From 4b0b3acc58a3152df90d91800f5089d2c662b6b9 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 25 Apr 2019 10:40:30 +0200 Subject: [PATCH] mdapi: Add fedora-messaging configuration to OpenShift app Signed-off-by: Clement Verna --- playbooks/openshift-apps/mdapi.yml | 21 +++++++++++ roles/openshift-apps/mdapi/files/cron.yml | 30 ++++++++++++---- .../mdapi/templates/config.toml | 22 ++++++++++++ .../mdapi/templates/configmap.yml | 35 ++++++------------- .../openshift-apps/mdapi/templates/mdapi.cfg | 10 ++++++ 5 files changed, 88 insertions(+), 30 deletions(-) create mode 100644 roles/openshift-apps/mdapi/templates/config.toml create mode 100644 roles/openshift-apps/mdapi/templates/mdapi.cfg diff --git a/playbooks/openshift-apps/mdapi.yml b/playbooks/openshift-apps/mdapi.yml index 30bf6faabf..850c8d161c 100644 --- a/playbooks/openshift-apps/mdapi.yml +++ b/playbooks/openshift-apps/mdapi.yml @@ -9,6 +9,9 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: + - role: rabbit/user + username: "mdapi{{ env_suffix }}" + - role: openshift/project app: mdapi description: mdapi is a small API exposing the metadata contained in different RPM repositories. @@ -36,6 +39,24 @@ template: configmap.yml objectname: configmap.yml + - role: openshift/secret-file + app: mdapi + secret_name: mdapi-fedora-messaging-key + key: mdapi.key + privatefile: "rabbitmq/{{env}}/pki/private/mdapi{{env_suffix}}.key" + + - role: openshift/secret-file + app: mdapi + secret_name: mdapi-fedora-messaging-crt + key: mdapi.crt + privatefile: "rabbitmq/{{env}}/pki/issued/mdapi{{env_suffix}}.crt" + + - role: openshift/secret-file + app: mdapi + secret_name: mdapi-fedora-messaging-ca + key: mdapi.ca + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/object app: mdapi file: cron.yml diff --git a/roles/openshift-apps/mdapi/files/cron.yml b/roles/openshift-apps/mdapi/files/cron.yml index 7acc472aff..195d7e0759 100644 --- a/roles/openshift-apps/mdapi/files/cron.yml +++ b/roles/openshift-apps/mdapi/files/cron.yml @@ -17,13 +17,22 @@ spec: image: docker-registry.default.svc:5000/mdapi/mdapi:latest command: ["bash", "-c", "/code/mdapi/mdapi-get_repo_md /etc/mdapi/mdapi.cfg; echo failed"] volumeMounts: - - mountPath: /etc/mdapi - name: config-volume + - name: config-volume + mountPath: /etc/mdapi readOnly: true - - mountPath: /var/tmp - name: data-volume - - mountPath: /etc/fedora-messaging/ - name: fedora-messaging-config-volume + - name: data-volume + mountPath: /var/tmp + - name: fedora-messaging-config-volume + mountPath: /etc/fedora-messaging/ + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: /etc/pki/rabbitmq/crt readOnly: true restartPolicy: Never volumes: @@ -37,3 +46,12 @@ spec: - name: fedora-messaging-config-volume configMap: name: fedora-messaging-configmap + - name: fedora-messaging-ca-volume + secret: + secretName: mdapi-fedora-messaging-ca + - name: fedora-messaging-key-volume + secret: + secretName: mdapi-fedora-messaging-key + - name: fedora-messaging-crt-volume + secret: + secretName: mdapi-fedora-messaging-crt diff --git a/roles/openshift-apps/mdapi/templates/config.toml b/roles/openshift-apps/mdapi/templates/config.toml new file mode 100644 index 0000000000..23357a2125 --- /dev/null +++ b/roles/openshift-apps/mdapi/templates/config.toml @@ -0,0 +1,22 @@ +amqp_url = "amqps://mdapi{{ env_suffix }}.fedoraproject.org:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +publish_exchange = "amq.topic" +passive_declares = true + +[tls] +ca_cert = "/etc/pki/rabbitmq/ca/mdapi.ca" +keyfile = "/etc/pki/rabbitmq/key/mdapi.key" +certfile = "/etc/pki/rabbitmq/crt/mdapi.crt" + +[client_properties] +app = "mdapi" + +[qos] +prefetch_size = 0 +prefetch_count = 25 diff --git a/roles/openshift-apps/mdapi/templates/configmap.yml b/roles/openshift-apps/mdapi/templates/configmap.yml index 913e95f371..c773aab818 100644 --- a/roles/openshift-apps/mdapi/templates/configmap.yml +++ b/roles/openshift-apps/mdapi/templates/configmap.yml @@ -1,3 +1,4 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} --- apiVersion: v1 kind: ConfigMap @@ -7,28 +8,14 @@ metadata: app: mdapi data: mdapi.cfg: |- - HOST = '*' - PORT = '8080' - DL_VERIFY = False -{% if env == 'staging' %} - KOJI_REPO = 'https://koji.stg.fedoraproject.org/repos/' - DL_SERVER = 'http://dl.phx2.fedoraproject.org' -{% else %} - KOJI_REPO = 'https://koji.fedoraproject.org/repos/' - DL_SERVER = 'http://dl.phx2.fedoraproject.org' -{% endif %} + {{ load_file('mdapi.cfg') | indent }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fedora-messaging-configmap + labels: + app: mdapi +data: config.toml: |- - amqp_url = "amqps://messaging-bridge{{ env_suffix }}.fedoraproject.org:@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/%2Fpubsub" - publish_exchange = "amq.topic" - - [tls] - ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt" - keyfile = "/etc/pki/rabbitmq/key/rabbitmq-NAME_OF_CERT.key" - certfile = "/etc/pki/rabbitmq/crt/rabbitmq-NAME_OF_CERT.crt" - - [client_properties] - app = "mdapi" - - [qos] - prefetch_size = 0 - prefetch_count = 25 + {{ load_file('config.toml') | indent }} diff --git a/roles/openshift-apps/mdapi/templates/mdapi.cfg b/roles/openshift-apps/mdapi/templates/mdapi.cfg new file mode 100644 index 0000000000..27eb9768e3 --- /dev/null +++ b/roles/openshift-apps/mdapi/templates/mdapi.cfg @@ -0,0 +1,10 @@ +HOST = '*' +PORT = '8080' +DL_VERIFY = False +{% if env == 'staging' %} +KOJI_REPO = 'https://koji.stg.fedoraproject.org/repos/' +DL_SERVER = 'http://dl.phx2.fedoraproject.org' +{% else %} +KOJI_REPO = 'https://koji.fedoraproject.org/repos/' +DL_SERVER = 'http://dl.phx2.fedoraproject.org' +{% endif %}