fedmsg status, production, and help with testing?

Wed Aug 1 12:22:34 UTC 2012

I've been working on the Messaging SIG work for fedmsg for a few months now and
have been active in IRC, but silent on this list.  Here's a status report.

At this point, I've developed an API for sending and receiving messages and have
patched some existing services for only sending.  Nothing *depends* on fedmsg
messages arriving at this point, nor will anything so depend for a long while
out.  We want to be able to test and make sure that the fedmsg message bus is
reliable and secure before we do anything like that.

Status
------

In staging, the following services are emitting fedmsg messages.

 - bodhi
 - fas
 - mediawiki
 - tagger
 - scm/gitolite/fedpkg

Additionally, there is a new service running on app01.stg called "fedmsg-relay".
There are also two new commands: "fedmsg-logger" and "fedmsg-tail".

The messages are all signed by service-host specific RSA keys.  Documentation
for the CA and generating new cert/key pairs can be found at
http://infrastructure.fedoraproject.org/infra/docs/fedmsg-certs.txt

Motivation
----------

I'd like to move most of the puppet modules I have from "modules-staging" to
"modules" sooner than later.  I'm worried about that directory bloating and
getting out of sync with the main modules directory over the long winter of the
freeze.  There's much more work to be done and the freeze offers a good
opportunity to assess and commit to a setup.  However, the freeze is set for
next Tuesday, so soon!

lmacken is preparing a bodhi1 release before the freeze which will include the
fedmsg work and relrod is working on a fas release.  That leaves mediawiki,
tagger, and scm/gitolite/fedpkg on which we'll need to coordinate a push to
production or decide that they stay in staging for the time being.

For anyone with the time/energy, here is a set of instructions for how
to test what I've set up.  I've tested it pretty thoroughly, but peer review is
best.

Grotesque Detail
----------------

For all the tests, login to app0[1-7].stg or packages[1-2].stg and run
"fedmsg-tail".  There will be spam from the busmon consumer we have
running in staging, so its probably best to run
"fedmsg-tail | grep -v busmon".

Message signing is turned on globally from puppet in /etc/fedmsg.d/ssl.py.
On a given host (say, app01.stg), check /etc/pki/fedmsg to see if the
permissions on public certs and private keys makes sense.

 - fedmsg-logger

   - $ echo "this is a test" | fedmsg-logger

 - bodhi

   - Login to https://admin.stg.fedoraproject.org/updates
   - Messages are sent when you:

     - Make any change to an update.

 - fas

   - Login to https://admin.stg.fedoraproject.org/accounts
   - Messages are sent when you:

     - create a new user
     - edit your profile
     - apply for a group.
     - sponsor someone for a group.
     - create a group.
     - update a group.
     - remove a member from a group.

 - mediawiki

   - Login to https://stg.fedoraproject.org/wiki/Fedora_Project_Wiki
   - Messages are sent when you:

     - edit an article
     - upload something

 - tagger

   - Login to https://apps.stg.fedoraproject.org/tagger/
   - Messages are sent when you:

     - Upvote/downvote a tag
     - Add a new tag
     - Login

 - scm/gitolite/fedpkg

   - Change your /etc/rpkg/fedpkg.conf to point to stg.fedoraproject.org.
   - Messages are sent when you:

     - Push a new commit

Post Freeze Plans
-----------------

Whether or not we can vet and push these into production before the freeze, I
will be working on the following bits afterwards:

 - Documentation sprint:  Some documentation for developers exists, but it
   hasn't had careful attention in a few months.  It should include both a
   How-To for developers and some discussion of how the fedmsg internals work.
 - Start in on patches that add hooks to other services.
   http://fedmsg.readthedocs.org/en/latest/status.html is my running list.  I
   think pkgdb, meetbot, and elections are next.