RabbitMQ: add topic auth to more apps
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
parent
632f16f252
commit
4249161ad0
|
@ -46,6 +46,8 @@ messaging:
|
|||
- app_name: Copr build system
|
||||
key: copr
|
||||
username: copr
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.copr\..*
|
||||
nrpe_procs_crit: 2500
|
||||
nrpe_procs_warn: 2200
|
||||
root_auth_users: msuchy pingou frostyx praiskup
|
||||
|
|
|
@ -40,6 +40,8 @@ messaging:
|
|||
- app_name: Copr build system
|
||||
key: copr
|
||||
username: copr
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.copr\..*
|
||||
root_auth_users: msuchy pingou frostyx praiskup
|
||||
spawn_in_advance: "false"
|
||||
tcp_ports: [
|
||||
|
|
|
@ -61,6 +61,8 @@ primary_auth_source: ipa
|
|||
tcp_ports: [80]
|
||||
# for fedora-messaging
|
||||
username: "github2fedmsg{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.github\..*
|
||||
# Definining these vars has a number of effects
|
||||
# 1) mod_wsgi is configured to use the vars for its own setup
|
||||
# 2) iptables opens enough ports for all threads for fedmsg
|
||||
|
|
|
@ -60,6 +60,8 @@ num_cpus: 1
|
|||
tcp_ports: [80]
|
||||
# for fedora-messaging
|
||||
username: "github2fedmsg{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.github\..*
|
||||
# Definining these vars has a number of effects
|
||||
# 1) mod_wsgi is configured to use the vars for its own setup
|
||||
# 2) iptables opens enough ports for all threads for fedmsg
|
||||
|
|
|
@ -21,6 +21,8 @@ messaging:
|
|||
- app_name: Copr build system
|
||||
key: copr
|
||||
username: copr
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.copr\..*
|
||||
# There is no python2 on F30
|
||||
nagios_Check_Services:
|
||||
dhcpd: false
|
||||
|
|
|
@ -21,6 +21,8 @@ messaging:
|
|||
- app_name: Copr build system
|
||||
key: copr
|
||||
username: copr
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.copr\..*
|
||||
nagios_Check_Services:
|
||||
dhcpd: false
|
||||
httpd: false
|
||||
|
|
|
@ -29,8 +29,6 @@
|
|||
- role: httpd/certificate
|
||||
certname: "{{wildcard_cert_name}}"
|
||||
SSLCertificateChainFile: "{{wildcard_int_file}}"
|
||||
- role: rabbit/user
|
||||
username: "mirror_pagure_ansible{{ env_suffix }}"
|
||||
- role: rabbit/user
|
||||
username: "batcave{{ env_suffix }}"
|
||||
sent_topics:
|
||||
|
@ -40,18 +38,22 @@
|
|||
username: "mirror_pagure_ansible{{ env_suffix }}"
|
||||
queue_name: "mirror_pagure_ansible{{ env_suffix }}"
|
||||
routing_keys:
|
||||
- "io.pagure.*.pagure.git.receive"
|
||||
- "io.pagure.*.pagure.git.receive"
|
||||
thresholds:
|
||||
warning: 10
|
||||
critical: 100
|
||||
sent_topics:
|
||||
- ^$
|
||||
- role: rabbit/queue
|
||||
username: "mirror_pagure_ansible{{ env_suffix }}"
|
||||
queue_name: "mirror_pagure_ansible{{ env_suffix }}_13"
|
||||
routing_keys:
|
||||
- "io.pagure.*.pagure.git.receive"
|
||||
- "io.pagure.*.pagure.git.receive"
|
||||
thresholds:
|
||||
warning: 10
|
||||
critical: 100
|
||||
sent_topics:
|
||||
- ^$
|
||||
when: datacenter != 'iad2'
|
||||
- batcave
|
||||
- role: grobisplitter
|
||||
|
|
|
@ -118,6 +118,8 @@
|
|||
- sudo
|
||||
- role: rabbit/user
|
||||
username: "koji{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.buildsys\..*
|
||||
|
||||
tasks:
|
||||
- import_tasks: "{{ tasks_path }}/motd.yml"
|
||||
|
|
|
@ -31,6 +31,8 @@
|
|||
# Set up for fedora-messaging
|
||||
- role: rabbit/user
|
||||
username: "logging{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..*
|
||||
- logging
|
||||
|
||||
pre_tasks:
|
||||
|
|
|
@ -99,8 +99,10 @@
|
|||
mailman_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}"
|
||||
- role: fedmsg/base
|
||||
# Set up for fedora-messaging
|
||||
- { role: rabbit/user,
|
||||
username: "mailman{{ env_suffix }}"}
|
||||
- role: rabbit/user
|
||||
username: "mailman{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.mailman\..*
|
||||
|
||||
tasks:
|
||||
- name: install more needed packages
|
||||
|
|
|
@ -102,8 +102,11 @@
|
|||
roles:
|
||||
- role: fedmsg/base
|
||||
# Set up for fedora-messaging
|
||||
- { role: rabbit/user,
|
||||
username: "mirrormanager{{ env_suffix }}"}
|
||||
- role: rabbit/user
|
||||
username: "mirrormanager{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
|
||||
handlers:
|
||||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
||||
|
|
|
@ -36,8 +36,11 @@
|
|||
- collectd/base
|
||||
- fedmsg/base
|
||||
# Set up for fedora-messaging
|
||||
- { role: rabbit/user,
|
||||
username: "notifs-backend{{ env_suffix }}"}
|
||||
- role: rabbit/user
|
||||
username: "notifs-backend{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.fmn\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
- sudo
|
||||
|
||||
tasks:
|
||||
|
|
|
@ -27,8 +27,11 @@
|
|||
- mod_wsgi
|
||||
- role: fedmsg/base
|
||||
# Set up for fedora-messaging
|
||||
- { role: rabbit/user,
|
||||
username: "notifs-web{{ env_suffix }}"}
|
||||
- role: rabbit/user
|
||||
username: "notifs-web{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.fmn\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
- notifs/frontend
|
||||
- sudo
|
||||
|
||||
|
|
|
@ -44,6 +44,8 @@
|
|||
roles:
|
||||
- role: rabbit/user
|
||||
username: "odcs{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.odcs\..*
|
||||
- mod_wsgi
|
||||
- role: nfs/client
|
||||
mnt_dir: '/mnt/fedora_koji'
|
||||
|
@ -144,8 +146,6 @@
|
|||
roles:
|
||||
- role: keytab/service
|
||||
service: odcs
|
||||
- role: rabbit/user
|
||||
username: "fmc{{ env_suffix }}"
|
||||
- role: rabbit/queue
|
||||
username: "fmc{{ env_suffix }}"
|
||||
queue_name: "{{ fmc_queue_name }}"
|
||||
|
@ -153,6 +153,8 @@
|
|||
thresholds:
|
||||
warning: 100
|
||||
critical: 1000
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.odcs\..*
|
||||
- role: fmc
|
||||
|
||||
handlers:
|
||||
|
|
|
@ -47,5 +47,8 @@
|
|||
# Set up for fedora-messaging
|
||||
- role: rabbit/user
|
||||
username: "pdc{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.pdc\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
when: inventory_hostname.startswith(('pdc-web01','pdc-web01.stg'))
|
||||
- pdc/frontend
|
||||
|
|
|
@ -77,6 +77,7 @@
|
|||
username: "planet{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.planet\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
|
||||
- role: apache
|
||||
|
||||
|
|
|
@ -84,6 +84,8 @@
|
|||
username: "pagure{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.pagure\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.git\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
|
||||
handlers:
|
||||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
||||
|
|
|
@ -130,6 +130,10 @@
|
|||
|
||||
- role: rabbit/user
|
||||
username: "pungi{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.pungi\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.compose\..*
|
||||
|
||||
- {
|
||||
role: "push-container-registry",
