#8996 Please add new clients + queues to RabbitMQ for osci.
Closed: Fixed a year ago by kevin. Opened a year ago by astepano.

Hello.

Please add next new clients to RabbitMQ:

RabbitMQ client name:

osci-pipelines

At this moment we have access to RabbitMQ client with name centos-ci. Strictly speaking that credentials was given by centos team only for testing purposes. While centos-ci client can be used by centos team, it is better to have distinct users, that we do not collide.

In certificate requests they have: Subject: CN = osci-pipelines

Please create next RabbitMQ queues with name and allow access to them for osci-pipelines :

osci-pipelines-queue-0
osci-pipelines-queue-1
osci-pipelines-queue-2
osci-pipelines-queue-3
osci-pipelines-queue-4
osci-pipelines-queue-5
osci-pipelines-queue-6
osci-pipelines-queue-7
osci-pipelines-queue-8
osci-pipelines-queue-9
osci-pipelines-queue-10
osci-pipelines-queue-11
osci-pipelines-queue-12
osci-pipelines-queue-13
osci-pipelines-queue-14
osci-pipelines-queue-15

Q: Why so many?
A: Background: https://pagure.io/fedora-infrastructure/issue/8846
According to this discussion 1 client can listen to many queues.
1 queue can be subscribed to different topics.
We have at least 4 pipelines: standard-test-interface/installability/rpmdeplint/composes/more-to-come.
All these pipelines listen to the same topics.
While we want to keep:

simple logic
and make pipelines independent
ability to run simultaneously at different places (AWS/Communshift)

All of them need to listen to topics that have common set. For 4 pipelines we need already 8 queues + 2 for experimenting/future needs.

Turned out there is policy:

- name: Validate parameters
  assert:
    that:
    - "queue_name.startswith(username)"
    fail_msg: "Your queue name must be prefixed with your username"

I created a certificate requests for client. I will attach certificate to this tickets.

When do you need this to be done by? (YYYY/MM/DD)

This would help us to allow deploy pipelines.

Thank you.


Please issue a certificate for:

cat osci-pipelines.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIEXjCCAkYCAQAwGTEXMBUGA1UEAwwOb3NjaS1waXBlbGluZXMwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQC3zzGwcKSgHR8Q0sBzaSUNhOiBxNYT+Lgv
lmMbi79mx6NR9ZI1LkRxw2b0Mh92XIbFBKC9syrA3plrXZn9BYYX+hc9wHt1Hhof
0ohf6wblBL7/gF82YJ9rDnLbmK7VM21IAH9VKQZ1fmqWZH2A00GDwyjyuOE2bJ0E
9xEp5hHOuaoDQz1S7QyfGm1gWDwXwbDCtyCg7g0ch8hOawVHuVDVkWlsNsjBwadL
wO/BKVVT2JYsGfUzDrJsPV0bQbou6FEtUF8Qf/SJnRO2En0lld5LcafHdZwKvfjb
tfdahqfJ3RUdyJjwDH5PHtKzCJobY8W8TheI+TJuwQLrcLGZpayMpr4Y+uc7zz8k
95R06ihkHB3vIMCeolzDrbXSKSqsZLlzab2QFXRhv9cLburtEJriTaDwOaUxdxFL
CPzQf5sOvur/9oVmyEQ7jzSvFDhodahhnl7+sFc6EXkndjPenKX2DDEb4xy9ASGx
Mw4EWW8SaW78oMviYBAk5XEfftYPZ+SHpFVeWn0HSltgjstiAmPUOVzhTuDrDSOG
L/zbOR/UMJrUyHtcs5Jtebbedqo37DW0ILfkm5rHDNZCxzhm/vPSrHynkIdTKlvz
sRsTNhfT/qEJFHTanyndKQwVTswZ+B5wf1oKdIFzUebbmbDAqwyZ47o7il0kI2Ej
VHYW+8TVxQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAJkYNp86GxSqft4rECNx
d2XpXiSpXJY1EBe5+VcDHRN8rs1XQltOB9QsQUDpGY5q4Gf0UZddT9PpPIYHqLe1
H6O8Z5J76e5PjB4Qa8uSm9xCzSbjl1wYV1bEod2il6g87xVUjaVp4/4V64MaZ5Zi
+gESnR5by1zEyCqoOOV+5swR3FguuTqLYZOXGgFOHHees+cjezKC7l0KLdXdoegk
t8YpgeClxd9P1PwPAK/0Uxy+w/qjExknzCuD0dd3ewqQ2tPuoMNJzEH5mF2VZXNO
umgxlKLfB1ittugscdZvnXJUZ8dh3MkiWZ9TAUVusRjmfMLOxJX2ze63UlRr7n45
qffjXfnYBS700/gHCaoUFo4NmV9VTUrhhHUcJMnm2KPSoiCO8T/TcojQnyVUjozo
HNxt511eRi4/HIIBMCD53lpae8KmJlrv84BlYmXCjfa3p2Ruqwdjqn0Ip91ZW/EE
xlRErZhpK5DD0LXrlLRpTDcjPEt92HfhR+O20+RZQ3NOD1qCX5v8Y6WkvzZpPQ0O
8qKXc2F0R2QQ5MgIKymyPwpG1pSCWjtjbXPmu7IyWUUj+bgTd2MKeUoAbD8niIUL
rzKZsi6MKJqHmVrZrxf0R53NMRfB7BMnWSwMkxq0gV3/OZ0Ok8mV3yYPGEQUsjhg
JGh0AGNZaVPz0QLkuhsRbNoq
-----END CERTIFICATE REQUEST-----

I created a PR: https://pagure.io/fedora-infra/ansible/pull-request/118 for adding client/queue.
Please review.

But, for me it is mystery: how to get certificate for the CSR above. It seems not related to ansible repo.

So, the certs are created by us... we have a private repo where we manage these.

There's no need to make a CSR, we can just make you one based on the name you want. I have created the cert and mailed you the encrypted key.

I have merged your pr and will go run the playbook now. ;)

Let me know if you need anything more here.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata
Related Pull Requests
  • #118 Merged a year ago