openscanhub: add configurations for Fedora messaging

Resolves: https://pagure.io/fedora-infrastructure/issue/11853

Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>

playbooks/openshift-apps/openscanhub.yml

@@ -128,6 +128,26 @@
     template: service-resalloc-server.yml
     objectname: service-resalloc-server
 
+  # Configurations for Fedora messaging
+  - role: rabbit/user
+    username: "openscanhub{{ env_suffix }}"
+    sent_topics: ^org\.fedoraproject\.{{ env_short }}\.openscanhub\..*
+  - role: openshift/secret-file
+    app: openscanhub
+    secret_name: openscanhub-fedora-messaging-ca
+    key: fedora-messaging-openscanhub-ca.crt
+    privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+  - role: openshift/secret-file
+    app: openscanhub
+    secret_name: openscanhub-fedora-messaging-key
+    key: fedora-messaging-openscanhub.key
+    privatefile: "rabbitmq/{{env}}/pki/private/openscanhub{{env_suffix}}.key"
+  - role: openshift/secret-file
+    app: openscanhub
+    secret_name: openscanhub-fedora-messaging-cert
+    key: fedora-messaging-openscanhub.crt
+    privatefile: "rabbitmq/{{env}}/pki/issued/openscanhub{{env_suffix}}.crt"
+
     # sudo rbac-playbook -l staging -t delete openshift-apps/openscanhub.yml
   - role: openshift/object-delete
     app: openscanhub

roles/openshift-apps/openscanhub/templates/deployment-fedora-osh-hub.yml

@@ -40,6 +40,21 @@ spec:
           - mountPath: /etc/osh/worker-manager/id_rsa
             name: aws-openscanhub-key
             subPath: id_rsa
+
+          # Fedora messaging configurations
+          - name: fedora-messaging-config-volume
+            mountPath: /etc/fedora-messaging
+            readOnly: true
+          - name: fedora-messaging-ca-volume
+            mountPath: /etc/pki/rabbitmq/ca
+            readOnly: true
+          - name: fedora-messaging-key-volume
+            mountPath: /etc/pki/rabbitmq/key
+            readOnly: true
+          - name: fedora-messaging-cert-volume
+            mountPath: /etc/pki/rabbitmq/cert
+            readOnly: true
+
         livenessProbe:
           exec:
             command:
@@ -69,3 +84,17 @@ spec:
           secret:
             defaultMode: 400
             secretName: aws-openscanhub-key
+
+        # Fedora messaging configurations
+        - name: fedora-messaging-config-volume
+          configMap:
+            name: fedora-messaging-configmap
+        - name: fedora-messaging-ca-volume
+          secret:
+            secretName: openscanhub-fedora-messaging-ca
+        - name: fedora-messaging-key-volume
+          secret:
+            secretName: openscanhub-fedora-messaging-key
+        - name: fedora-messaging-cert-volume
+          secret:
+            secretName: openscanhub-fedora-messaging-cert

roles/openshift-apps/openscanhub/templates/fedora-messaging-config.toml

@@ -0,0 +1,8 @@
+amqp_url = "amqps://openscanhub:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+topic_prefix = "org.fedoraproject.{{ env_short }}.openscanhub"
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/ca/fedora-messaging-openscanhub-ca.crt"
+keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-openscanhub.key"
+certfile = "/etc/pki/rabbitmq/cert/fedora-messaging-openscanhub.crt"

roles/openshift-apps/openscanhub/templates/fedora-messaging-configmap.yml

@@ -0,0 +1,11 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: fedora-messaging-configmap
+    labels:
+      app: openscanhub
+  data:
+    fedora-messaging-config.toml: |-
+      {{ load_file('fedora-messaging-config.toml') | indent(6) }}