PR#40: remove rabbitmq hard dependency - kube-sig/koji-operator

kube-sig / koji-operator

#40 remove rabbitmq hard dependency

Merged 2 years ago by lrossett. Opened 2 years ago by lrossett.

kube-sig/ lrossett/koji-operator issue-26_rabbitmq-removal into main

remove rabbitmq hard dependency

Leonardo Rossetti • 2 years ago

1e65fe8

components/rabbitmq/0-secret.yaml

file removed

-11

		`@@ -1,11 +0,0 @@`
		`- apiVersion: v1`
		`- kind: Secret`
		`- metadata:`
		`- name: rabbitmq-ssl`
		`- labels:`
		`- app: rabbitmq`
		`- data:`
		`- RABBITMQ_SSL_CACERTFILE: L2V0Yy9wa2kvY2EtdHJ1c3Qvc291cmNlL2FuY2hvcnMvY2E= #/etc/pki/ca-trust/source/anchors/ca`
		`- RABBITMQ_SSL_CERTFILE: L2V0Yy9wa2kvY2EtdHJ1c3Qvc291cmNlL2FuY2hvcnMvY2VydA== #/etc/pki/ca-trust/source/anchors/cert`
		`- RABBITMQ_SSL_KEYFILE: L2V0Yy9wa2kvY2EtdHJ1c3Qvc291cmNlL2FuY2hvcnMva2V5 #/etc/pki/ca-trust/source/anchors/key`
		`- RABBITMQ_SSL_VERIFY: dmVyaWZ5X25vbmU= #false`
		`\ No newline at end of file`

components/rabbitmq/1-app.secret.yaml

file removed

-24

		`@@ -1,24 +0,0 @@`
		`- apiVersion: v1`
		`- kind: Secret`
		`- metadata:`
		`- name: rabbitmq-certs`
		`- data:`
		`- ca: \|-`
		`- Y2hhbmdlbWU=`
		`- cert: \|-`
		`- Y2hhbmdlbWU=`
		`- key: \|-`
		`- Y2hhbmdlbWU=`
		`- ---`
		`- apiVersion: v1`
		`- kind: Secret`
		`- metadata:`
		`- name: koji-hub-msg`
		`- data:`
		`- koji.ca: \|-`
		`- Y2hhbmdlbWU=`
		`- koji.crt: \|-`
		`- Y2hhbmdlbWU=`
		`- koji.key: \|-`
		`- Y2hhbmdlbWU=`
		`-`

components/rabbitmq/2-pvc.yaml

file removed

-12

		`@@ -1,12 +0,0 @@`
		`- kind: PersistentVolumeClaim`
		`- apiVersion: v1`
		`- metadata:`
		`- name: rabbitmq-data`
		`- labels:`
		`- app: rabbitmq`
		`- spec:`
		`- accessModes:`
		`- - ReadWriteMany`
		`- resources:`
		`- requests:`
		`- storage: 2Gi`
		`\ No newline at end of file`

components/rabbitmq/3-service.yaml

file removed

-12

		`@@ -1,12 +0,0 @@`
		`- apiVersion: v1`
		`- kind: Service`
		`- metadata:`
		`- name: rabbitmq`
		`- labels:`
		`- app: rabbitmq`
		`- spec:`
		`- type: NodePort`
		`- ports:`
		`- - port: 15672`
		`- selector:`
		`- app: rabbitmq`
		`\ No newline at end of file`

