Page MenuHomeDevCentral

Provision Notifications center integration environment
ClosedPublic

Authored by DorianWinty on Jan 31 2023, 23:26.
Tags
None
Referenced Files
F3764107: D2761.id7560.diff
Fri, Nov 22, 04:15
F3763964: D2761.id7008.diff
Fri, Nov 22, 03:36
F3763961: D2761.id7009.diff
Fri, Nov 22, 03:35
F3763391: D2761.diff
Thu, Nov 21, 23:16
F3762082: D2761.id7015.diff
Thu, Nov 21, 07:08
Unknown Object (File)
Mon, Nov 18, 16:14
Unknown Object (File)
Mon, Nov 18, 15:22
Unknown Object (File)
Mon, Nov 18, 04:00
Subscribers
None

Details

Summary

This environment provides:

  • Notifications center
  • A separate broker, so we can test new routing and mirror traffic without disrupt our existing notifications workflows
  • Vault, as there is plan to use it to store credentials

As the main goal is to integrate and test new features,
"integration" is the chosen name for this environment.

The Vault is for future work for the Notifications center
to retrieve credentials. Credentials used by Salt to deploy
the integration environment uses the regular ops Vault.

Signed-off-by: Sébastien Santoro <dereckson@espace-win.org>

Ref T1755

Test Plan

Deploy to Dwellers

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

DorianWinty created this revision.

change host + space + docker image

DorianWinty edited the summary of this revision. (Show Details)

nginx for vault updated

dereckson requested changes to this revision.Feb 9 2023, 23:21
dereckson added inline comments.
pillar/paas/docker.sls
229 ↗(On Diff #7022)

Credentials for RabbitMQ

With D2792, we can now configure RabbitMQ credentials through Salt:

credentials:
  erlang-cookie: nasqueron/rabbitmq/orange-rabbit/erlang-cookie
  root: nasqueron/rabbitmq/orange-rabbit/root

They've already been set to Vault.

This revision now requires changes to proceed.Feb 9 2023, 23:21

Credentials also need to be set for paas-docker-dev role in pillar/credentials/vault.sls

roles/paas-docker/nginx/files/vhosts/vault.conf
5

^

pillar/paas/docker.sls
93 ↗(On Diff #7022)
221 ↗(On Diff #7022)

Would actually be useful if it can uses that project too, as Sentry allows to tag the releases (with the commit hash for example), and say "this is deployed in prod" "this is deployed in testing".

But we need to express to the SDK (it takes from laravel environment I think) the idea it's testing. Also, testing name is used by the tests suite, so we need another environment name.

roles/paas-docker/containers/vault.sls
35

vault.hcl refer to two other files:

tls_cert_file = "/vault/config/certificates/fullchain.pem"
tls_key_file = "/vault/config/certificates/private.key"

I guess if it has a public domain name, we can use Let's Encrypt certificates there?

But we need a script to copy certificates files to /srv/vault/<instance>/config/certificates/
This script can automatically be run by certbot after a certificate is renewed

roles/paas-docker/containers/vault.sls
51

We use the upstream image according what you put in docker_images

pillar/paas/docker.sls
214 ↗(On Diff #7022)

that's the container name, ie orange-rabbit here

roles/paas-docker/containers/vault.sls
60

Rebased. Addressed some of the comments.

Scope for this change: Docker containers + nginx config

We need 3 follow-up changes:

  • configure RabbitMQ, like in D2793
  • a script to copy Let's Encrypt certificates to the correct /srv/vault/ path
  • provision Vault (we were exploring in February a scenario to ask the ops Vault to authenticate and unseal this one)

Use "integration" to better stress on the functional role of this environment, to integrate new features.

dereckson retitled this revision from WIP: Provision Dev notifications center to Provision Notifications center integration environment.Apr 1 2023, 19:31
dereckson edited the summary of this revision. (Show Details)
dereckson edited the test plan for this revision. (Show Details)
This revision is now accepted and ready to land.Apr 3 2023, 19:57