PR#66: Batcave: add support for fedora-messaging - fedora-infra/ansible

fedora-infra / ansible

#66 Batcave: add support for fedora-messaging

Merged 3 years ago by pingou. Opened 3 years ago by pingou.

fedora-infra/ pingou/ansible master into master

Batcave: add support for fedora-messaging

Pierre-Yves Chibon • 3 years ago

a21b274

file modified

		`@@ -38,6 +38,9 @@`
		`- role: rabbit/user`
		`username: "mirror_pagure_ansible{{ env_suffix }}"`
		`when: datacenter != 'iad2'`
		`+ - role: rabbit/user`
		`+ username: "batcave{{ env_suffix }}"`
		`+ when: datacenter != 'iad2'`
		`- role: rabbit/queue`
		`username: "mirror_pagure_ansible{{ env_suffix }}"`
		`queue_name: "mirror_pagure_ansible{{ env_suffix }}"`

roles/batcave/tasks/main.yml

file modified

+46

		`@@ -52,6 +52,7 @@`
		`- easy-rsa # For easy copying into ansible-private for certs.`
		`- dnf # To get dnf reposync`
		`- dnf-plugins-core # To get dnf reposync`
		`+ - fedora-messaging # To send/receive messages on the amqp bus`
		`tags:`
		`- batcave`
		`- config`
		`@@ -80,6 +81,7 @@`
		`- easy-rsa # For easy copying into ansible-private for certs.`
		`- dnf # To get dnf reposync`
		`- dnf-plugins-core # To get dnf reposync`
		`+ - fedora-messaging # To send/receive messages on the amqp bus`
		`tags:`
		`- batcave`
		`- config`
		`@@ -168,6 +170,50 @@`
		`- config`

		`#`
		`+ # fedora-messaging configuration file for the applications sending messages from`
		`+ # batcave`
		`+ #`
		`+`
		`+ - name: install the fedora-messaging configuration file`
		`+ template: src=batcave-messaging.toml dest=/etc/fedora-messaging/batcave-messaging.toml`
		`+ tags:`
		`+ - batcave`
		`+ - config`
		`+ - fedora-messaging`
		`+`
		`+ - name: create folder where we'll place the certs`
		`+ file: path=/etc/pki/rabbitmq/ owner=root group=root mode=0755 state=directory`
		`+ tags:`
		`+ - batcave`
		`+ - config`
		`+ - fedora-messaging`
		`+`
		`+ - name: install the rabbitmq certificates for batcave`
		`+ copy: src={{ item.src }}`
		`+ dest=/etc/pki/rabbitmq/{{ item.dest }}`
		`+ owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}`
		`+ with_items:`
		`+ - src: "{{private}}/files/rabbitmq/{{ env }}/pki/issued/batcave{{ env_suffix }}.crt"`
		`+ dest: batcave.crt`
		`+ owner: root`
		`+ group: root`
		`+ mode: "444"`
		`+ - src: "{{private}}/files/rabbitmq/{{ env }}/pki/private/batcave{{ env_suffix }}.key"`
		`+ dest: batcave.key`
		`+ owner: root`
		`+ group: root`
		`+ mode: "440"`
		`+ - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt"`
		`+ dest: batcave.ca`
		`+ owner: root`
		`+ group: root`
		`+ mode: "444"`
		`+ tags:`
		`+ - batcave`
		`+ - config`
		`+ - fedora-messaging`
		`+`
		`+ #`
		`# Scripts`
		`#`

roles/batcave/templates/batcave-messaging.toml

file added

+23

		`@@ -0,0 +1,23 @@`
		`+ # A sample configuration for fedora-messaging. This file is in the TOML format.`
		`+ # For complete details on all configuration options, see the documentation.`
		`+ # https://fedora-messaging.readthedocs.io/en/stable/configuration.html`
		`+`
		`+ # Broker address`
		`+ amqp_url = "amqps://batcave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"`
		`+`
		`+ # The topic_prefix configuration value will add a prefix to the topics of every sent message.`
		`+ # This is used for migrating from fedmsg, and should not be used afterwards.`
		`+ {% if env == "staging" %}`
		`+ topic_prefix = "org.fedoraproject.stg"`
		`+ {% else %}`
		`+ topic_prefix = "org.fedoraproject.prod"`
		`+ {% endif %}`
		`+`
		`+ [tls]`
		`+ ca_cert = "/etc/pki/rabbitmq/batcave.ca"`
		`+ keyfile = "/etc/pki/rabbitmq/batcave.key"`
		`+ certfile = "/etc/pki/rabbitmq/batcave.crt"`
		`+`
		`+ [client_properties]`
		`+ app = "batcave"`
		`+`

pingou commented 3 years ago

Install the certificates needed to connect to fedora-messaging
Install a configuration file applications can use to send messages
to the message bus using fedora-messaging.
Create the batcave user in rabbitmq

Signed-off-by: Pierre-Yves Chibon pingou@pingoured.fr