components/rabbitmq/4-deployment.yaml

file removed

-41

		`@@ -1,41 +0,0 @@`
		`- apiVersion: apps/v1`
		`- kind: Deployment`
		`- metadata:`
		`- name: rabbitmq`
		`- spec:`
		`- replicas: 1`
		`- selector:`
		`- matchLabels:`
		`- app: rabbitmq`
		`- template:`
		`- metadata:`
		`- labels:`
		`- app: rabbitmq`
		`- spec:`
		`- containers:`
		`- - name: rabbitmq`
		`- image: rabbitmq:3.8`
		`- imagePullPolicy: IfNotPresent`
		`- ports:`
		`- - containerPort: 15672`
		`- env:`
		`- - name: RABBITMQ_ERLANG_COOKIE`
		`- value: mbox`
		`- - name: RABBITMQ_NODENAME`
		`- value: rabbitmq`
		`- envFrom:`
		`- - secretRef:`
		`- name: rabbitmq-ssl`
		`- volumeMounts:`
		`- - mountPath: /var/lib/rabbitmq`
		`- name: rabbitmq-data`
		`- - name: rabbitmq-certs`
		`- mountPath: /etc/pki/ca-trust/source/anchors`
		`- readOnly: true`
		`- volumes:`
		`- - name: rabbitmq-data`
		`- persistentVolumeClaim:`
		`- claimName: rabbitmq-data`
		`- - name: rabbitmq-certs`
		`- configMap:`
		`- name: rabbitmq-certs`
		`\ No newline at end of file`

components/rabbitmq/README.md

file removed

-21

		`@@ -1,21 +0,0 @@`
		`- # RabbitMQ Certificates`
		`-`
		`- ## Generator`
		`-`
		`- Generate CA, server and client certificates by running:`
		`-`
		- ```sh
		`- git clone https://github.com/michaelklishin/tls-gen tls-gen`
		`- cd tls-gen/basic`
		`- # private key password`
		`- make PASSWORD=mbox`
		`- make verify`
		`- make info`
		- ```
		`-`
		- Certificate files will be created in `tls-gen/basic/result/`.
		`-`
		`- Copy the contents of CA, certificate and key (.key file) into the secret for both server and client configmaps.`
		`-`
		- RabbitMQ can now be deployed by running `kubectl apply -f .`
		`-`

components/rabbitmq/playbook.yml

file removed

-118

		`@@ -1,118 +0,0 @@`
		`- ---`
		`- - hosts: localhost`
		`- connection: local`
		`- vars:`
		`- namespace: mbbox`
		`- key_size: 4096`
		`- rabbitmq_host: "rabbitmq"`
		`- rabbitmq_username: mbbox`
		`- tasks:`
		`- - name: tmp_dir.create`
		`- tempfile:`
		`- state: directory`
		`- suffix: mbbox`
		`- register: tmp_dir`
		`- - name: tmp_dir.var`
		`- set_fact:`
		`- cert_dir: "{{ tmp_dir.path }}"`
		`-`
		`- - name: ca.key`
		`- openssl_privatekey:`
		`- path: "{{ cert_dir }}/ca_key.pem"`
		`- size: "{{ key_size\|int }}"`
		`- - name: ca.csr`
		`- openssl_csr:`
		`- path: "{{ cert_dir }}/ca_req.pem"`
		`- privatekey_path: "{{ cert_dir }}/ca_key.pem"`
		`- common_name: "{{ rabbitmq_host }}"`
		`- create_subject_key_identifier: true`
		`- key_usage:`
		`- - cRLSign`
		`- - dataEncipherment`
		`- - digitalSignature`
		`- - keyCertSign`
		`- - keyEncipherment`
		`- - nonRepudiation`
		`- basic_constraints:`
		`- - 'CA:TRUE'`
		`- - name: ca.crt`
		`- openssl_certificate:`
		`- path: "{{ cert_dir }}/ca_cert.pem"`
		`- privatekey_path: "{{ cert_dir }}/ca_key.pem"`
		`- csr_path: "{{ cert_dir }}/ca_req.pem"`
		`- provider: selfsigned`
		`-`
		`- - name: server.key`
		`- openssl_privatekey:`
		`- path: "{{ cert_dir }}/server_key.pem"`
		`- size: "{{ key_size\|int }}"`
		`- - name: server.csr`
		`- openssl_csr:`
		`- path: "{{ cert_dir }}/server_req.pem"`
		`- privatekey_path: "{{ cert_dir }}/server_key.pem"`
		`- common_name: "{{ rabbitmq_host }}"`
		`- subject_alt_name:`
		`- - "DNS:{{ rabbitmq_host }}"`
		`- - "DNS:{{ rabbitmq_host }}.{{ namespace }}.svc"`
		`- - "DNS:{{ rabbitmq_host }}.{{ namespace }}.svc.cluster"`
		`- - name: server.crt`
		`- openssl_certificate:`
		`- path: "{{ cert_dir }}/server_cert.pem"`
		`- csr_path: "{{ cert_dir }}/server_req.pem"`
		`- ownca_path: "{{ cert_dir }}/ca_cert.pem"`
		`- ownca_privatekey_path: "{{ cert_dir }}/ca_key.pem"`
		`- provider: ownca`
		`-`
		`- - name: client.key`
		`- openssl_privatekey:`
		`- path: "{{ cert_dir }}/client_key.pem"`
		`- size: "{{ key_size\|int }}"`
		`- - name: client.csr`
		`- openssl_csr:`
		`- path: "{{ cert_dir }}/client_req.pem"`
		`- privatekey_path: "{{ cert_dir }}/client_key.pem"`
		`- common_name: "{{ rabbitmq_username }}"`
		`- - name: client.crt`
		`- openssl_certificate:`
		`- path: "{{ cert_dir }}/client_cert.pem"`
		`- csr_path: "{{ cert_dir }}/client_req.pem"`
		`- ownca_path: "{{ cert_dir }}/ca_cert.pem"`
		`- ownca_privatekey_path: "{{ cert_dir }}/ca_key.pem"`
		`- provider: ownca`
		`-`
		`- - name: k8s.rabbitmq.configmap(name=rabbitmq-certs)`
		`- k8s:`
		`- definition:`
		`- apiVersion: v1`
		`- kind: ConfigMap`
		`- metadata:`
		`- name: rabbitmq-certs`
		`- namespace: "{{ namespace }}"`
		`- data:`
		`- ca: "{{ lookup('file', cert_dir + '/ca_cert.pem') }}"`
		`- cert: "{{ lookup('file', cert_dir + '/server_cert.pem') }}"`
		`- key: "{{ lookup('file', cert_dir + '/server_key.pem') }}"`
		`-`
		`- - name: k8s.rabbitmq.configmap(name=koji-hub-msg)`
		`- k8s:`
		`- definition:`
		`- apiVersion: v1`
		`- kind: ConfigMap`
		`- metadata:`
		`- name: koji-hub-msg`
		`- namespace: "{{ namespace }}"`
		`- data:`
		`- ca: "{{ lookup('file', cert_dir + '/ca_cert.pem') }}"`
		`- cert: "{{ lookup('file', cert_dir + '/client_cert.pem') }}"`
		`- key: "{{ lookup('file', cert_dir + '/client_key.pem') }}"`
		`-`
		`- - name: k8s.rabbitmq`
		`- k8s:`
		`- definition: "{{ lookup('file', './' + item) }}"`
		`- namespace: "{{ namespace }}"`
		`- wait: true`
		`- with_items:`
		`- - 0-secret.yaml`
		`- - 2-pvc.yaml`
		`- - 4-deployment.yaml`
		`- - 3-service.yaml`

deploy/minikube/pod.yaml

file modified

-28

		`@@ -104,34 +104,6 @@`
		`done`

		`echo "`
		`- apiVersion: v1`
		`- kind: Secret`
		`- metadata:`
		`- name: rabbitmq-certs`
		`- namespace: koji-system`
		`- data:`
		`- ca: \|-`
		`- Y2hhbmdlbWU=`
		`- cert: \|-`
		`- Y2hhbmdlbWU=`
		`- key: \|-`
		`- Y2hhbmdlbWU=`
		`- ---`
		`- apiVersion: v1`
		`- kind: Secret`
		`- metadata:`
		`- name: koji-hub-msg`
		`- namespace: koji-system`
		`- data:`
		`- koji.ca: \|-`
		`- Y2hhbmdlbWU=`
		`- koji.crt: \|-`
		`- Y2hhbmdlbWU=`
		`- koji.key: \|-`
		`- Y2hhbmdlbWU=`
		`- " \| kubectl apply -f -`
		`-`
		`- echo "`
		`apiVersion: buildsys.apps.fedoraproject.org/v1alpha1`
		`kind: KojiHub`
		`metadata:`

