Try getting fedmsg certs in place in the container.

2017-10-19 01:21:40 +00:00 · 2017-10-19 01:21:40 +00:00 · fda1a9a101
commit fda1a9a101
parent 1cf99eb9fb
2 changed files with 17 additions and 1 deletions
--- a/roles/openshift-apps/greenwave/files/deploymentconfig.yml
+++ b/roles/openshift-apps/greenwave/files/deploymentconfig.yml
@ -26,6 +26,12 @@ spec:
        - name: config-volume
          mountPath: /etc/greenwave
          readOnly: true
+        - name: fedmsg-key-volume
+          mountPath: /etc/pki/fedmsg/key
+          readOnly: true
+        - name: fedmsg-crt-volume
+          mountPath: /etc/pki/fedmsg/crt
+          readOnly: true
        readinessProbe:
          timeoutSeconds: 1
          initialDelaySeconds: 5
@ -45,6 +51,13 @@ spec:
      - name: config-volume
        configMap:
          name: greenwave-configmap
+      # This secret volume gets set up in the playbook
+      - name: fedmsg-key-volume
+        secret:
+          secretName: greenwave-fedmsg-key
+      - name: fedmsg-crt-volume
+        secret:
+          secretName: greenwave-fedmsg-crt
  triggers:
  - type: ImageChange
    imageChangeParams:
@ -102,4 +115,4 @@ spec:
        kind: ImageStreamTag
        name: greenwave:latest
  - type: ConfigChange
- 
+ 
--- a/roles/openshift-apps/greenwave/templates/buildconfig.yml
+++ b/roles/openshift-apps/greenwave/templates/buildconfig.yml
@ -23,6 +23,9 @@ spec:
          https://kojipkgs.fedoraproject.org//packages/greenwave/0.3/2.fc26/noarch/greenwave-0.3-2.fc26.noarch.rpm
      # create a symlink for configuring the fedmsg consumers.
      RUN ln -sfn /etc/fedmsg-greenwave.d/greenwave.py /etc/fedmsg.d/greenwave.py
+      # And another two for putting the certs in place.
+      RUN ln -sfn /etc/pki/fedmsg/key/fedmsg-greenwave.key /etc/pki/fedmsg/greenwave.key
+      RUN ln -sfn /etc/pki/fedmsg/crt/fedmsg-greenwave.crt /etc/pki/fedmsg/greenwave.crt
      EXPOSE 8080
      ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- greenwave.wsgi:app
  strategy: