#7597 Allow ODCS to use rabbitmq staging as Celery queue
Closed: Fixed a year ago by kevin. Opened a year ago by jkaluza.

  • Describe what you need us to do:

I've recently started using Celery in ODCS instead of using fedmsg-hub for frontend -> backend communication. I want to test this in Fedora staging infra. @puiterwijk informed me there is some general rabbitmq instance deployed which I can use for this use-case.

I therefore need a certificates, URL of that rabbitmq instance, and maybe also other things I have no idea about on staging so I can test new ODCS there.

  • When do you need this? (YYYY/MM/DD)

No deadline, but I'm eager to see this running :D.

Is this for staging only, or do you want to use RabbitMQ in production too? I'm asking because RabbitMQ hasn't completed its RFR yet, so you probably shouldn't depend on it in production. It has no SOP or other documentation describing how to create certificates.

Metadata Update from @bowlofeggs:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: rabbitmq, staging

a year ago

I can generate a staging cert, but also we will need a new vhost for this right?

@jcline @abompard Can we split out the vhost creation from rabbitmq_cluster role to a rabbit/vhost role or something so we can handle these sorts of requests easier?

Or perhaps I don't understand how rabbit works and we don't need this. ;)

Yes, a new vhost is what we want. We're using the ansible module to make the vhost for the generic pubsub vhost.

The role would basically just use this with a "delegate_to" (like https://infrastructure.fedoraproject.org/infra/ansible/roles/rabbit/queue/tasks/main.yml). It seems like the best way to do this (to me) is have the ODCS role make that vhost along with a user with whatever privileges it needs in that vhost using the Ansible-provided modules. The user can probably just be "admin-level" with unrestricted configure/read/write because it's in its own vhost.

After the discussions on Flock, we agreed to moved ODCS maintenance in Fedora to @lsedlar and other people in his team. In order to do that, I need to upgrade ODCS to the latest version so things are set properly. The new ODCS version needs Celery and therefore I need this request to be done.

Can anyone from infra please look at it?

ok. I have:

  • Added ansible tasks to create (I hope) a queue for odcs

  • Added user certs for it for both stg and prod. The user is 'odcs-private-queue' and 'odcs-private-queue.stg' in stg. In ansible playbooks you can refer to them as:

"{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt" (and .key)

  • Run the playbook for staging.

I hope that makes everything right in staging. Can you upgrade there and confirm all is good?

If you run into issues, feel free to re-open this or file a new ticket.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

@kevin, I will do the upgrade, but it will take some time. I need to upgrade also the role and playbook first.

Sure, please let us know if you need anything at all from our end...

The key should actually be in "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key"

Login to comment on this ticket.