operator/config/samples/buildsys_v1alpha1_kojihub.yaml

file modified

-3

		`@@ -13,9 +13,6 @@`
		`postgres_secret: postgres`
		`http_enabled: true`
		`https_enabled: true`
		`- topic_prefix: mbox_dev`
		`- fedora_messaging_url: amqps://koji:something@rabbitmq`
		`- messaging_cert_secret: koji-hub-msg`
		`ingress_backend: nginx # default`
		`# ingress_backend: openshift`
		`httpd_pvc_name: koji-hub-httpd-pvc`

operator/molecule/default/converge.yml

file modified

-7

		`@@ -25,13 +25,6 @@`
		`- 0-secret.yaml`
		`- 1-deployment.yaml`
		`- 2-service.yaml`
		`-`
		`- - name: Create RabbitMQ ConfigMap`
		`- k8s:`
		`- src: "{{ components_dir }}/rabbitmq/1-app.secret.yaml"`
		`- namespace: "{{ namespace }}"`
		`- state: present`
		`- wait: true`

		`- import_tasks: kustomize.yml`
		`vars:`

operator/molecule/default/tasks/kojihub_test.yml

file modified

-1

		`@@ -28,7 +28,6 @@`
		`- "'httpd.conf' in koji_configmap.resources[0].data"`
		`- "'hub.conf' in koji_configmap.resources[0].data"`
		`- "'kojiweb.conf' in koji_configmap.resources[0].data"`
		`- - "'fedora-messaging.toml' in koji_configmap.resources[0].data"`

		`- block:`
		`- name: 'TEST: kojihub.secret.koji-hub-ca-cert'`

operator/roles/koji-hub/defaults/main.yml

file modified

-3

		`@@ -8,7 +8,6 @@`
		`koji_hub_configmap: "{{ configmap \| default('koji-hub-configmap') }}"`
		`koji_hub_ca_cert_secret: "{{ ca_cert_secret \| default('koji-hub-ca-cert') }}"`
		`koji_hub_service_cert_secret: "{{ service_cert_secret \| default('koji-hub-service-cert') }}"`
		`- koji_hub_messaging_cert_secret: "{{ messaging_cert_secret \| default('koji-hub-msg') }}"`

		`koji_hub_httpd_pvc_name: "{{ httpd_pvc_name \| default('koji-hub-httpd-pvc') }}"`
		`koji_hub_httpd_pvc_size: "{{ httpd_pvc_size \| default('1Gi') }}"`
		`@@ -28,7 +27,5 @@`
		`koji_hub_admin_client_cert: "{{ admin_client_cert \| default('koji-hub-admin-cert') }}"`
		`koji_hub_admin_username: "{{ admin_username \| default('kojiadmin') }}"`

		`- koji_mbox: "{{ mbox \| default('') }}"`
		`-`
		`koji_hub_web_client_cert: "{{ web_client_cert \| default('koji-hub-web-client-cert') }}"`
		`koji_hub_web_client_username: "{{ web_client_username \| default('kojiweb') }}"`

operator/roles/koji-hub/tasks/cert.yml

file modified

-1

		`@@ -55,7 +55,6 @@`
		`cert: "{{ lookup('file', cert_dir.path + '/ca_cert.pem') \| b64encode }}"`
		`key: "{{ lookup('file', cert_dir.path + '/ca_key.pem') \| b64encode }}"`
		`when: k8s_cacert_query.resources\|length == 0`
		`- # when: koji_mbox\|length == 0`

