fedora-infra / ansible

Clone
Source Code
GIT

#2244 openscanhub: add configurations for Fedora messaging
Merged 6 months ago by zlopez. Opened 6 months ago by svashisht.
fedora-infra/ svashisht/ansible fedora-infra-11853  into  main

file modified
+20 
@@ -128,6 +128,26 @@ 
 

      template: service-resalloc-server.yml
 

      objectname: service-resalloc-server
 

  

+   # Configurations for Fedora messaging
 

+   - role: rabbit/user
 

+     username: "openscanhub{{ env_suffix }}"
 

+     sent_topics: ^org\.fedoraproject\.{{ env_short }}\.openscanhub\..*
 

+   - role: openshift/secret-file
 

+     app: openscanhub
 

+     secret_name: openscanhub-fedora-messaging-ca
 

+     key: fedora-messaging-openscanhub-ca.crt
 

+     privatefile: "rabbitmq/{{env}}/pki/ca.crt"
 

+   - role: openshift/secret-file
 

+     app: openscanhub
 

+     secret_name: openscanhub-fedora-messaging-key
 

+     key: fedora-messaging-openscanhub.key
 

+     privatefile: "rabbitmq/{{env}}/pki/private/openscanhub{{env_suffix}}.key"
 

+   - role: openshift/secret-file
 

+     app: openscanhub
 

+     secret_name: openscanhub-fedora-messaging-cert
 

+     key: fedora-messaging-openscanhub.crt
 

+     privatefile: "rabbitmq/{{env}}/pki/issued/openscanhub{{env_suffix}}.crt"
 

+ 

      # sudo rbac-playbook -l staging -t delete openshift-apps/openscanhub.yml
 

    - role: openshift/object-delete
 

      app: openscanhub

file modified
+29 
@@ -40,6 +40,21 @@ 
 

            - mountPath: /etc/osh/worker-manager/id_rsa
 

              name: aws-openscanhub-key
 

              subPath: id_rsa
 

+ 

+           # Fedora messaging configurations
 

+           - name: fedora-messaging-config-volume
 

+             mountPath: /etc/fedora-messaging
 

+             readOnly: true
 

+           - name: fedora-messaging-ca-volume
 

+             mountPath: /etc/pki/rabbitmq/ca
 

+             readOnly: true
 

+           - name: fedora-messaging-key-volume
 

+             mountPath: /etc/pki/rabbitmq/key
 

+             readOnly: true
 

+           - name: fedora-messaging-cert-volume
 

+             mountPath: /etc/pki/rabbitmq/cert
 

+             readOnly: true
 

+ 

          livenessProbe:
 

            exec:
 

              command:
 
@@ -69,3 +84,17 @@ 
 

            secret:
 

              defaultMode: 400
 

              secretName: aws-openscanhub-key
 

+ 

+         # Fedora messaging configurations
 

+         - name: fedora-messaging-config-volume
 

+           configMap:
 

+             name: fedora-messaging-configmap
 

+         - name: fedora-messaging-ca-volume
 

+           secret:
 

+             secretName: openscanhub-fedora-messaging-ca
 

+         - name: fedora-messaging-key-volume
 

+           secret:
 

+             secretName: openscanhub-fedora-messaging-key
 

+         - name: fedora-messaging-cert-volume
 

+           secret:
 

+             secretName: openscanhub-fedora-messaging-cert

file added
+8 
@@ -0,0 +1,8 @@ 
 

+ amqp_url = "amqps://openscanhub:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
 

+ 

+ topic_prefix = "org.fedoraproject.{{ env_short }}.openscanhub"
 

+ 

+ [tls]
 

+ ca_cert = "/etc/pki/rabbitmq/ca/fedora-messaging-openscanhub-ca.crt"
 

+ keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-openscanhub.key"
 

+ certfile = "/etc/pki/rabbitmq/cert/fedora-messaging-openscanhub.crt"

file added
+11 
@@ -0,0 +1,11 @@ 
 

+ {% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
 

+ ---
 

+ - apiVersion: v1
 

+   kind: ConfigMap
 

+   metadata:
 

+     name: fedora-messaging-configmap
 

+     labels:
 

+       app: openscanhub
 

+   data:
 

+     fedora-messaging-config.toml: |-
 

+       {{ load_file('fedora-messaging-config.toml') | indent(6) }}

Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.