From f728bc758a0dc16885d350aae2a6bac0612a21f3 Mon Sep 17 00:00:00 2001 From: lrossett Date: Dec 10 2020 13:57:41 +0000 Subject: [PATCH 1/4] fedora messaging docs --- diff --git a/README.md b/README.md index d5944fb..373d4fa 100644 --- a/README.md +++ b/README.md @@ -2,3 +2,6 @@ This repository aims to contain several procedures for the centos steam team members. +## Index + +[Fedora Messaging](./fedora-messaging/README.md) diff --git a/fedora-messaging/README.md b/fedora-messaging/README.md new file mode 100644 index 0000000..4ee0bb5 --- /dev/null +++ b/fedora-messaging/README.md @@ -0,0 +1,26 @@ +# Fedora Messaging + +## Requesting Access + +What needs to be done: + +* Request certificates from the fedora infrastructure team; +* Ansible changes to create a new user, queue and topic in fedora messaging. + +You can request a new certificate and a private key by opening a fedora infrastructure ticket: https://pagure.io/fedora-infrastructure (Example: https://pagure.io/fedora-infrastructure/issue/9494). + +The ticket should request a new username for fedora messaging (either prod or stg) - the result of that ticket will be a new certificate and private key for that user (the certificate CN field should contain the requested username as its value). + +The next step is to add the new user, queue and topic binding into fedora's Rabbit MQ instance. + +This can be done by sending a pull request to their ansible repository (https://pagure.io/fedora-infra/ansible): https://pagure.io/fedora-infra/ansible/pull-request/302#request_diff. + +The topic format uses the following scheme: `org....#` where: + +* ``: source as entity, should be `centos` in our case +* ``: env is either `prod` or `stg` but you should use the ansible var `env_suffix` +* ``: the application the message belongs to, which matches your username. + +A topic for centos koji would be: `org.centos.prod.koji.#` (`#` means Rabbit MQ will match the topic as long as it starts with `org.centos.prod.koji.`). + +Those changes will also need to be run by someone from the fedora infrastructure team. From 73a20a0f070a2e437f69b64db499fbad687bec67 Mon Sep 17 00:00:00 2001 From: lrossett Date: Dec 10 2020 14:05:08 +0000 Subject: [PATCH 2/4] add mbbox in index + fedora-messaging example --- diff --git a/README.md b/README.md index 373d4fa..ea9ee44 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ # Stream Team Docs -This repository aims to contain several procedures for the centos steam team members. +This repository aims to contain several procedures for the centos stream team members. ## Index +[MBBOX](./mbbox/README.md) [Fedora Messaging](./fedora-messaging/README.md) diff --git a/fedora-messaging/README.md b/fedora-messaging/README.md index 4ee0bb5..096e269 100644 --- a/fedora-messaging/README.md +++ b/fedora-messaging/README.md @@ -18,9 +18,36 @@ This can be done by sending a pull request to their ansible repository (https:// The topic format uses the following scheme: `org....#` where: * ``: source as entity, should be `centos` in our case -* ``: env is either `prod` or `stg` but you should use the ansible var `env_suffix` +* ``: env is either `prod` or `stg` but you should use the ansible var `short_env` * ``: the application the message belongs to, which matches your username. A topic for centos koji would be: `org.centos.prod.koji.#` (`#` means Rabbit MQ will match the topic as long as it starts with `org.centos.prod.koji.`). Those changes will also need to be run by someone from the fedora infrastructure team. + +### Example + +The following ansible code is an example of how to add an user and a queue with a routing key. + +```yaml +# adding "centos-koji" user as an example + +- name: Add centos-koji User + run_once: true + include_role: + name: rabbit/user + vars: + username: centos-koji{{ env_suffix }} + +- name: Add centos-koji queue + run_once: true + include_role: + name: rabbit/queue + vars: + username: centos-koji{{ env_suffix }} + queue_name: centos-koji{{ env_suffix }} + # TTL: 10 days (in miliseconds) + message_ttl: 864000000 + routing_keys: + - "org.centos.{{ env_short }}.koji.#" +``` diff --git a/mbbox/README.md b/mbbox/README.md new file mode 100644 index 0000000..8c0d86c --- /dev/null +++ b/mbbox/README.md @@ -0,0 +1,63 @@ +# MBBox deployment guide + +## Description + +This guide will describe the deployment of [MBBox](https://github.com/fedora-infra/mbbox) operator in OpenShift 4 cluster and it's prerequisites. + +## Prerequisites + +### Persistent Volumes + +The MBBox needs several Persistent Volumes created in prior to deployment: + +* mbox-registry (Recommended: 100 Gi) - Used as image registry +* httpd (Recommended: 1Gi) - Used by koji-hub httpd server +* koji (Recommended: 50Gi) - Used for shared koji space +* postgres (Recommended: 5Gi) - Used by postgreSQL database + +### Postgres + +MBBox needs PostgreSQL database for various tasks. + +* Version: 10.4 +* Volumes: postgredb:/var/lib/postgresql + +### Secrets + +MBBox needs plenty of secrets to be created for the components. Following is the list of secrets. + +* ca-cert +Description: Certificate for Certification Authority +Key/value: cert/CA certificate +* koji-builder-client-cert +Description: Koji builder client certificate (must have the CN: koji builder host name) +Key/value: tls.pem/Combined certificate with key signed