Learn more about these different git repos.
Other Git URLs
Hello team,
I'd like to have a way how to send messages from tooling that modularity works on (git checkouts) to stg messagebus.
we are using two hosts for modularity
composer.stg.phx2.fedoraproject.org ( I don't have root access == can't read certs == can't send w messages) this host is required for composes
modularity.fedorainfracloud.org (172.25.32.128) got root access, but it's not configured for fedmsg at all
I guess what I need is to get configuration + certs for modularity.fedorainfracloud.org or either root permissions or alternative way to be able to send messages from composer.
I'd appreciate any help.
Thanks
Just to note that threebean should have root access to host trough fedora@modularity.fedorainfracloud.org
OK, lkocman told me:
1) they do need messages from modularity.fedorainfracloud.org to be received on composer.stg
2) they do need messages from composer.stg to be received on modularity.fedorainfracloud.org
Here's my recommendation:
For the first part,
1) we run a fedmsg-relay on modularity.fedorainfracloud.org port 4001. This effectively gives it its own "bus", kind of like debian's bus.
2) we then add an entry to the endpoints.py file for composer.stg only so that it subscribes to this "external" bus, and will get messages from there.
3) they won't be signed, so we'll need to also disable message signature validation on composer.stg
4) that should do it.
on the second part
1) pungi running on composer.stg needs to sign and send messages, so I'll create a new cert, just for this dev work, only in staging, and have the key owned by the modularity-wg group.
2) that will allow dev users on the box to sign messages as their own users without having to have any sudo rights.
3) those messages from pungi on composer.stg will make it onto the stg-wide stg bus and will be published externally at tcp://stg.fedoraproject.org:9940, signed with valid (for staging) certs.
4) whatever needs to listen to that, can listen to that.
Part 1: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=b1d0171a84085ece3cde61d11b4d356f3e5b9a14
Part 2: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=3eab17a0cce7c07e23e1add709526bc794af88f4
OK, I think this is done.
One more tweak, post audit from @puiterwijk: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=69d6bf52ea401e78b060a6f8c3c6e79dc5a929b2
Metadata Update from @lkocman: - Issue assigned to ralph - Issue set to the milestone: Fedora 25 Alpha
Log in to comment on this ticket.