the-new-hotness: Add fedora messaging certificates

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
2019-02-27 15:04:55 +01:00 · 2019-02-27 15:04:55 +01:00 · f1e735e708
commit f1e735e708
parent 43bc6bdc3b
3 changed files with 55 additions and 39 deletions
--- a/playbooks/openshift-apps/the-new-hotness.yml
+++ b/playbooks/openshift-apps/the-new-hotness.yml
@ -11,33 +11,43 @@
  roles:
  - role: openshift/project
    app: the-new-hotness
-    description: Fedora-messaging consumer that listens to release-monitoring.org and files bugzilla bugs in response.
+    description: Fedora-messaging consumer that listens to the-new-hotness.org and files bugzilla bugs in response.
    appowners:
    - zlopez
-#  - role: openshift/secret-file
+  - role: openshift/secret-file
-#    app: release-monitoring
+    app: the-new-hotness
-#    secret_name: release-monitoring-fedmsg-key
+    secret_name: the-new-hotness-fedora-messaging-ca
-#    key: fedmsg-release-monitoring.key
+    key: fedora-messaging-the-new-hotness.ca
-#    privatefile: fedmsg-certs/keys/release-monitoring-stg.release-monitoring.org.key
+    privatefile: {{private}}/files/rabbitmq/{{env}}/pki/ca.crt
-#    when: env == "staging"
+
-#  - role: openshift/secret-file
+  - role: openshift/secret-file
-#    app: release-monitoring
+    app: the-new-hotness
-#    secret_name: release-monitoring-fedmsg-cert
+    secret_name: the-new-hotness-fedora-messaging-key
-#    key: fedmsg-release-monitoring.crt
+    key: fedora-messaging-the-new-hotness.key
-#    privatefile: fedmsg-certs/keys/release-monitoring-stg.release-monitoring.org.crt
+    privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.stg.key
-#    when: env == "staging"
+    when: env == "staging"
-#  - role: openshift/secret-file
+
-#    app: release-monitoring
+  - role: openshift/secret-file
-#    secret_name: release-monitoring-fedmsg-key
+    app: the-new-hotness
-#    key: fedmsg-release-monitoring.key
+    secret_name: the-new-hotness-fedora-messaging-cert
-#    privatefile: fedmsg-certs/keys/release-monitoring-release-monitoring.org.key
+    key: fedora-messaging-the-new-hotness.crt
-#    when: env != "staging"
+    privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.stg.crt
-#  - role: openshift/secret-file
+    when: env == "staging"
-#    app: release-monitoring
+
-#    secret_name: release-monitoring-fedmsg-cert
+  - role: openshift/secret-file
-#    key: fedmsg-release-monitoring.crt
+    app: the-new-hotness
-#    privatefile: fedmsg-certs/keys/release-monitoring-release-monitoring.org.crt
+    secret_name: the-new-hotness-fedora-messaging-key
    key: fedora-messaging-the-new-hotness.key
    privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.key
    when: env != "staging"
  - role: openshift/secret-file
    app: the-new-hotness
    secret_name: the-new-hotness-fedora-messaging-cert
    key: fedora-messaging-the-new-hotness.crt
    privatefile: {{private}}/files/rabbitmq/{{env}}/pki/private/the-new-hotness.crt
    when: env != "staging"
  - role: openshift/object
    app: the-new-hotness
--- a/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml
+++ b/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml
@ -35,22 +35,28 @@ items:
            - name: config-volume
              mountPath: /etc/fedora-messaging
              readOnly: true
-#           - name: fedmsg-key-volume
+            - name: fedora-messaging-ca-volume
-#             mountPath: /etc/pki/fedmsg/key
+              mountPath: /etc/pki/rabbitmq/ca
-#             readOnly: true
+              readOnly: true
-#           - name: fedmsg-crt-volume
+            - name: fedora-messaging-key-volume
-#             mountPath: /etc/pki/fedmsg/crt
+              mountPath: /etc/pki/rabbitmq/key
-#             readOnly: true
+              readOnly: true
            - name: fedora-messaging-cert-volume
              mountPath: /etc/pki/rabbitmq/cert
              readOnly: true
        volumes:
        - name: config-volume
          configMap:
            name: the-new-hotness-configmap
-#       - name: fedmsg-key-volume
+        - name: fedora-messaging-ca-volume
-#         secret:
+          secret:
-#           secretName: release-monitoring-fedmsg-key
+            secretName: release-monitoring-fedora-messaging-ca
-#       - name: fedmsg-crt-volume
+        - name: fedora-messaging-key-volume
-#         secret:
+          secret:
-#           secretName: release-monitoring-fedmsg-cert
+            secretName: release-monitoring-fedora-messaging-key
        - name: fedora-messaging-cert-volume
          secret:
            secretName: release-monitoring-fedora-messaging-cert
    triggers:
    - imageChangeParams:
        automatic: true
--- a/roles/openshift-apps/the-new-hotness/templates/configmap.yml
+++ b/roles/openshift-apps/the-new-hotness/templates/configmap.yml
@ -33,9 +33,9 @@ items:
        ]
        [tls]
-        ca_cert = ""
+        ca_cert = "/etc/pki/rabbitmq/ca/ca.crt"
-        keyfile = ""
+        keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-release-monitoring.key"
-        certfile = ""
+        certfile = "/etc/pki/rabbitmq/crt/fedora-messaging-release-monitoring.crt"
        [client_properties]
        app = "the-new-hotness"