Details

Reviewers

dereckson

Maniphest Tasks

T1755: Deploy Notifications Center test environnement

Commits

rOPS64a4a8a29969: Provision Notifications center integration environment

Summary

This environment provides:

Notifications center
A separate broker, so we can test new routing and mirror traffic without disrupt our existing notifications workflows
Vault, as there is plan to use it to store credentials

As the main goal is to integrate and test new features,
"integration" is the chosen name for this environment.

The Vault is for future work for the Notifications center
to retrieve credentials. Credentials used by Salt to deploy
the integration environment uses the regular ops Vault.

Signed-off-by: Sébastien Santoro <dereckson@espace-win.org>

Ref T1755

Test Plan

Deploy to Dwellers

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

DorianWinty requested review of this revision.Jan 31 2023, 23:26

DorianWinty created this revision.

Harbormaster completed remote builds in B4368: Diff 7008.Jan 31 2023, 23:26

correct spaces

Harbormaster completed remote builds in B4369: Diff 7009.Feb 1 2023, 14:32

jinja error

Harbormaster completed remote builds in B4370: Diff 7010.Feb 1 2023, 14:54

change host + space + docker image

Harbormaster completed remote builds in B4373: Diff 7013.Feb 1 2023, 21:29

Nginx for vault

Harbormaster completed remote builds in B4374: Diff 7014.Feb 1 2023, 21:56

change vault id name

Harbormaster completed remote builds in B4375: Diff 7015.Feb 1 2023, 22:03

change vault id name

Harbormaster completed remote builds in B4376: Diff 7016.Feb 1 2023, 22:20

recursive policies

Harbormaster completed remote builds in B4378: Diff 7019.Feb 1 2023, 23:31

DorianWinty edited the summary of this revision. (Show Details)Feb 1 2023, 23:44

DorianWinty added a task: T1755: Deploy Notifications Center test environnement.

nginx for vault updated

Harbormaster completed remote builds in B4379: Diff 7020.Feb 2 2023, 20:14

Harbormaster completed remote builds in B4380: Diff 7021.Feb 2 2023, 20:28

change location name

Harbormaster completed remote builds in B4381: Diff 7022.Feb 2 2023, 20:31

dereckson requested changes to this revision.Feb 9 2023, 23:21

dereckson added inline comments.

pillar/paas/docker.sls
229 ↗	(On Diff #7022)	Credentials for RabbitMQ With D2792, we can now configure RabbitMQ credentials through Salt: credentials: erlang-cookie: nasqueron/rabbitmq/orange-rabbit/erlang-cookie root: nasqueron/rabbitmq/orange-rabbit/root They've already been set to Vault.

This revision now requires changes to proceed.Feb 9 2023, 23:21

Credentials also need to be set for paas-docker-dev role in pillar/credentials/vault.sls

dereckson added inline comments.Mar 5 2023, 21:26

roles/paas-docker/nginx/files/vhosts/vault.conf
5	^

dereckson added inline comments.Apr 1 2023, 17:59

pillar/paas/docker.sls
93 ↗	(On Diff #7022)	Added to NetBox - https://netbox.nasqueron.org/ipam/prefixes/37/
221 ↗	(On Diff #7022)	Would actually be useful if it can uses that project too, as Sentry allows to tag the releases (with the commit hash for example), and say "this is deployed in prod" "this is deployed in testing". But we need to express to the SDK (it takes from laravel environment I think) the idea it's testing. Also, testing name is used by the tests suite, so we need another environment name.
roles/paas-docker/containers/vault.sls
35	vault.hcl refer to two other files: tls_cert_file = "/vault/config/certificates/fullchain.pem" tls_key_file = "/vault/config/certificates/private.key" I guess if it has a public domain name, we can use Let's Encrypt certificates there? But we need a script to copy certificates files to /srv/vault/<instance>/config/certificates/ This script can automatically be run by certbot after a certificate is renewed

dereckson added inline comments.Apr 1 2023, 18:23

roles/paas-docker/containers/vault.sls
51	We use the upstream image according what you put in docker_images

dereckson added inline comments.Apr 1 2023, 18:31

pillar/paas/docker.sls
214 ↗	(On Diff #7022)	that's the container name, ie orange-rabbit here
roles/paas-docker/containers/vault.sls
60

Rebased. Addressed some of the comments.

Harbormaster completed remote builds in B4676: Diff 7560.Apr 1 2023, 18:33

Scope for this change: Docker containers + nginx config

We need 3 follow-up changes:

configure RabbitMQ, like in D2793
a script to copy Let's Encrypt certificates to the correct /srv/vault/ path
provision Vault (we were exploring in February a scenario to ask the ops Vault to authenticate and unseal this one)

Use "integration" to better stress on the functional role of this environment, to integrate new features.

Harbormaster completed remote builds in B4677: Diff 7561.Apr 1 2023, 19:25

dereckson retitled this revision from WIP: Provision Dev notifications center to Provision Notifications center integration environment.Apr 1 2023, 19:31

dereckson edited the summary of this revision. (Show Details)

dereckson edited the test plan for this revision. (Show Details)

dereckson edited the summary of this revision. (Show Details)Apr 2 2023, 20:09