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
|
||||
roles:
|
||||
- role: rabbit/queue
|
||||
username: faf
|
||||
username: faf{{ env_suffix }}
|
||||
queue_name: faf
|
||||
routing_keys:
|
||||
- "org.fedoraproject.*.faf.report.threshold1"
|
||||
|
@ -46,6 +46,8 @@
|
|||
- "org.fedoraproject.*.faf.problem.threshold10000"
|
||||
- "org.fedoraproject.*.faf.problem.threshold100000"
|
||||
- "org.fedoraproject.*.faf.problem.threshold1000000"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.faf\..*
|
||||
|
||||
- name: Setup retrace hosts
|
||||
hosts: retrace,retrace_stg
|
||||
|
|
|
@ -55,9 +55,11 @@
|
|||
when: master_sundries_node|bool
|
||||
- role: fedora-web/kinoite/build
|
||||
when: master_sundries_node|bool
|
||||
- { role: rabbit/user,
|
||||
username: "sundries{{ env_suffix }}",
|
||||
when: master_sundries_node|bool and deployment_type == "stg" }
|
||||
- role: rabbit/user
|
||||
username: "sundries{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^$
|
||||
when: master_sundries_node|bool and deployment_type == "stg"
|
||||
- role: fedmsg/base
|
||||
when: master_sundries_node|bool
|
||||
- role: nfs/client
|
||||
|
|
|
@ -30,8 +30,13 @@
|
|||
- apache
|
||||
- fedmsg/base
|
||||
# Set up for fedora-messaging
|
||||
- { role: rabbit/user, username: "wiki{{ env_suffix }}", when: inventory_hostname.startswith('wiki01') }
|
||||
- { role: rabbit/queue, username: "wiki{{ env_suffix }}", queue_name: "wiki{{ env_suffix }}"}
|
||||
- role: rabbit/queue
|
||||
username: "wiki{{ env_suffix }}"
|
||||
queue_name: "wiki{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.wiki\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.logger\.log\..*
|
||||
when: inventory_hostname.startswith('wiki01')
|
||||
- { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments' }
|
||||
- { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' }
|
||||
- mediawiki
|
||||
|
|
|
@ -67,6 +67,9 @@
|
|||
- "org.fedoraproject.*.coreos.build.request.artifacts-sign"
|
||||
- "org.fedoraproject.*.coreos.build.request.ostree-sign"
|
||||
- "org.fedoraproject.*.buildsys.tag"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.coreos\..*\.finished$
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.robosignatory\..*\.finished$
|
||||
- robosignatory
|
||||
- role: keytab/service
|
||||
service: autosign
|
||||
|
|
|
@ -43,6 +43,8 @@
|
|||
thresholds:
|
||||
warning: 10
|
||||
critical: 100
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.coreos\..*
|
||||
|
||||
# Fedora Messaging secrets
|
||||
- role: openshift/secret-file
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
thresholds:
|
||||
warning: 50
|
||||
critical: 100
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.greenwave\..*
|
||||
|
||||
# The openshift/project role breaks if the project already exists:
|
||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||
|
|
|
@ -16,6 +16,9 @@
|
|||
queue_name: "{{ app }}{{ env_suffix }}"
|
||||
routing_keys: []
|
||||
message_ttl: 60000
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.koschei\..*
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.ci\..*
|
||||
|
||||
- openshift/project
|
||||
|
||||
|
|
|
@ -37,9 +37,6 @@
|
|||
|
||||
# Setup for fedora-messaging
|
||||
|
||||
- role: rabbit/user
|
||||
username: "mts{{ env_suffix }}"
|
||||
|
||||
- role: rabbit/queue
|
||||
username: "mts{{ env_suffix }}"
|
||||
queue_name: "mts{{ env_suffix }}"
|
||||
|
@ -48,6 +45,8 @@
|
|||
