openshift-apps/coreos-ostree-importer: add support for fedora messaging

This adds in configs and secrets for fedora messaging so we can consume and publish messages as part of our normal coreos-ostree-importer life cycle.
2020-02-14 15:38:31 -05:00 · 2020-02-14 15:38:31 -05:00 · c06955ee41
commit c06955ee41
parent cc7b7fe630
4 changed files with 175 additions and 0 deletions
--- a/playbooks/openshift-apps/coreos-ostree-importer.yml
+++ b/playbooks/openshift-apps/coreos-ostree-importer.yml
@ -8,6 +8,15 @@
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

+  vars:
+    - fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}"
+    - fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}"
+    - fedora_messaging_routing_keys:
+      - "org.fedoraproject.*.coreos.build.request.ostree-import"
+    - fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem"
+    - fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem"
+    - fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem"
+
  roles:
  - role: openshift/project
    app: coreos-ostree-importer
@ -17,6 +26,40 @@
    - jlebon
    - kevin

+  # Fedora Messaging User/Queue information
+  - role: rabbit/user
+    username: "{{ fedora_messaging_username }}"
+  - role: rabbit/queue
+    username: "{{ fedora_messaging_username }}"
+    queue_name: "{{ fedora_messaging_queue_name }}"
+    routing_keys: "{{ fedora_messaging_routing_keys }}"
+    thresholds:
+      warning: 10
+      critical: 100
+
+  # Fedora Messaging secrets
+  - role: openshift/secret-file
+    app: coreos-ostree-importer
+    secret_name: fedora-messaging-ca
+    key: "{{ fedora_messaging_ca_file }}"
+    privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+  - role: openshift/secret-file
+    app: coreos-ostree-importer
+    secret_name: fedora-messaging-crt
+    key: "{{ fedora_messaging_cert_file }}"
+    privatefile: "rabbitmq/{{env}}/pki/issued/coreos-ostree-importer-{{env_suffix}}.crt"
+  - role: openshift/secret-file
+    app: coreos-ostree-importer
+    secret_name: fedora-messaging-key
+    key: "{{ fedora_messaging_key_file }}"
+    privatefile: "rabbitmq/{{env}}/pki/private/coreos-ostree-importer-{{env_suffix}}.key"
+
+  # Fedora Messaging config
+  - role: openshift/object
+    app: coreos-ostree-importer
+    template: configmap.yml
+    objectname: configmap.yml
+
  - role: openshift/object
    app: coreos-ostree-importer
    template: imagestream.yml
--- a/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml
+++ b/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml
@ -0,0 +1,12 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-messaging-configmap
+  labels:
+    app: coreos-ostree-importer
+data:
+  config.toml: |-
+    {{ load_file('fedora-messaging.toml') | indent }}
+
--- a/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml
@ -25,6 +25,21 @@ spec:
        volumeMounts:
        - name: fedora-ostree-content-volume
          mountPath: /mnt/koji
+        - name: fedora-messaging-config
+          mountPath: /etc/fedora-messaging
+          readOnly: true
+        - name: fedora-messaging-ca
+          mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
+          subPath: "{{ fedora_messaging_ca_file }}"
+          readOnly: true
+        - name: fedora-messaging-crt
+          mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
+          subPath: "{{ fedora_messaging_cert_file }}"
+          readOnly: true
+        - name: fedora-messaging-key
+          mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
+          subPath: "{{ fedora_messaging_key_file }}"
+          readOnly: true
        image: ""
        imagePullPolicy: IfNotPresent
        resources: {}
@ -32,6 +47,18 @@ spec:
      - name: fedora-ostree-content-volume
        persistentVolumeClaim:
          claimName: fedora-ostree-content-volume
+      - name: fedora-messaging-config-volume
+        configMap:
+          name: fedora-messaging-configmap
+      - name: fedora-messaging-ca-volume
+        secret:
+          secretName: fedora-messaging-ca
+      - name: fedora-messaging-crt-volume
+        secret:
+          secretName: fedora-messaging-crt
+      - name: fedora-messaging-key-volume
+        secret:
+          secretName: fedora-messaging-key
      restartPolicy: Always
  test: false
  triggers:
--- a/roles/openshift-apps/coreos-ostree-importer/templates/fedora-messaging.toml
+++ b/roles/openshift-apps/coreos-ostree-importer/templates/fedora-messaging.toml
@ -0,0 +1,93 @@
+# Broker address
+amqp_url = "amqps://{{ fedora_messaging_username }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
+keyfile = "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
+certfile = "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
+
+# Set the Application name/url/email
+[client_properties]
+app = "CoreOS OSTree Importer"
+app_url = "https://github.com/coreos/fedora-coreos-releng-automation/tree/master/coreos-ostree-importer"
+app_contacts_email = ["coreos@lists.fedoraproject.org"]
+
+[exchanges."amq.topic"]
+type = "topic"
+durable = true
+auto_delete = false
+arguments = {}
+
+# We'll use the coreos queue name
+[queues."{{ fedora_messaging_queue_name }}"]
+durable = true
+auto_delete = false
+exclusive = true
+arguments = {}
+
+# We care about the ostree-import message topic
+[[bindings]]
+queue = "{{ fedora_messaging_queue_name }}"
+exchange = "amq.topic"
+routing_keys = [
+{% for key in fedora_messaging_routing_keys %}
+    "{{ key }}",
+{% endfor %}
+]
+
+[consumer_config]
+example_key = "for my consumer"
+
+[qos]
+prefetch_size = 0
+prefetch_count = 25
+
+[log_config]
+version = 1
+disable_existing_loggers = true
+
+# Adjust the log formatting based on preference
+[log_config.formatters.simple]
+format = "%(asctime)s %(levelname)s %(name)s - %(message)s"
+
+[log_config.handlers.console]
+class = "logging.StreamHandler"
+formatter = "simple"
+stream = "ext://sys.stdout"
+
+# Set level to WARNING, otherwise too chatty
+[log_config.loggers.fedora_messaging]
+level = "WARNING"
+propagate = false
+handlers = ["console"]
+
+# Set level to WARNING, otherwise too chatty
+[log_config.loggers.twisted]
+level = "WARNING"
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.pika]
+level = "WARNING"
+propagate = false
+handlers = ["console"]
+
+# If your consumer sets up a logger, you must add a configuration for it
+# here in order for the messages to show up. e.g. if it set up a logger
+# called 'example_printer', you could do:
+#[log_config.loggers.example_printer]
+#level = "INFO"
+#propagate = false
+#handlers = ["console"]
+
+[log_config.root]
+level = "ERROR"
+handlers = ["console"]