Page MenuHomeDevCentral
Differential D2354

Configure Notifications center
ClosedPublic
Actions

Authored by dereckson on Oct 2 2020, 00:27.
Tags
Referenced Files
F3714831: D2354.id7126.diff
Mon, Nov 4, 20:50
Unknown Object (File)
Mon, Nov 4, 07:11
Unknown Object (File)
Sun, Nov 3, 16:09
Unknown Object (File)
Sat, Nov 2, 17:37
Unknown Object (File)
Fri, Nov 1, 02:13
Unknown Object (File)
Thu, Oct 31, 15:15
Unknown Object (File)
Thu, Oct 31, 12:21
Unknown Object (File)
Thu, Oct 31, 11:27
View All Files
Subscribers
None

Details

Reviewers
dereckson
DorianWinty
Commits
rOPS7a74d2b7a8cc: Configure Notifications center
Summary

Currently, the notifications center configuration is stored into
an ad hoc repository, operations-data-notifications (rOPSDATAN).

Configuration files are JSON, which can be more compactly expressed
and maintained in YAML, then dumped on the server as JSON.

As we need to provision those files and set SELinux context for them,
they can be hosted directly on rOPS too.

Secrets for credentials.json are stored in Vault.

Test Plan

Deploy container and config on docker-001.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Oct 2 2020, 00:27
dereckson created this revision.
Harbormaster completed remote builds in B3657: Diff 5928.Oct 2 2020, 00:27
dereckson updated this revision to Diff 5929.Oct 2 2020, 00:33

Confused two files for a change. This one will be the config change so.

Harbormaster completed remote builds in B3658: Diff 5929.Oct 2 2020, 00:33
dereckson updated this revision to Diff 5930.Oct 2 2020, 00:34

chmod

Harbormaster completed remote builds in B3659: Diff 5930.Oct 2 2020, 00:34
dereckson updated this revision to Diff 5931.Oct 2 2020, 00:37

Rebase

Harbormaster completed remote builds in B3660: Diff 5931.Oct 2 2020, 00:37
dereckson retitled this revision from Move notifications container to production Docker engine to Configure Notifications center.Oct 2 2020, 00:48
dereckson edited the summary of this revision. (Show Details)
dereckson edited the test plan for this revision. (Show Details)
dereckson added projects: Nasqueron Docker deployment squad, Notifications center.
dereckson updated this revision to Diff 5934.Oct 2 2020, 01:47

Fix uid, gid and path: this is Notifications center, not RabbitMQ.

Harbormaster completed remote builds in B3662: Diff 5934.Oct 2 2020, 01:47
dereckson planned changes to this revision.Oct 3 2020, 01:14
dereckson added inline comments.
pillar/notifications/config.sls
57

orgz

dereckson added a comment.Jan 26 2023, 18:17

Next: switch to Vault credentials

dereckson updated this revision to Diff 7005.Jan 26 2023, 18:18

Rebased. org/orgz fixed.

Harbormaster completed remote builds in B4365: Diff 7005.Jan 26 2023, 18:18
dereckson updated this revision to Diff 7006.Jan 26 2023, 18:36

Switch to Vault

Harbormaster completed remote builds in B4366: Diff 7006.Jan 26 2023, 18:37
dereckson added a comment.Jan 26 2023, 18:53

Next: migrate secrets to Vault

#!/bin/sh
vault kv put ops/secrets/nasqueron.notifications.credentials_github_nasqueron password=$(ssh ysul /usr/home/zr/bin/getcredentials 153 token)
vault kv put ops/secrets/nasqueron.notifications.credentials_github_wolfplex password=$(ssh ysul /usr/home/zr/bin/getcredentials 156 token)
vault kv put ops/secrets/nasqueron.notifications.credentials_github_keruald password=$(ssh ysul /usr/home/zr/bin/getcredentials 157 token)
vault kv put ops/secrets/nasqueron.notifications.credentials_github_trustspace password=$(ssh ysul /usr/home/zr/bin/getcredentials 158 token)
vault kv put ops/secrets/nasqueron.notifications.credentials_github_eglide password=$(ssh ysul /usr/home/zr/bin/getcredentials 159 token)
vault kv put ops/secrets/nasqueron.notifications.credentials_phabricator_nasqueron password=$(ssh ysul /usr/home/zr/bin/getcredentials 154 token)
pillar/notifications/config.sls
43

Not sure api_token has ever been used, code uses secret field in PhabricatorAPI class.

dereckson edited the summary of this revision. (Show Details)Jan 26 2023, 19:50
DorianWinty accepted this revision.Jan 30 2023, 19:10
This revision is now accepted and ready to land.Jan 30 2023, 19:10
dereckson updated this revision to Diff 7082.Feb 7 2023, 23:19

Rebase

Harbormaster completed remote builds in B4417: Diff 7082.Feb 7 2023, 23:19
dereckson updated this revision to Diff 7125.Feb 20 2023, 23:26

Rebased. Removed created field from new file.

Harbormaster completed remote builds in B4449: Diff 7125.Feb 20 2023, 23:26
Closed by commit rOPS7a74d2b7a8cc: Configure Notifications center (authored by dereckson). · Explain WhyFeb 20 2023, 23:27
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPS7a74d2b7a8cc: Configure Notifications center.
dereckson added inline comments.Feb 20 2023, 23:28
pillar/notifications/config.sls
19

Pillar doesn't have access to credentials module.

Furthermore, access is granted to those keys for docker-001, not the Salt master.

Perhaps we need a Jinja filter to call credentials.get_password (get_token is an alias for get_password, so no need to implement that)?

dereckson added a comment.Feb 20 2023, 23:28

Deployed on docker-002.

Revision Contents
Changeset List

PathSize
_modules/
28 lines
pillar/
credentials/
7 lines
notifications/
153 lines
1 line
roles/
paas-docker/
containers/
46 lines

Diff 7126

View Options

_modules/notifications.py

Loading...
View Options

pillar/credentials/vault.sls

Loading...
View Options

pillar/notifications/config.sls

Loading...
View Options

pillar/top.sls

Loading...
View Options

roles/paas-docker/containers/notifications.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator