Hello.
Please add next new clients to RabbitMQ:
RabbitMQ client name:
osci-pipelines
At this moment we have access to RabbitMQ client with name centos-ci. Strictly speaking that credentials was given by centos team only for testing purposes. While centos-ci client can be used by centos team, it is better to have distinct users, that we do not collide.
centos-ci
In certificate requests they have: Subject: CN = osci-pipelines
Subject: CN = osci-pipelines
Please create next RabbitMQ queues with name and allow access to them for osci-pipelines :
osci-pipelines-queue-0 osci-pipelines-queue-1 osci-pipelines-queue-2 osci-pipelines-queue-3 osci-pipelines-queue-4 osci-pipelines-queue-5 osci-pipelines-queue-6 osci-pipelines-queue-7 osci-pipelines-queue-8 osci-pipelines-queue-9 osci-pipelines-queue-10 osci-pipelines-queue-11 osci-pipelines-queue-12 osci-pipelines-queue-13 osci-pipelines-queue-14 osci-pipelines-queue-15
osci-pipelines-queue-0
osci-pipelines-queue-1
osci-pipelines-queue-2
osci-pipelines-queue-3
osci-pipelines-queue-4
osci-pipelines-queue-5
osci-pipelines-queue-6
osci-pipelines-queue-7
osci-pipelines-queue-8
osci-pipelines-queue-9
osci-pipelines-queue-10
osci-pipelines-queue-11
osci-pipelines-queue-12
osci-pipelines-queue-13
osci-pipelines-queue-14
osci-pipelines-queue-15
Q: Why so many? A: Background: https://pagure.io/fedora-infrastructure/issue/8846 According to this discussion 1 client can listen to many queues. 1 queue can be subscribed to different topics. We have at least 4 pipelines: standard-test-interface/installability/rpmdeplint/composes/more-to-come. All these pipelines listen to the same topics. While we want to keep:
simple logic and make pipelines independent ability to run simultaneously at different places (AWS/Communshift)
All of them need to listen to topics that have common set. For 4 pipelines we need already 8 queues + 2 for experimenting/future needs.
Turned out there is policy:
- name: Validate parameters assert: that: - "queue_name.startswith(username)" fail_msg: "Your queue name must be prefixed with your username"
I created a certificate requests for client. I will attach certificate to this tickets.
This would help us to allow deploy pipelines.
Thank you.
@abompard maybe you can help?
https://pagure.io/fedora-infra/ansible/blob/master/f/roles/rabbit/queue/tasks/main.yml#_25
- "queue_name.startswith(username)"
Updated queues-names.
Please issue a certificate for:
cat osci-pipelines.csr -----BEGIN CERTIFICATE REQUEST----- MIIEXjCCAkYCAQAwGTEXMBUGA1UEAwwOb3NjaS1waXBlbGluZXMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQC3zzGwcKSgHR8Q0sBzaSUNhOiBxNYT+Lgv lmMbi79mx6NR9ZI1LkRxw2b0Mh92XIbFBKC9syrA3plrXZn9BYYX+hc9wHt1Hhof 0ohf6wblBL7/gF82YJ9rDnLbmK7VM21IAH9VKQZ1fmqWZH2A00GDwyjyuOE2bJ0E 9xEp5hHOuaoDQz1S7QyfGm1gWDwXwbDCtyCg7g0ch8hOawVHuVDVkWlsNsjBwadL wO/BKVVT2JYsGfUzDrJsPV0bQbou6FEtUF8Qf/SJnRO2En0lld5LcafHdZwKvfjb tfdahqfJ3RUdyJjwDH5PHtKzCJobY8W8TheI+TJuwQLrcLGZpayMpr4Y+uc7zz8k 95R06ihkHB3vIMCeolzDrbXSKSqsZLlzab2QFXRhv9cLburtEJriTaDwOaUxdxFL CPzQf5sOvur/9oVmyEQ7jzSvFDhodahhnl7+sFc6EXkndjPenKX2DDEb4xy9ASGx Mw4EWW8SaW78oMviYBAk5XEfftYPZ+SHpFVeWn0HSltgjstiAmPUOVzhTuDrDSOG L/zbOR/UMJrUyHtcs5Jtebbedqo37DW0ILfkm5rHDNZCxzhm/vPSrHynkIdTKlvz sRsTNhfT/qEJFHTanyndKQwVTswZ+B5wf1oKdIFzUebbmbDAqwyZ47o7il0kI2Ej VHYW+8TVxQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAJkYNp86GxSqft4rECNx d2XpXiSpXJY1EBe5+VcDHRN8rs1XQltOB9QsQUDpGY5q4Gf0UZddT9PpPIYHqLe1 H6O8Z5J76e5PjB4Qa8uSm9xCzSbjl1wYV1bEod2il6g87xVUjaVp4/4V64MaZ5Zi +gESnR5by1zEyCqoOOV+5swR3FguuTqLYZOXGgFOHHees+cjezKC7l0KLdXdoegk t8YpgeClxd9P1PwPAK/0Uxy+w/qjExknzCuD0dd3ewqQ2tPuoMNJzEH5mF2VZXNO umgxlKLfB1ittugscdZvnXJUZ8dh3MkiWZ9TAUVusRjmfMLOxJX2ze63UlRr7n45 qffjXfnYBS700/gHCaoUFo4NmV9VTUrhhHUcJMnm2KPSoiCO8T/TcojQnyVUjozo HNxt511eRi4/HIIBMCD53lpae8KmJlrv84BlYmXCjfa3p2Ruqwdjqn0Ip91ZW/EE xlRErZhpK5DD0LXrlLRpTDcjPEt92HfhR+O20+RZQ3NOD1qCX5v8Y6WkvzZpPQ0O 8qKXc2F0R2QQ5MgIKymyPwpG1pSCWjtjbXPmu7IyWUUj+bgTd2MKeUoAbD8niIUL rzKZsi6MKJqHmVrZrxf0R53NMRfB7BMnWSwMkxq0gV3/OZ0Ok8mV3yYPGEQUsjhg JGh0AGNZaVPz0QLkuhsRbNoq -----END CERTIFICATE REQUEST-----
I created a PR: https://pagure.io/fedora-infra/ansible/pull-request/118 for adding client/queue. Please review.
But, for me it is mystery: how to get certificate for the CSR above. It seems not related to ansible repo.
So, the certs are created by us... we have a private repo where we manage these.
There's no need to make a CSR, we can just make you one based on the name you want. I have created the cert and mailed you the encrypted key.
I have merged your pr and will go run the playbook now. ;)
Let me know if you need anything more here.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.