Set up librariesio2fedsmg publishing cert

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
This commit is contained in:
Jeremy Cline 2018-01-17 14:59:48 -05:00
parent eb4c688d5e
commit e912cac4b3
4 changed files with 34 additions and 21 deletions

View file

@ -14,6 +14,16 @@
description: librariesio2fedmsg description: librariesio2fedmsg
appowners: appowners:
- jcline - jcline
- role: openshift/secret-file
app: librariesio2fedmsg
secret_name: librariesio2fedmsg-fedmsg-key
key: fedmsg-librariesio2fedmsg.key
privatefile: fedmsg-certs/keys/librariesio2fedmsg-librariesio2fedmsg.app.os.fedoraproject.org.key
- role: openshift/secret-file
app: librariesio2fedmsg
secret_name: librariesio2fedmsg-fedmsg-crt
key: fedmsg-librariesio2fedmsg.crt
privatefile: fedmsg-certs/keys/librariesio2fedmsg-librariesio2fedmsg.app.os.fedoraproject.org.crt
- { role: openshift/object, app: librariesio2fedmsg, file: imagestream.yml } - { role: openshift/object, app: librariesio2fedmsg, file: imagestream.yml }
- { role: openshift/object, app: librariesio2fedmsg, file: buildconfig.yml } - { role: openshift/object, app: librariesio2fedmsg, file: buildconfig.yml }
- { role: openshift/start-build, app: librariesio2fedmsg, name: fedmsg-relay-docker-build } - { role: openshift/start-build, app: librariesio2fedmsg, name: fedmsg-relay-docker-build }

View file

@ -54,7 +54,11 @@ items:
dnf clean all dnf clean all
RUN pip-3 install git+https://github.com/fedora-infra/sse2fedmsg.git RUN pip-3 install git+https://github.com/fedora-infra/sse2fedmsg.git
RUN rm /etc/fedmsg.d/*py RUN rm /etc/fedmsg.d/*py
RUN mkdir -p /etc/pki/fedmsg/
RUN ln -sf /etc/pki/fedmsg/key/fedmsg-librariesio2fedmsg.key /etc/pki/fedmsg/librariesio2fedmsg.key
RUN ln -sf /etc/pki/fedmsg/crt/fedmsg-librariesio2fedmsg.crt /etc/pki/fedmsg/librariesio2fedmsg.crt
ENV USER=librariesio2fedmsg ENV USER=librariesio2fedmsg
RUN chmod 777 /var/run/fedmsg/
ENTRYPOINT sse2fedmsg librariesio http://firehose.libraries.io/events ENTRYPOINT sse2fedmsg librariesio http://firehose.libraries.io/events
type: Dockerfile type: Dockerfile
strategy: strategy:

View file

@ -37,6 +37,12 @@ items:
- name: fedmsg-config-volume - name: fedmsg-config-volume
mountPath: /etc/fedmsg.d/ mountPath: /etc/fedmsg.d/
readOnly: true readOnly: true
- name: fedmsg-key-volume
mountPath: /etc/pki/fedmsg/key
readOnly: true
- name: fedmsg-crt-volume
mountPath: /etc/pki/fedmsg/crt
readOnly: true
- name: fedmsg-relay - name: fedmsg-relay
image: librariesio2fedmsg/fedmsg-relay:latest image: librariesio2fedmsg/fedmsg-relay:latest
livenessProbe: livenessProbe:
@ -68,6 +74,12 @@ items:
- name: fedmsg-config-volume - name: fedmsg-config-volume
configMap: configMap:
name: fedmsg-config name: fedmsg-config
- name: fedmsg-key-volume
secret:
secretName: librariesio2fedmsg-fedmsg-key
- name: fedmsg-crt-volume
secret:
secretName: librariesio2fedmsg-fedmsg-crt
triggers: triggers:
- imageChangeParams: - imageChangeParams:
automatic: true automatic: true

View file

@ -9,30 +9,17 @@ items:
# know our hostname. # know our hostname.
active=True, active=True,
{% if env == 'staging' %} {% if env == 'staging' %}
environment="stg", environment='stg',
relay_inbound=["tcp://busgateway01.stg.phx2.fedoraproject.org:9941"],
{% else %} {% else %}
environment="prod", environment='prod',
relay_inbound=["tcp://busgateway01.phx2.fedoraproject.org:9941"],
{% endif %} {% endif %}
high_water_mark=0, sign_messages=True,
io_threads=1, cert_prefix="librariesio2fedmsg",
post_init_sleep=0.5, certnames={
zmq_linger=1000, "librariesio2fedmsg." + socket.gethostname(): "librariesio2fedmsg",
zmq_tcp_keepalive=1,
zmq_tcp_keepalive_cnt=3,
zmq_tcp_keepalive_idle=60,
zmq_tcp_keepalive_intvl=5,
zmq_reconnect_ivl=100,
zmq_reconnect_ivl_max=1000,
endpoints={
"relay_outbound": [
"tcp://*:9940",
],
}, },
relay_inbound=[
"tcp://127.0.0.1:4001",
],
sign_messages=False,
validate_signatures=False,
) )
kind: ConfigMap kind: ConfigMap
metadata: metadata: