mdapi: Add fedora-messaging configuration to OpenShift app

Signed-off-by: Clement Verna <cverna@tutanota.com>

playbooks/openshift-apps/mdapi.yml

@@ -9,6 +9,9 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
+  - role: rabbit/user
+    username: "mdapi{{ env_suffix }}"
+
   - role: openshift/project
     app: mdapi
     description: mdapi is a small API exposing the metadata contained in different RPM repositories.
@@ -36,6 +39,24 @@
     template: configmap.yml
     objectname: configmap.yml
 
+  - role: openshift/secret-file
+    app: mdapi
+    secret_name: mdapi-fedora-messaging-key
+    key: mdapi.key
+    privatefile: "rabbitmq/{{env}}/pki/private/mdapi{{env_suffix}}.key"
+
+  - role: openshift/secret-file
+    app: mdapi
+    secret_name: mdapi-fedora-messaging-crt
+    key: mdapi.crt
+    privatefile: "rabbitmq/{{env}}/pki/issued/mdapi{{env_suffix}}.crt"
+
+  - role: openshift/secret-file
+    app: mdapi
+    secret_name: mdapi-fedora-messaging-ca
+    key: mdapi.ca
+    privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+
   - role: openshift/object
     app: mdapi
     file: cron.yml

roles/openshift-apps/mdapi/files/cron.yml

@@ -17,13 +17,22 @@ spec:
             image: docker-registry.default.svc:5000/mdapi/mdapi:latest
             command: ["bash", "-c", "/code/mdapi/mdapi-get_repo_md /etc/mdapi/mdapi.cfg; echo failed"]
             volumeMounts:
-            - mountPath: /etc/mdapi
-              name: config-volume
+            - name: config-volume
+              mountPath: /etc/mdapi
               readOnly: true
-            - mountPath: /var/tmp
-              name: data-volume
-            - mountPath: /etc/fedora-messaging/
-              name: fedora-messaging-config-volume
+            - name: data-volume
+              mountPath: /var/tmp
+            - name: fedora-messaging-config-volume
+              mountPath: /etc/fedora-messaging/
+              readOnly: true
+            - name: fedora-messaging-ca-volume
+              mountPath: /etc/pki/rabbitmq/ca
+              readOnly: true
+            - name: fedora-messaging-key-volume
+              mountPath: /etc/pki/rabbitmq/key
+              readOnly: true
+            - name: fedora-messaging-crt-volume
+              mountPath: /etc/pki/rabbitmq/crt
               readOnly: true
           restartPolicy: Never
           volumes:
@@ -37,3 +46,12 @@ spec:
           - name: fedora-messaging-config-volume
             configMap:
               name: fedora-messaging-configmap
+          - name: fedora-messaging-ca-volume
+            secret:
+                secretName: mdapi-fedora-messaging-ca
+          - name: fedora-messaging-key-volume
+            secret:
+                secretName: mdapi-fedora-messaging-key
+          - name: fedora-messaging-crt-volume
+            secret:
+                secretName: mdapi-fedora-messaging-crt

roles/openshift-apps/mdapi/templates/config.toml

@@ -0,0 +1,22 @@
+amqp_url = "amqps://mdapi{{ env_suffix }}.fedoraproject.org:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+publish_exchange = "amq.topic"
+passive_declares = true
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/ca/mdapi.ca"
+keyfile = "/etc/pki/rabbitmq/key/mdapi.key"
+certfile = "/etc/pki/rabbitmq/crt/mdapi.crt"
+
+[client_properties]
+app = "mdapi"
+
+[qos]
+prefetch_size = 0
+prefetch_count = 25

roles/openshift-apps/mdapi/templates/configmap.yml

@@ -1,3 +1,4 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -7,28 +8,14 @@ metadata:
     app: mdapi
 data:
   mdapi.cfg: |-
-    HOST = '*'
-    PORT = '8080'
-    DL_VERIFY = False
-{% if env == 'staging' %}
-    KOJI_REPO = 'https://koji.stg.fedoraproject.org/repos/'
-    DL_SERVER = 'http://dl.phx2.fedoraproject.org'
-{% else %}
-    KOJI_REPO = 'https://koji.fedoraproject.org/repos/'
-    DL_SERVER = 'http://dl.phx2.fedoraproject.org'
-{% endif %}
+    {{ load_file('mdapi.cfg') | indent }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-messaging-configmap
+  labels:
+    app: mdapi
+data:
   config.toml: |-
-    amqp_url = "amqps://messaging-bridge{{ env_suffix }}.fedoraproject.org:@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/%2Fpubsub"
-    publish_exchange = "amq.topic"
-
-    [tls]
-    ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt"
-    keyfile = "/etc/pki/rabbitmq/key/rabbitmq-NAME_OF_CERT.key"
-    certfile = "/etc/pki/rabbitmq/crt/rabbitmq-NAME_OF_CERT.crt"
-
-    [client_properties]
-    app = "mdapi"
-
-    [qos]
-    prefetch_size = 0
-    prefetch_count = 25
+    {{ load_file('config.toml') | indent }}

roles/openshift-apps/mdapi/templates/mdapi.cfg

@@ -0,0 +1,10 @@
+HOST = '*'
+PORT = '8080'
+DL_VERIFY = False
+{% if env == 'staging' %}
+KOJI_REPO = 'https://koji.stg.fedoraproject.org/repos/'
+DL_SERVER = 'http://dl.phx2.fedoraproject.org'
+{% else %}
+KOJI_REPO = 'https://koji.fedoraproject.org/repos/'
+DL_SERVER = 'http://dl.phx2.fedoraproject.org'
+{% endif %}