		`# koji-hub httpd cert`
		`- name: check if server cert exists`

operator/roles/koji-hub/tasks/main.yml

file modified

-23

		`@@ -14,18 +14,6 @@`
		`psql_secret: "{{ k8s_psql_secrets.resources[0] }}"`

		`- block:`
		`- - name: Check if messaging secret exists`
		`- k8s_info:`
		`- api_version: v1`
		`- kind: Secret`
		`- namespace: "{{ meta.namespace }}"`
		`- name: "{{ koji_hub_messaging_cert_secret }}"`
		`- register: k8s_msg_secret`
		`- - fail:`
		`- msg: "Secret {{ koji_hub_messaging_cert_secret }} not found in namespace {{ meta.namespace }}"`
		`- when: k8s_msg_secret.resources\|length == 0`
		`-`
		`- - block:`
		`- name: Ensure koji-hub configmap is updated`
		`template:`
		`src: configmap.yml.j2`
		`@@ -35,8 +23,6 @@`
		`koji_hub_psql_db: "{{ psql_secret.data.POSTGRES_DB \| b64decode }}"`
		`koji_hub_psql_user: "{{ psql_secret.data.POSTGRES_USER \| b64decode }}"`
		`koji_hub_psql_password: "{{ psql_secret.data.POSTGRES_PASSWORD \| b64decode }}"`
		`- koji_hub_fedora_messaging_url: "{{ fedora_messaging_url }}"`
		`- koji_hub_topic_prefix: "{{ topic_prefix }}"`

		`- k8s:`
		`state: present`
		`@@ -78,16 +64,9 @@`
		`pvc_mode: ReadWriteMany`
		`pvc_namespace: "{{ meta.namespace }}"`
		`when:`
		`- - koji_mbox\|length == 0`
		`- k8s_mnt_pvc.resources\|length == 0`

		`- block:`
		`- - name: retrieve and set shared pvc name`
		`- set_fact:`
		`- koji_hub_mnt_pvc_name: "{{ k8s_mboxes.resources[0].spec.koji_pvc_name }}"`
		`- when: koji_mbox\|length > 0`
		`-`
		`- - block:`
		`- name: Apply koji-hub http service`
		`template:`
		`src: service.yml.j2`
		`@@ -160,8 +139,6 @@`
		`positional_args:`
		`- 1`
		`failed_when: false`
		`- # register: psql_schema`
		`- # failed_when: "not 'already exists' in psql_schema.statusmessage"`
		`- postgresql_query:`
		`db: "{{ psql_secret.data.POSTGRES_DB \| b64decode }}"`
		`login_host: "{{ psql_host }}"`

operator/roles/koji-hub/templates/configmap.yml.j2

file modified

+2 -13

		`@@ -126,7 +126,7 @@`

		`NotifyOnSuccess = False`

		`- Plugins = fedmsg-koji-plugin runroot_hub`
		`+ Plugins = runroot_hub`
		`kojiweb.conf: \|-`
		`[web]`
		`SiteName = MBOX Koji`
		`@@ -138,15 +138,4 @@`
		`KojiHubCA = /etc/cacert/cert`
		`WebCert = /etc/webcert/client.pem`

		`- Tasks = runroot`
		`- fedora-messaging.toml: \|-`
		`- amqp_url = "{{ koji_hub_fedora_messaging_url }}"`
		`- topic_prefix = "{{ koji_hub_topic_prefix }}"`
		`-`
		`- [tls]`
		`- ca_cert = "/etc/msgcert/koji.ca"`
		`- certfile = "/etc/msgcert/koji.crt"`
		`- keyfile = "/etc/msgcert/koji.key"`
		`-`
		`- [client_properties]`
		`- app = "Koji"`
		`+ Tasks = runroot`
		`\ No newline at end of file`

operator/roles/koji-hub/templates/deployment.yml.j2

file modified

-5

		`@@ -49,8 +49,6 @@`
		`mountPath: /httpdir`
		`- name: koji-hub-mnt`
		`mountPath: /mnt/koji`
		`- - name: koji-hub-msg`
		`- mountPath: /etc/msgcert`
		`volumes:`
		`- name: cacert-volume`
		`secret:`
		`@@ -70,6 +68,3 @@`
		`- name: koji-hub-mnt`
		`persistentVolumeClaim:`
		`claimName: "{{ koji_hub_mnt_pvc_name }}"`
		`- - name: koji-hub-msg`
		`- secretName:`
		`- name: {{ koji_hub_messaging_cert_secret }}`

lrossett commented 2 years ago

removing rabbitmq related code from the operator.

