_cluster + # FMN also has an internal VHost for communication between the consumer + # (which listens to the Fedora Messaging bus on /pubsub) and the senders + # (which send messages to the various destinations such as email, IRC, + # Matrix). - role: rabbit/vhost vhost: /fmn tags: @@ -64,24 +75,9 @@ - fedora-messaging - rabbitmq_cluster - - name: Create the email queue in the fmn vhost + - name: Create the sending queues in the fmn vhost rabbitmq_queue: - name: email - vhost: /fmn - auto_delete: no - durable: yes - # message_ttl: 300000 - state: present - login_user: admin - login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}" - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - name: Create the irc queue in the fmn vhost - rabbitmq_queue: - name: irc + name: "{{ item }}" vhost: /fmn auto_delete: no durable: yes @@ -89,6 +85,10 @@ state: present login_user: admin login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}" + with_items: + - email + - irc + - matrix tags: - config - fedora-messaging @@ -146,7 +146,6 @@ serviceport: web annotations: haproxy.router.openshift.io/timeout: 5m - - role: openshift/route app: fmn routename: api @@ -155,7 +154,7 @@ serviceport: web annotations: haproxy.router.openshift.io/timeout: 5m - + # Sendria is an email sink for testing, to avoid sending actual emails. - role: openshift/route app: fmn routename: sendria @@ -164,6 +163,7 @@ serviceport: web annotations: haproxy.router.openshift.io/timeout: 5m + when: env == "staging" # Secrets - role: openshift/object @@ -202,7 +202,6 @@ # FASJSON access - role: openshift/ipa-client app: fmn - - role: openshift/keytab app: fmn key: service.keytab diff --git a/roles/openshift-apps/fmn/files/imagestream.yml b/roles/openshift-apps/fmn/files/imagestream.yml index 13f905a46a..55f348f844 100644 --- a/roles/openshift-apps/fmn/files/imagestream.yml +++ b/roles/openshift-apps/fmn/files/imagestream.yml @@ -1,10 +1,12 @@ apiVersion: image.openshift.io/v1 kind: List items: + # The main FMN image - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: fmn + # The Python 3.10 builder image - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: @@ -21,18 +23,12 @@ items: scheduled: true referencePolicy: type: Source + # Sendria (to view email notifications in staging) - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: sendria - # We need to build the sendria image until this is fixed: - # https://github.com/msztolcman/sendria/issues/17 - # spec: - # tags: - # - name: latest - # from: - # kind: DockerImage - # name: msztolcman/sendria:v2.2.2.0 + # Redis (for caching) - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: diff --git a/roles/openshift-apps/fmn/templates/Dockerfile-sendria b/roles/openshift-apps/fmn/templates/Dockerfile-sendria index 9eb319fed9..9762acb0eb 100644 --- a/roles/openshift-apps/fmn/templates/Dockerfile-sendria +++ b/roles/openshift-apps/fmn/templates/Dockerfile-sendria @@ -1,4 +1,4 @@ -# Required until this is fixed: +# Sendria expects the container to run as root # https://github.com/msztolcman/sendria/issues/17 FROM msztolcman/sendria:v2.2.2.0 diff --git a/roles/openshift-apps/fmn/templates/api.toml b/roles/openshift-apps/fmn/templates/api.toml index 5e9edcd854..79da4108a5 100644 --- a/roles/openshift-apps/fmn/templates/api.toml +++ b/roles/openshift-apps/fmn/templates/api.toml @@ -1,3 +1,7 @@ +# +# Fedora Messaging configuration for the API component +# + amqp_url = "amqps://fmn{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" passive_declares = true diff --git a/roles/openshift-apps/fmn/templates/buildconfig.yml b/roles/openshift-apps/fmn/templates/buildconfig.yml index 72266e5a67..e9d9525315 100644 --- a/roles/openshift-apps/fmn/templates/buildconfig.yml +++ b/roles/openshift-apps/fmn/templates/buildconfig.yml @@ -28,8 +28,11 @@ spec: kind: ImageStreamTag # name: python:3.10 # namespace: openshift + # OpenShift does not have Python 3.10 (yet), use our own ImageStream name: python-310:latest env: + # The .s2i/bin/assemble script uses this to build the frontend with the + # correct API and Ipsilon addresses. - name: FEDORA_ENV value: "{{ env }}" output: @@ -49,8 +52,8 @@ spec: secret: "{{ fmn_stg_github_secret }}" {% endif %} --- -# We need to build the sendria image until this is fixed: -# https://github.com/msztolcman/sendria/issues/17 +# Sendria, to display email notifications in staging +{% if env == 'staging' %} apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: @@ -60,6 +63,7 @@ metadata: build: sendria spec: runPolicy: Serial + # We build the sendria image with a few fixes. source: type: Dockerfile dockerfile: |- @@ -73,3 +77,4 @@ spec: triggers: - type: ConfigChange - type: ImageChange +{% endif %} diff --git a/roles/openshift-apps/fmn/templates/consumer.toml b/roles/openshift-apps/fmn/templates/consumer.toml index deb4cb62d0..3321fb548b 100644 --- a/roles/openshift-apps/fmn/templates/consumer.toml +++ b/roles/openshift-apps/fmn/templates/consumer.toml @@ -1,3 +1,7 @@ +# +# Fedora Messaging configuration for the consumer component +# + amqp_url = "amqps://fmn{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" callback = "fmn.consumer:Consumer" passive_declares = true diff --git a/roles/openshift-apps/fmn/templates/cron.yml b/roles/openshift-apps/fmn/templates/cron.yml index 33b1e1a04d..f69882c755 100644 --- a/roles/openshift-apps/fmn/templates/cron.yml +++ b/roles/openshift-apps/fmn/templates/cron.yml @@ -1,4 +1,7 @@ --- +# Cleanup the counting of generated notifications in the database. +# Increase the retained duration if you want to be able to generate generation +# statistics over a longer period of time. apiVersion: batch/v1 kind: CronJob metadata: @@ -41,6 +44,9 @@ spec: configMap: name: fmn --- +# Refresh the cache before it is expired. +# This will avoid message processing to be blocked while the cache is being +# rebuilt. apiVersion: batch/v1 kind: CronJob metadata: diff --git a/roles/openshift-apps/fmn/templates/deploymentconfig.yml b/roles/openshift-apps/fmn/templates/deploymentconfig.yml index cb289474ab..71e6163408 100644 --- a/roles/openshift-apps/fmn/templates/deploymentconfig.yml +++ b/roles/openshift-apps/fmn/templates/deploymentconfig.yml @@ -1,4 +1,5 @@ --- +# Frontend component (Javascript served by Apache httpd) apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -63,6 +64,7 @@ spec: kind: ImageStreamTag name: fmn:latest --- +# API component (Python/FastAPI served by Uvicorn) apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -183,6 +185,7 @@ spec: kind: ImageStreamTag name: fmn:latest --- +# Consumer component (Fedora Messaging consume command) apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -281,6 +284,7 @@ spec: kind: ImageStreamTag name: fmn:latest --- +# Email sending component (custom python runner) apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -345,6 +349,7 @@ spec: kind: ImageStreamTag name: fmn:latest --- +# IRC sending component (custom python runner) apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -412,6 +417,7 @@ spec: kind: ImageStreamTag name: fmn:latest --- +# Matrix sending component (custom python runner) apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -477,6 +483,7 @@ spec: kind: ImageStreamTag name: fmn:latest --- +# Redis, for caching apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -515,6 +522,8 @@ spec: kind: ImageStreamTag name: redis:latest --- +# Sendria, to display email notifications in staging +{% if env == 'staging' %} apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -569,3 +578,4 @@ spec: from: kind: ImageStreamTag name: sendria:latest +{% endif %} diff --git a/roles/openshift-apps/fmn/templates/fmn.cfg b/roles/openshift-apps/fmn/templates/fmn.cfg index 104c1432ed..a0d883cb3e 100644 --- a/roles/openshift-apps/fmn/templates/fmn.cfg +++ b/roles/openshift-apps/fmn/templates/fmn.cfg @@ -1,3 +1,7 @@ +# +# FMN configuration (fmn.core.config) +# + DATABASE__SQLALCHEMY__URL="postgresql://fmn:{{ (env == 'production')|ternary(fmn_prod_db_password, fmn_stg_db_password) }}@db01{{ env_suffix }}.iad2.fedoraproject.org/fmn" CORS_ORIGINS="https://fmn.apps.ocp{{ env_suffix }}.fedoraproject.org" OIDC_PROVIDER_URL="https://id{{ env_suffix }}.fedoraproject.org/openidc" diff --git a/roles/openshift-apps/fmn/templates/sender-email.toml b/roles/openshift-apps/fmn/templates/sender-email.toml index 53cfd61176..878785b041 100644 --- a/roles/openshift-apps/fmn/templates/sender-email.toml +++ b/roles/openshift-apps/fmn/templates/sender-email.toml @@ -1,3 +1,8 @@ +# Configuration for the email sender. +# This is not a Fedora Messaging configuration (even if it looks similar) +# because senders don't use Fedora Messaging, they only connect to FMN's own +# VHost on RabbitMQ. + amqp_url = "amqps://fmn{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Ffmn" queue = "email" diff --git a/roles/openshift-apps/fmn/templates/sender-irc.toml b/roles/openshift-apps/fmn/templates/sender-irc.toml index 5dabe1ec94..8864ac27d5 100644 --- a/roles/openshift-apps/fmn/templates/sender-irc.toml +++ b/roles/openshift-apps/fmn/templates/sender-irc.toml @@ -1,3 +1,8 @@ +# Configuration for the IRC sender. +# This is not a Fedora Messaging configuration (even if it looks similar) +# because senders don't use Fedora Messaging, they only connect to FMN's own +# VHost on RabbitMQ. + amqp_url = "amqps://fmn{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Ffmn" queue = "irc" diff --git a/roles/openshift-apps/fmn/templates/sender-matrix.toml b/roles/openshift-apps/fmn/templates/sender-matrix.toml index 9d3b230429..7f26906dd3 100644 --- a/roles/openshift-apps/fmn/templates/sender-matrix.toml +++ b/roles/openshift-apps/fmn/templates/sender-matrix.toml @@ -1,4 +1,7 @@ -# A sample configuration for the FMN sender. This file is in the TOML format. +# Configuration for the Matrix sender. +# This is not a Fedora Messaging configuration (even if it looks similar) +# because senders don't use Fedora Messaging, they only connect to FMN's own +# VHost on RabbitMQ. amqp_url = "amqps://fmn{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Ffmn" queue = "matrix"