#720 DNF Counting: Set up fedora-messaging for log servers, move syncHttpLogs.sh out of base-role
Merged 3 years ago by nphilipp. Opened 3 years ago by nphilipp.
fedora-infra/ nphilipp/ansible main--logging-messaging  into  main

@@ -29,6 +29,10 @@ 

      service: HTTP

      host: "admin.fedoraproject.org"

      when: env == "production"

+   # Set up for fedora-messaging

+   - role: rabbit/user

+     username: "logging{{ env_suffix }}"

+   - logging

  

    pre_tasks:

    - import_tasks: "{{ tasks_path }}/yumrepos.yml"

@@ -444,13 +444,6 @@ 

    - base

    - common-scripts

  

- - name: install a sync httpd logs cron script only on log01

-   copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=0755

-   when: inventory_hostname.startswith('log01')

-   tags:

-   - config

-   - base

- 

  - name: Drop in a little system_identification note

    template: src=system_identification dest=/etc/system_identification

    tags:

@@ -0,0 +1,60 @@ 

+ ---

+ - name: Create /etc/pki/fedora-messaging

+   file:

+     dest: /etc/pki/fedora-messaging

+     mode: 0775

+     owner: root

+     group: root

+     state: directory

+   tags:

+   - config

+   - logging

+   - fedora-messaging

+ 

+ - name: Deploy the fedora-messaging CA

+   copy:

+     src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt"

+     dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt

+     mode: 0644

+     owner: root

+     group: root

+   tags:

+   - config

+   - logging

+   - fedora-messaging

+ 

+ - name: Deploy the fedora-messaging cert

+   copy:

+     src: "{{ private }}/files/rabbitmq/{{ env }}/pki/issued/logging{{ env_suffix }}.crt"

+     dest: /etc/pki/fedora-messaging/logging.crt

+     mode: 0644

+     owner: root

+     group: root

+   tags:

+   - config

+   - logging

+   - fedora-messaging

+ 

+ - name: Deploy the fedora-messaging key

+   copy:

+     src: "{{ private }}/files/rabbitmq/{{ env }}/pki/private/logging{{ env_suffix }}.key"

+     dest: /etc/pki/fedora-messaging/logging.key

+     mode: 0600

+     owner: root

+     group: root

+   tags:

+   - config

+   - logging

+   - fedora-messaging

+ 

+ - name: Install fedora-messaging config

+   template:

+     src: fedora-messaging.toml.j2

+     dest: /etc/fedora-messaging/config.toml

+     owner: root

+     group: root

+     mode: 0600

+   tags:

+   - config

+   - logging

+   - fedora-messaging

@@ -0,0 +1,18 @@ 

+ amqp_url = "amqps://logging{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"

+ 

+ {% if env == "staging" %}

+ topic_prefix = "org.fedoraproject.stg"

+ {% else %}

+ topic_prefix = "org.fedoraproject.prod"

+ {% endif %}

+ 

+ publish_exchange = "amq.topic"

+ passive_declares = true

+ 

+ [tls]

+ ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt"

+ keyfile = "/etc/pki/fedora-messaging/logging.key"

+ certfile = "/etc/pki/fedora-messaging/logging.crt"

+ 

+ [client_properties]

+ app = "logging"

roles/web-data-analysis/files/syncHttpLogs.sh roles/base/files/syncHttpLogs.sh
file renamed
file was moved with no change to the file
@@ -150,3 +150,10 @@ 

    tags:

      - web-data

      - cron

+ 

+ - name: install a sync httpd logs cron script only on log01

+   copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=0755

+   when: inventory_hostname.startswith('log01')

+   tags:

+     - web-data

+     - config

This PR does the following:

  • Sets up logging user in RabbitMQ
  • Adds logging role which configures fedora-messaging and installs the necessary certificates
  • Moves the syncHttpLogs.sh script into the web-data-analysis role (was previously in base)

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

Zuul doesn't seem to like the file rename but otherwise looks good to me

Pull-Request has been merged by nphilipp

3 years ago