thresholds:
|
||||
warning: 10
|
||||
critical: 100
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.build\.tag\..*
|
||||
|
||||
# cacert, certificate and private key for fedora-messaging
|
||||
|
||||
|
|
|
@ -26,6 +26,8 @@
|
|||
|
||||
- role: rabbit/user
|
||||
username: "monitor-gating{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..*
|
||||
|
||||
- role: openshift/keytab
|
||||
app: monitor-gating
|
||||
|
|
|
@ -9,9 +9,6 @@
|
|||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
roles:
|
||||
- role: rabbit/user
|
||||
username: "resultsdb{{ env_suffix }}_ci_listener"
|
||||
|
||||
- role: rabbit/queue
|
||||
username: "resultsdb{{ env_suffix }}_ci_listener"
|
||||
queue_name: "resultsdb{{ env_suffix }}_ci_listener"
|
||||
|
@ -25,6 +22,8 @@
|
|||
- 'org.centos.*.ci.koji-build.test.running'
|
||||
- 'org.centos.*.ci.koji-build.test.complete'
|
||||
- 'org.centos.*.ci.koji-build.test.error'
|
||||
sent_topics:
|
||||
- ^$
|
||||
|
||||
# The openshift/project role breaks if the project already exists:
|
||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||
|
|
|
@ -40,6 +40,8 @@
|
|||
roles:
|
||||
- role: rabbit/user
|
||||
username: "resultsdb{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..*
|
||||
|
||||
# The openshift/project role breaks if the project already exists:
|
||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||
|
|
|
@ -22,9 +22,6 @@
|
|||
tags:
|
||||
- appowners
|
||||
|
||||
- role: rabbit/user
|
||||
username: "toddlers{{ env_suffix }}"
|
||||
|
||||
- role: rabbit/queue
|
||||
username: toddlers{{ env_suffix }}
|
||||
queue_name: toddlers{{ env_suffix }}
|
||||
|
@ -56,6 +53,8 @@
|
|||
thresholds:
|
||||
warning: 10
|
||||
critical: 100
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.toddlers\..*
|
||||
|
||||
- role: openshift/keytab
|
||||
app: toddlers
|
||||
|
|
|
@ -39,6 +39,8 @@
|
|||
roles:
|
||||
- role: rabbit/user
|
||||
username: "waiverdb{{ env_suffix }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..*
|
||||
|
||||
# The openshift/project role breaks if the project already exists:
|
||||
# https://pagure.io/fedora-infrastructure/issue/6404
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
include_role: name=rabbit/user
|
||||
vars:
|
||||
- username: "{{ item.username }}{{ env_suffix }}"
|
||||
sent_topics: "{{ item.sent_topics }}"
|
||||
with_items: "{{ messaging.certificates }}"
|
||||
tags:
|
||||
- fedora-messaging
|
||||
|
|
|
@ -68,14 +68,9 @@
|
|||
include_role:
|
||||
name: rabbit/user
|
||||
vars:
|
||||
username: copr{{ env_suffix }}
|
||||
|
||||
- name: faf
|
||||
run_once: true
|
||||
include_role:
|
||||
name: rabbit/user
|
||||
vars:
|
||||
username: faf{{ env_suffix }}
|
||||
username: copr{{ env_suffix }}
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.copr\..*
|
||||
|
||||
- name: CentOS Stream
|
||||
run_once: true
|
||||
|
@ -371,13 +366,6 @@
|
|||
#
|
||||
# ELN BEGIN
|
||||
|
||||
- name: eln build user
|
||||
run_once: true
|
||||
include_role:
|
||||
name: rabbit/user
|
||||
vars:
|
||||
username: distrobuildsync-eln
|
||||
|
||||
- name: eln queue
|
||||
run_once: true
|
||||
include_role:
|
||||
|
|
|
@ -104,6 +104,8 @@
|
|||
name: rabbit/user
|
||||
vars:
|
||||
username: "{{ botnames[env] }}"
|
||||
sent_topics:
|
||||
- ^org\.fedoraproject\.{{ env_short }}\.meetbot\..*
|
||||
when:
|
||||
- inventory_hostname.startswith('value02')
|
||||
|
||||
|
|
Loading…
Reference in New Issue