by CA +* koji-hub-service-cert +Description: Server certificate for koji-hub +Key/value: tls.crt/Koji server certificate signed by CA +Key/value: tls.key/Private key for the tls.crt +* koji-hub-admin-cert +Description: Certificate for koji admin user (must have the CN: koji admin username) +Key/value: client.pem/Combined certificate with key signed by CA +* koji-hub-web-client-cert +Description: Certificate for koji web client user (must have the CN: koji web client username) +Key/value: client.pem/Combined certificate with key signed by CA +* koji-hub-msg +Description: Koji hub messaging certificate for fedora messaging +Key/value: koji.ca/CA certificate for messaging +Key/value: koji.crt/Messaging certificate +Key/value: koji.key/Private key for messaging certificate +* kojira-client-cert +Description: Kojira client certificate to communicate with koji-hub (must have the CN: koji hub username for kojira) +Key/value: client.pem/Combined certificate with key signed by CA +* mbs-client-cert +Description: MBS backend client certificate to communicate with koji-hub (must have the CN: koji hub username for MBS) +Key/value: client.pem/Combined certificate with key signed by CA +* mbs-frontend-client-cert +Description: MBS frontend client certificate to communicate with koji-hub (must have the CN: koji hub hostname) +Key/value: client.pem/Combined certificate with key signed by CA +* mbs-frontend-client-cert +Description: MBS frontend server certificate +Key/value: tls.crt/MBS server certificate signed by CA +Key/value: tls.key/Private key for server certificate + diff --git a/mbbox/deployment.md b/mbbox/deployment.md deleted file mode 100644 index 8c0d86c..0000000 --- a/mbbox/deployment.md +++ /dev/null @@ -1,63 +0,0 @@ -# MBBox deployment guide - -## Description - -This guide will describe the deployment of [MBBox](https://github.com/fedora-infra/mbbox) operator in OpenShift 4 cluster and it's prerequisites. - -## Prerequisites - -### Persistent Volumes - -The MBBox needs several Persistent Volumes created in prior to deployment: - -* mbox-registry (Recommended: 100 Gi) - Used as image registry -* httpd (Recommended: 1Gi) - Used by koji-hub httpd server -* koji (Recommended: 50Gi) - Used for shared koji space -* postgres (Recommended: 5Gi) - Used by postgreSQL database - -### Postgres - -MBBox needs PostgreSQL database for various tasks. - -* Version: 10.4 -* Volumes: postgredb:/var/lib/postgresql - -### Secrets - -MBBox needs plenty of secrets to be created for the components. Following is the list of secrets. - -* ca-cert -Description: Certificate for Certification Authority -Key/value: cert/CA certificate -* koji-builder-client-cert -Description: Koji builder client certificate (must have the CN: koji builder host name) -Key/value: tls.pem/Combined certificate with key signed by CA -* koji-hub-service-cert -Description: Server certificate for koji-hub -Key/value: tls.crt/Koji server certificate signed by CA -Key/value: tls.key/Private key for the tls.crt -* koji-hub-admin-cert -Description: Certificate for koji admin user (must have the CN: koji admin username) -Key/value: client.pem/Combined certificate with key signed by CA -* koji-hub-web-client-cert -Description: Certificate for koji web client user (must have the CN: koji web client username) -Key/value: client.pem/Combined certificate with key signed by CA -* koji-hub-msg -Description: Koji hub messaging certificate for fedora messaging -Key/value: koji.ca/CA certificate for messaging -Key/value: koji.crt/Messaging certificate -Key/value: koji.key/Private key for messaging certificate -* kojira-client-cert -Description: Kojira client certificate to communicate with koji-hub (must have the CN: koji hub username for kojira) -Key/value: client.pem/Combined certificate with key signed by CA -* mbs-client-cert -Description: MBS backend client certificate to communicate with koji-hub (must have the CN: koji hub username for MBS) -Key/value: client.pem/Combined certificate with key signed by CA -* mbs-frontend-client-cert -Description: MBS frontend client certificate to communicate with koji-hub (must have the CN: koji hub hostname) -Key/value: client.pem/Combined certificate with key signed by CA -* mbs-frontend-client-cert -Description: MBS frontend server certificate -Key/value: tls.crt/MBS server certificate signed by CA -Key/value: tls.key/Private key for server certificate - From fc4e1b1286344ef7205ed447c412f9103a8b4258 Mon Sep 17 00:00:00 2001 From: lrossett Date: Dec 10 2020 14:06:44 +0000 Subject: [PATCH 3/4] fix index newline --- diff --git a/README.md b/README.md index ea9ee44..4501871 100644 --- a/README.md +++ b/README.md @@ -5,4 +5,5 @@ This repository aims to contain several procedures for the centos stream team me ## Index [MBBOX](./mbbox/README.md) + [Fedora Messaging](./fedora-messaging/README.md) From d6513e76e38289c748575a8b6b457a44fa8a45ed Mon Sep 17 00:00:00 2001 From: lrossett Date: Dec 10 2020 14:11:23 +0000 Subject: [PATCH 4/4] fix links --- diff --git a/README.md b/README.md index 4501871..2a465c2 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,6 @@ This repository aims to contain several procedures for the centos stream team me ## Index -[MBBOX](./mbbox/README.md) +[MBBOX](./mbbox) -[Fedora Messaging](./fedora-messaging/README.md) +[Fedora Messaging](./fedora-messaging/)