From c987bacc95c75077febffa505242a26fd45800ac Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Tue, 19 Mar 2024 14:24:39 +1000
Subject: [PATCH] ci: Rabbitmq progress (wip) (#7233)

* ci: rabbitmq service (wip)

* ci: customize rabbitmq config
---
 helm/templates/configmap.yaml                 | 56 +++++++++++++++++++
 helm/templates/services/rabbitmq.yaml         | 20 +++++++
 .../rabbitmq.yaml                             |  6 +-
 helm/values.yaml                              | 18 ++++--
 4 files changed, 91 insertions(+), 9 deletions(-)
 create mode 100644 helm/templates/services/rabbitmq.yaml
 rename helm/templates/{deployments => statefulsets}/rabbitmq.yaml (96%)

diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
index 904efe862..89983b5f0 100644
--- a/helm/templates/configmap.yaml
+++ b/helm/templates/configmap.yaml
@@ -5,3 +5,59 @@ metadata:
 data:
   settings_local.py: |-
     {{- .Files.Get "settings_local.py" | indent 4 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rabbitmq-configmap
+data:
+  definitions.json: |-
+    {
+      "permissions": [
+        {
+          "configure": ".*",
+          "read": ".*",
+          "user": "datatracker",
+          "vhost": "dt",
+          "write": ".*"
+        }
+      ],
+      "users": [
+        {
+          "hashing_algorithm": "rabbit_password_hashing_sha256",
+          "limits": {},
+          "name": "datatracker",
+          "password_hash": "HJxcItcpXtBN+R/CH7dUelfKBOvdUs3AWo82SBw2yLMSguzb",
+          "tags": []
+        }
+      ],
+      "vhosts": [
+        {
+          "limits": [],
+          "metadata": {
+            "description": "",
+            "tags": []
+          },
+          "name": "dt"
+        }
+      ]
+    }
+  rabbitmq.conf: |-
+    # prevent guest from logging in over tcp
+    loopback_users.guest = true
+    
+    # load saved definitions
+    load_definitions = /etc/rabbitmq/definitions.json
+    
+    # Ensure that enough disk is available to flush to disk. To do this, need to limit the
+    # memory available to the container to something reasonable. See
+    # https://www.rabbitmq.com/production-checklist.html#monitoring-and-resource-usage
+    # for recommendations.
+    
+    # 1-1.5 times the memory available to the container is adequate for disk limit
+    disk_free_limit.absolute = 6000MB
+    
+    # This should be ~40% of the memory available to the container. Use an
+    # absolute number because relative will be proprtional to the full machine
+    # memory.
+    vm_memory_high_watermark.absolute = 1600MB
diff --git a/helm/templates/services/rabbitmq.yaml b/helm/templates/services/rabbitmq.yaml
new file mode 100644
index 000000000..a23c4eaef
--- /dev/null
+++ b/helm/templates/services/rabbitmq.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rabbitmq
+  labels: {{- include "datatracker.labels" . | nindent 4 }}
+  {{- with .Values.rabbitmq.service.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  type: {{.Values.rabbitmq.service.type}}
+  clusterIP: None  # headless service
+  ports:
+    - port: {{ default "5672" .Values.rabbitmq.service.port}}
+      targetPort: amqp
+      protocol: TCP
+      name: amqp
+  selector: {{- include "datatracker.selectorLabels" . | nindent 4}}
diff --git a/helm/templates/deployments/rabbitmq.yaml b/helm/templates/statefulsets/rabbitmq.yaml
similarity index 96%
rename from helm/templates/deployments/rabbitmq.yaml
rename to helm/templates/statefulsets/rabbitmq.yaml
index a44a84a25..cad4f1650 100644
--- a/helm/templates/deployments/rabbitmq.yaml
+++ b/helm/templates/statefulsets/rabbitmq.yaml
@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: {{ include "datatracker.rabbitmq.fullname" . }}
   labels:
@@ -41,8 +41,8 @@ spec:
             {{- toYaml . | nindent 12 }}
     {{- end }}
           ports:
-            - name: http
-              containerPort: 8000
+            - name: amqp
+              containerPort: 5672
               protocol: TCP
           livenessProbe:
             {{- toYaml $podValues.livenessProbe | nindent 12 }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 68b9344c0..dc5c24f06 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -387,11 +387,11 @@ beat:
 # -------------------------------------------------------------
 
 rabbitmq:
-  name: rabbitmq
+  name: "rabbitmq"
   image:
-    repository: "ghcr.io/ietf-tools/datatracker-mq"
+    repository: "rabbitmq"
     pullPolicy: IfNotPresent
-    tag: "latest"
+    tag: "3.13"
 
   imagePullSecrets: []
   nameOverride: ""
@@ -433,7 +433,7 @@ rabbitmq:
 
   service:
     type: ClusterIP
-    port: 80
+    port: 5672
 
   serviceAccount:
     # Specifies whether a service account should be created
@@ -456,14 +456,19 @@ rabbitmq:
       command: ["rabbitmq-diagnostics", "-q", "ping"]
 
   # Additional volumes on the output Deployment definition.
-  volumes: []
+  volumes:
+    - name: "rabbitmq-config"
+      configMap:
+        name: "rabbitmq-configmap"
     # - name: foo
     #   secret:
     #     secretName: mysecret
     #     optional: false
   
     # Additional volumeMounts on the output Deployment definition.
-  volumeMounts: []
+  volumeMounts:
+    - name: "rabbitmq-config"
+      mountPath: "/etc/rabbitmq"
     # - name: foo
     #   mountPath: "/etc/foo"
     #   readOnly: true
@@ -557,3 +562,4 @@ env:
   DBUSER: "django"
   DBPASS: "RkTkDPFnKpko"
   DJANGO_SECRET_KEY: "PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHk"
+  CELERY_BROKER_URL: "amqp://datatracker:frog@rabbitmq/dt"