I've recently started using Celery in ODCS instead of using fedmsg-hub for frontend -> backend communication. I want to test this in Fedora staging infra. @puiterwijk informed me there is some general rabbitmq instance deployed which I can use for this use-case.
I therefore need a certificates, URL of that rabbitmq instance, and maybe also other things I have no idea about on staging so I can test new ODCS there.
No deadline, but I'm eager to see this running :D.
Is this for staging only, or do you want to use RabbitMQ in production too? I'm asking because RabbitMQ hasn't completed its RFR yet, so you probably shouldn't depend on it in production. It has no SOP or other documentation describing how to create certificates.
Metadata Update from @bowlofeggs:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: rabbitmq, staging
I can generate a staging cert, but also we will need a new vhost for this right?
@jcline @abompard Can we split out the vhost creation from rabbitmq_cluster role to a rabbit/vhost role or something so we can handle these sorts of requests easier?
Or perhaps I don't understand how rabbit works and we don't need this. ;)
Yes, a new vhost is what we want. We're using the ansible module to make the vhost for the generic pubsub vhost.
The role would basically just use this with a "delegate_to" (like https://infrastructure.fedoraproject.org/infra/ansible/roles/rabbit/queue/tasks/main.yml). It seems like the best way to do this (to me) is have the ODCS role make that vhost along with a user with whatever privileges it needs in that vhost using the Ansible-provided modules. The user can probably just be "admin-level" with unrestricted configure/read/write because it's in its own vhost.
to comment on this ticket.