Metadata

Assignee

None

Tags

No Tags

Changes Summary 16

-11

file removed

components/rabbitmq/0-secret.yaml

-24

file removed

components/rabbitmq/1-app.secret.yaml

-12

file removed

components/rabbitmq/2-pvc.yaml

-12

file removed

components/rabbitmq/3-service.yaml

-41

file removed

components/rabbitmq/4-deployment.yaml

-21

file removed

components/rabbitmq/README.md

-118

file removed

components/rabbitmq/playbook.yml

+0 -28

file changed

deploy/minikube/pod.yaml

+0 -3

file changed

operator/config/samples/buildsys_v1alpha1_kojihub.yaml

+0 -7

file changed

operator/molecule/default/converge.yml

+0 -1

file changed

operator/molecule/default/tasks/kojihub_test.yml

+0 -3

file changed

operator/roles/koji-hub/defaults/main.yml

+0 -1

file changed

operator/roles/koji-hub/tasks/cert.yml

+0 -23

file changed

operator/roles/koji-hub/tasks/main.yml

+2 -13

file changed

operator/roles/koji-hub/templates/configmap.yml.j2

+0 -5

file changed

operator/roles/koji-hub/templates/deployment.yml.j2

		`@@ -8,7 +8,6 @@`
		`koji_hub_configmap: "{{ configmap \| default('koji-hub-configmap') }}"`
		`koji_hub_ca_cert_secret: "{{ ca_cert_secret \| default('koji-hub-ca-cert') }}"`
		`koji_hub_service_cert_secret: "{{ service_cert_secret \| default('koji-hub-service-cert') }}"`
		`- koji_hub_messaging_cert_secret: "{{ messaging_cert_secret \| default('koji-hub-msg') }}"`

		`koji_hub_httpd_pvc_name: "{{ httpd_pvc_name \| default('koji-hub-httpd-pvc') }}"`
		`koji_hub_httpd_pvc_size: "{{ httpd_pvc_size \| default('1Gi') }}"`
		`@@ -28,7 +27,5 @@`
		`koji_hub_admin_client_cert: "{{ admin_client_cert \| default('koji-hub-admin-cert') }}"`
		`koji_hub_admin_username: "{{ admin_username \| default('kojiadmin') }}"`

		`- koji_mbox: "{{ mbox \| default('') }}"`
		`-`
		`koji_hub_web_client_cert: "{{ web_client_cert \| default('koji-hub-web-client-cert') }}"`
		`koji_hub_web_client_username: "{{ web_client_username \| default('kojiweb') }}"`

		`@@ -55,7 +55,6 @@`
		`cert: "{{ lookup('file', cert_dir.path + '/ca_cert.pem') \| b64encode }}"`
		`key: "{{ lookup('file', cert_dir.path + '/ca_key.pem') \| b64encode }}"`
		`when: k8s_cacert_query.resources\|length == 0`
		`- # when: koji_mbox\|length == 0`

		`# koji-hub httpd cert`
		`- name: check if server cert exists`

kube-sig / koji-operator

Source Code

#40 remove rabbitmq hard dependency Merged 2 years ago by lrossett. Opened 2 years ago by lrossett. kube-sig/ lrossett/koji-operator issue-26_rabbitmq-removal into main

Metadata

Changes Summary 16

#40 remove rabbitmq hard dependency

Merged 2 years ago by lrossett. Opened 2 years ago by lrossett.

kube-sig/ lrossett/koji-operator issue-26_rabbitmq-removal into main