PR#720: DNF Counting: Set up fedora-messaging for log servers, move syncHttpLogs.sh out of base-role - fedora-infra/ansible

Nils Philippsen • 2 years ago

c782ece

Nils Philippsen • 2 years ago

dc86a46

Nils Philippsen • 2 years ago

15d5b3c

playbooks/groups/logserver.yml

file modified

		`@@ -29,6 +29,10 @@`
		`service: HTTP`
		`host: "admin.fedoraproject.org"`
		`when: env == "production"`
		`+ # Set up for fedora-messaging`
		`+ - role: rabbit/user`
		`+ username: "logging{{ env_suffix }}"`
		`+ - logging`

		`pre_tasks:`
		`- import_tasks: "{{ tasks_path }}/yumrepos.yml"`

roles/base/tasks/main.yml

file modified

-7

		`@@ -444,13 +444,6 @@`
		`- base`
		`- common-scripts`

		`- - name: install a sync httpd logs cron script only on log01`
		`- copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=0755`
		`- when: inventory_hostname.startswith('log01')`
		`- tags:`
		`- - config`
		`- - base`
		`-`
		`- name: Drop in a little system_identification note`
		`template: src=system_identification dest=/etc/system_identification`
		`tags:`

roles/logging/tasks/main.yml

file added

+60

		`@@ -0,0 +1,60 @@`
		`+ ---`
		`+ - name: Create /etc/pki/fedora-messaging`
		`+ file:`
		`+ dest: /etc/pki/fedora-messaging`
		`+ mode: 0775`
		`+ owner: root`
		`+ group: root`
		`+ state: directory`
		`+ tags:`
		`+ - config`
		`+ - logging`
		`+ - fedora-messaging`
		`+`
		`+ - name: Deploy the fedora-messaging CA`
		`+ copy:`
		`+ src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt"`
		`+ dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt`
		`+ mode: 0644`
		`+ owner: root`
		`+ group: root`
		`+ tags:`
		`+ - config`
		`+ - logging`
		`+ - fedora-messaging`
		`+`
		`+ - name: Deploy the fedora-messaging cert`
		`+ copy:`
		`+ src: "{{ private }}/files/rabbitmq/{{ env }}/pki/issued/logging{{ env_suffix }}.crt"`
		`+ dest: /etc/pki/fedora-messaging/logging.crt`
		`+ mode: 0644`
		`+ owner: root`
		`+ group: root`
		`+ tags:`
		`+ - config`
		`+ - logging`
		`+ - fedora-messaging`
		`+`
		`+ - name: Deploy the fedora-messaging key`
		`+ copy:`
		`+ src: "{{ private }}/files/rabbitmq/{{ env }}/pki/private/logging{{ env_suffix }}.key"`
		`+ dest: /etc/pki/fedora-messaging/logging.key`
		`+ mode: 0600`
		`+ owner: root`
		`+ group: root`
		`+ tags:`
		`+ - config`
		`+ - logging`
		`+ - fedora-messaging`
		`+`
		`+ - name: Install fedora-messaging config`
		`+ template:`
		`+ src: fedora-messaging.toml.j2`
		`+ dest: /etc/fedora-messaging/config.toml`
		`+ owner: root`
		`+ group: root`
		`+ mode: 0600`
		`+ tags:`
		`+ - config`
		`+ - logging`
		`+ - fedora-messaging`

file added

+18

		`@@ -0,0 +1,18 @@`
		`+ amqp_url = "amqps://logging{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"`
		`+`
		`+ {% if env == "staging" %}`
		`+ topic_prefix = "org.fedoraproject.stg"`
		`+ {% else %}`
		`+ topic_prefix = "org.fedoraproject.prod"`
		`+ {% endif %}`
		`+`
		`+ publish_exchange = "amq.topic"`
		`+ passive_declares = true`
		`+`
		`+ [tls]`
		`+ ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt"`
		`+ keyfile = "/etc/pki/fedora-messaging/logging.key"`
		`+ certfile = "/etc/pki/fedora-messaging/logging.crt"`
		`+`
		`+ [client_properties]`
		`+ app = "logging"`

roles/web-data-analysis/files/syncHttpLogs.sh ~~roles/base/files/syncHttpLogs.sh~~

file renamed

file was moved with no change to the file

roles/web-data-analysis/tasks/main.yml

file modified

		`@@ -150,3 +150,10 @@`
		`tags:`
		`- web-data`
		`- cron`
		`+`
		`+ - name: install a sync httpd logs cron script only on log01`
		`+ copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=0755`
		`+ when: inventory_hostname.startswith('log01')`
		`+ tags:`
		`+ - web-data`
		`+ - config`

This PR does the following:

Sets up logging user in RabbitMQ
Adds logging role which configures fedora-messaging and installs the necessary certificates
Moves the syncHttpLogs.sh script into the web-data-analysis role (was previously in base)