infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

mdapi: Add fedora-messaging configuration to OpenShift app

Browse source 
Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna 2019-04-25 10:40:30 +02:00
parent dde66ebd39
commit 4b0b3acc58
5 changed files with 88 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

21
playbooks/openshift-apps/mdapi.yml
View file

@ -9,6 +9,9 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles: roles:
- role: rabbit/user
username: "mdapi{{ env_suffix }}"
- role: openshift/project - role: openshift/project
app: mdapi app: mdapi
description: mdapi is a small API exposing the metadata contained in different RPM repositories. description: mdapi is a small API exposing the metadata contained in different RPM repositories.
@ -36,6 +39,24 @@
template: configmap.yml template: configmap.yml
objectname: configmap.yml objectname: configmap.yml
- role: openshift/secret-file
app: mdapi
secret_name: mdapi-fedora-messaging-key
key: mdapi.key
privatefile: "rabbitmq/{{env}}/pki/private/mdapi{{env_suffix}}.key"
- role: openshift/secret-file
app: mdapi
secret_name: mdapi-fedora-messaging-crt
key: mdapi.crt
privatefile: "rabbitmq/{{env}}/pki/issued/mdapi{{env_suffix}}.crt"
- role: openshift/secret-file
app: mdapi
secret_name: mdapi-fedora-messaging-ca
key: mdapi.ca
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
- role: openshift/object - role: openshift/object
app: mdapi app: mdapi
file: cron.yml file: cron.yml

30
roles/openshift-apps/mdapi/files/cron.yml
View file

@ -17,13 +17,22 @@ spec:
image: docker-registry.default.svc:5000/mdapi/mdapi:latest image: docker-registry.default.svc:5000/mdapi/mdapi:latest
command: ["bash", "-c", "/code/mdapi/mdapi-get_repo_md /etc/mdapi/mdapi.cfg; echo failed"] command: ["bash", "-c", "/code/mdapi/mdapi-get_repo_md /etc/mdapi/mdapi.cfg; echo failed"]
volumeMounts: volumeMounts:
- mountPath: /etc/mdapi - name: config-volume
name: config-volume mountPath: /etc/mdapi
readOnly: true readOnly: true
- mountPath: /var/tmp - name: data-volume
name: data-volume mountPath: /var/tmp
- mountPath: /etc/fedora-messaging/ - name: fedora-messaging-config-volume
name: fedora-messaging-config-volume mountPath: /etc/fedora-messaging/
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: fedora-messaging-crt-volume
mountPath: /etc/pki/rabbitmq/crt
readOnly: true readOnly: true
restartPolicy: Never restartPolicy: Never
volumes: volumes:
@ -37,3 +46,12 @@ spec:
- name: fedora-messaging-config-volume - name: fedora-messaging-config-volume
configMap: configMap:
name: fedora-messaging-configmap name: fedora-messaging-configmap
- name: fedora-messaging-ca-volume
secret:
secretName: mdapi-fedora-messaging-ca
- name: fedora-messaging-key-volume
secret:
secretName: mdapi-fedora-messaging-key
- name: fedora-messaging-crt-volume
secret:
secretName: mdapi-fedora-messaging-crt

22
roles/openshift-apps/mdapi/templates/config.toml Normal file
View file

@ -0,0 +1,22 @@
amqp_url = "amqps://mdapi{{ env_suffix }}.fedoraproject.org:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
{% if env == "staging" %}
topic_prefix = "org.fedoraproject.stg"
{% else %}
topic_prefix = "org.fedoraproject.prod"
{% endif %}
publish_exchange = "amq.topic"
passive_declares = true
[tls]
ca_cert = "/etc/pki/rabbitmq/ca/mdapi.ca"
keyfile = "/etc/pki/rabbitmq/key/mdapi.key"
certfile = "/etc/pki/rabbitmq/crt/mdapi.crt"
[client_properties]
app = "mdapi"
[qos]
prefetch_size = 0
prefetch_count = 25

35
roles/openshift-apps/mdapi/templates/configmap.yml
View file

@ -1,3 +1,4 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@ -7,28 +8,14 @@ metadata:
app: mdapi app: mdapi
data: data:
mdapi.cfg: |- mdapi.cfg: |-
HOST = '*' {{ load_file('mdapi.cfg') | indent }}
PORT = '8080' ---
DL_VERIFY = False apiVersion: v1
{% if env == 'staging' %} kind: ConfigMap
KOJI_REPO = 'https://koji.stg.fedoraproject.org/repos/' metadata:
DL_SERVER = 'http://dl.phx2.fedoraproject.org' name: fedora-messaging-configmap
{% else %} labels:
KOJI_REPO = 'https://koji.fedoraproject.org/repos/' app: mdapi
DL_SERVER = 'http://dl.phx2.fedoraproject.org' data:
{% endif %}
config.toml: |- config.toml: |-
amqp_url = "amqps://messaging-bridge{{ env_suffix }}.fedoraproject.org:@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/%2Fpubsub" {{ load_file('config.toml') | indent }}
publish_exchange = "amq.topic"
[tls]
ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt"
keyfile = "/etc/pki/rabbitmq/key/rabbitmq-NAME_OF_CERT.key"
certfile = "/etc/pki/rabbitmq/crt/rabbitmq-NAME_OF_CERT.crt"
[client_properties]
app = "mdapi"
[qos]
prefetch_size = 0
prefetch_count = 25

10
roles/openshift-apps/mdapi/templates/mdapi.cfg Normal file
View file

@ -0,0 +1,10 @@
HOST = '*'
PORT = '8080'
DL_VERIFY = False
{% if env == 'staging' %}
KOJI_REPO = 'https://koji.stg.fedoraproject.org/repos/'
DL_SERVER = 'http://dl.phx2.fedoraproject.org'
{% else %}
KOJI_REPO = 'https://koji.fedoraproject.org/repos/'
DL_SERVER = 'http://dl.phx2.fedoraproject.org'
{% endif %}