From f1e735e70885584f002f5a4ce00ede12771dd298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= Date: Wed, 27 Feb 2019 15:04:55 +0100 Subject: [PATCH] the-new-hotness: Add fedora messaging certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Konečný --- playbooks/openshift-apps/the-new-hotness.yml | 58 +++++++++++-------- .../files/deploymentconfig.yml | 30 ++++++---- .../the-new-hotness/templates/configmap.yml | 6 +- 3 files changed, 55 insertions(+), 39 deletions(-) diff --git a/playbooks/openshift-apps/the-new-hotness.yml b/playbooks/openshift-apps/the-new-hotness.yml index c06f63415d..f221f9f168 100644 --- a/playbooks/openshift-apps/the-new-hotness.yml +++ b/playbooks/openshift-apps/the-new-hotness.yml @@ -11,33 +11,43 @@ roles: - role: openshift/project app: the-new-hotness - description: Fedora-messaging consumer that listens to release-monitoring.org and files bugzilla bugs in response. + description: Fedora-messaging consumer that listens to the-new-hotness.org and files bugzilla bugs in response. appowners: - zlopez -# - role: openshift/secret-file -# app: release-monitoring -# secret_name: release-monitoring-fedmsg-key -# key: fedmsg-release-monitoring.key -# privatefile: fedmsg-certs/keys/release-monitoring-stg.release-monitoring.org.key -# when: env == "staging" -# - role: openshift/secret-file -# app: release-monitoring -# secret_name: release-monitoring-fedmsg-cert -# key: fedmsg-release-monitoring.crt -# privatefile: fedmsg-certs/keys/release-monitoring-stg.release-monitoring.org.crt -# when: env == "staging" -# - role: openshift/secret-file -# app: release-monitoring -# secret_name: release-monitoring-fedmsg-key -# key: fedmsg-release-monitoring.key -# privatefile: fedmsg-certs/keys/release-monitoring-release-monitoring.org.key -# when: env != "staging" -# - role: openshift/secret-file -# app: release-monitoring -# secret_name: release-monitoring-fedmsg-cert -# key: fedmsg-release-monitoring.crt -# privatefile: fedmsg-certs/keys/release-monitoring-release-monitoring.org.crt + - role: openshift/secret-file + app: the-new-hotness + secret_name: the-new-hotness-fedora-messaging-ca + key: fedora-messaging-the-new-hotness.ca + privatefile: {{private}}/files/rabbitmq/{{env}}/pki/ca.crt + + - role: openshift/secret-file + app: the-new-hotness + secret_name: the-new-hotness-fedora-messaging-key + key: fedora-messaging-the-new-hotness.key + privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.stg.key + when: env == "staging" + + - role: openshift/secret-file + app: the-new-hotness + secret_name: the-new-hotness-fedora-messaging-cert + key: fedora-messaging-the-new-hotness.crt + privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.stg.crt + when: env == "staging" + + - role: openshift/secret-file + app: the-new-hotness + secret_name: the-new-hotness-fedora-messaging-key + key: fedora-messaging-the-new-hotness.key + privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.key + when: env != "staging" + + - role: openshift/secret-file + app: the-new-hotness + secret_name: the-new-hotness-fedora-messaging-cert + key: fedora-messaging-the-new-hotness.crt + privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.crt + when: env != "staging" - role: openshift/object app: the-new-hotness diff --git a/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml b/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml index 60023e0dd0..835f66f3d4 100644 --- a/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml +++ b/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml @@ -35,22 +35,28 @@ items: - name: config-volume mountPath: /etc/fedora-messaging readOnly: true -# - name: fedmsg-key-volume -# mountPath: /etc/pki/fedmsg/key -# readOnly: true -# - name: fedmsg-crt-volume -# mountPath: /etc/pki/fedmsg/crt -# readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: fedora-messaging-cert-volume + mountPath: /etc/pki/rabbitmq/cert + readOnly: true volumes: - name: config-volume configMap: name: the-new-hotness-configmap -# - name: fedmsg-key-volume -# secret: -# secretName: release-monitoring-fedmsg-key -# - name: fedmsg-crt-volume -# secret: -# secretName: release-monitoring-fedmsg-cert + - name: fedora-messaging-ca-volume + secret: + secretName: release-monitoring-fedora-messaging-ca + - name: fedora-messaging-key-volume + secret: + secretName: release-monitoring-fedora-messaging-key + - name: fedora-messaging-cert-volume + secret: + secretName: release-monitoring-fedora-messaging-cert triggers: - imageChangeParams: automatic: true diff --git a/roles/openshift-apps/the-new-hotness/templates/configmap.yml b/roles/openshift-apps/the-new-hotness/templates/configmap.yml index f7d383634d..fbd22b1e14 100644 --- a/roles/openshift-apps/the-new-hotness/templates/configmap.yml +++ b/roles/openshift-apps/the-new-hotness/templates/configmap.yml @@ -33,9 +33,9 @@ items: ] [tls] - ca_cert = "" - keyfile = "" - certfile = "" + ca_cert = "/etc/pki/rabbitmq/ca/ca.crt" + keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-release-monitoring.key" + certfile = "/etc/pki/rabbitmq/crt/fedora-messaging-release-monitoring.crt" [client_properties] app = "the-new-hotness"