infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

openshift-apps/coreos-ostree-importer: add support for fedora messaging

Browse source 
This adds in configs and secrets for fedora messaging so we can consume
and publish messages as part of our normal coreos-ostree-importer life
cycle.
This commit is contained in:
Dusty Mabe 2020-02-14 15:38:31 -05:00 committed by Pierre-Yves Chibon
parent cc7b7fe630
commit c06955ee41
4 changed files with 175 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
playbooks/openshift-apps/coreos-ostree-importer.yml
View file

@ -8,6 +8,15 @@
- "/srv/private/ansible/vars.yml" - "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
vars:
- fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}"
- fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}"
- fedora_messaging_routing_keys:
- "org.fedoraproject.*.coreos.build.request.ostree-import"
- fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem"
- fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem"
- fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem"
roles: roles:
- role: openshift/project - role: openshift/project
app: coreos-ostree-importer app: coreos-ostree-importer
@ -17,6 +26,40 @@
- jlebon - jlebon
- kevin - kevin
# Fedora Messaging User/Queue information
- role: rabbit/user
username: "{{ fedora_messaging_username }}"
- role: rabbit/queue
username: "{{ fedora_messaging_username }}"
queue_name: "{{ fedora_messaging_queue_name }}"
routing_keys: "{{ fedora_messaging_routing_keys }}"
thresholds:
warning: 10
critical: 100
# Fedora Messaging secrets
- role: openshift/secret-file
app: coreos-ostree-importer
secret_name: fedora-messaging-ca
key: "{{ fedora_messaging_ca_file }}"
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
- role: openshift/secret-file
app: coreos-ostree-importer
secret_name: fedora-messaging-crt
key: "{{ fedora_messaging_cert_file }}"
privatefile: "rabbitmq/{{env}}/pki/issued/coreos-ostree-importer-{{env_suffix}}.crt"
- role: openshift/secret-file
app: coreos-ostree-importer
secret_name: fedora-messaging-key
key: "{{ fedora_messaging_key_file }}"
privatefile: "rabbitmq/{{env}}/pki/private/coreos-ostree-importer-{{env_suffix}}.key"
# Fedora Messaging config
- role: openshift/object
app: coreos-ostree-importer
template: configmap.yml
objectname: configmap.yml
- role: openshift/object - role: openshift/object
app: coreos-ostree-importer app: coreos-ostree-importer
template: imagestream.yml template: imagestream.yml

12
roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml Normal file
View file

@ -0,0 +1,12 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fedora-messaging-configmap
labels:
app: coreos-ostree-importer
data:
config.toml: |-
{{ load_file('fedora-messaging.toml') | indent }}

27
roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml
View file

@ -25,6 +25,21 @@ spec:
volumeMounts: volumeMounts:
- name: fedora-ostree-content-volume - name: fedora-ostree-content-volume
mountPath: /mnt/koji mountPath: /mnt/koji
- name: fedora-messaging-config
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
subPath: "{{ fedora_messaging_ca_file }}"
readOnly: true
- name: fedora-messaging-crt
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
subPath: "{{ fedora_messaging_cert_file }}"
readOnly: true
- name: fedora-messaging-key
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
subPath: "{{ fedora_messaging_key_file }}"
readOnly: true
image: "" image: ""
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: {} resources: {}
@ -32,6 +47,18 @@ spec:
- name: fedora-ostree-content-volume - name: fedora-ostree-content-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: fedora-ostree-content-volume claimName: fedora-ostree-content-volume
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-configmap
- name: fedora-messaging-ca-volume
secret:
secretName: fedora-messaging-ca
- name: fedora-messaging-crt-volume
secret:
secretName: fedora-messaging-crt
- name: fedora-messaging-key-volume
secret:
secretName: fedora-messaging-key
restartPolicy: Always restartPolicy: Always
test: false test: false
triggers: triggers:

93
roles/openshift-apps/coreos-ostree-importer/templates/fedora-messaging.toml Normal file
View file

@ -0,0 +1,93 @@
# Broker address
amqp_url = "amqps://{{ fedora_messaging_username }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
# The topic_prefix configuration value will add a prefix to the topics of every sent message.
# This is used for migrating from fedmsg, and should not be used afterwards.
{% if env == "staging" %}
topic_prefix = "org.fedoraproject.stg"
{% else %}
topic_prefix = "org.fedoraproject.prod"
{% endif %}
[tls]
ca_cert = "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
keyfile = "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
certfile = "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
# Set the Application name/url/email
[client_properties]
app = "CoreOS OSTree Importer"
app_url = "https://github.com/coreos/fedora-coreos-releng-automation/tree/master/coreos-ostree-importer"
app_contacts_email = ["coreos@lists.fedoraproject.org"]
[exchanges."amq.topic"]
type = "topic"
durable = true
auto_delete = false
arguments = {}
# We'll use the coreos queue name
[queues."{{ fedora_messaging_queue_name }}"]
durable = true
auto_delete = false
exclusive = true
arguments = {}
# We care about the ostree-import message topic
[[bindings]]
queue = "{{ fedora_messaging_queue_name }}"
exchange = "amq.topic"
routing_keys = [
{% for key in fedora_messaging_routing_keys %}
"{{ key }}",
{% endfor %}
]
[consumer_config]
example_key = "for my consumer"
[qos]
prefetch_size = 0
prefetch_count = 25
[log_config]
version = 1
disable_existing_loggers = true
# Adjust the log formatting based on preference
[log_config.formatters.simple]
format = "%(asctime)s %(levelname)s %(name)s - %(message)s"
[log_config.handlers.console]
class = "logging.StreamHandler"
formatter = "simple"
stream = "ext://sys.stdout"
# Set level to WARNING, otherwise too chatty
[log_config.loggers.fedora_messaging]
level = "WARNING"
propagate = false
handlers = ["console"]
# Set level to WARNING, otherwise too chatty
[log_config.loggers.twisted]
level = "WARNING"
propagate = false
handlers = ["console"]
[log_config.loggers.pika]
level = "WARNING"
propagate = false
handlers = ["console"]
# If your consumer sets up a logger, you must add a configuration for it
# here in order for the messages to show up. e.g. if it set up a logger
# called 'example_printer', you could do:
#[log_config.loggers.example_printer]
#level = "INFO"
#propagate = false
#handlers = ["console"]
[log_config.root]
level = "ERROR"
handlers = ["console"]