From 270f31b96d9f4f9653b8e2f9120a940df531a3a8 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Mon, 18 Mar 2024 18:05:54 +1000
Subject: [PATCH 1/2] ci: rabbitmq service (wip)

---
 helm/templates/deployments/beat.yaml          |  2 ++
 helm/templates/deployments/celery.yaml        |  2 ++
 helm/templates/services/rabbitmq.yaml         | 20 +++++++++++++++++++
 .../rabbitmq.yaml                             |  6 +++---
 helm/values.yaml                              |  8 ++++----
 5 files changed, 31 insertions(+), 7 deletions(-)
 create mode 100644 helm/templates/services/rabbitmq.yaml
 rename helm/templates/{deployments => statefulsets}/rabbitmq.yaml (96%)

diff --git a/helm/templates/deployments/beat.yaml b/helm/templates/deployments/beat.yaml
index 6f7409fb9c..083f8e7cc9 100644
--- a/helm/templates/deployments/beat.yaml
+++ b/helm/templates/deployments/beat.yaml
@@ -30,6 +30,8 @@ spec:
           image: "{{ default $.Values.datatracker.image.repository $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}"
           imagePullPolicy: {{ default "IfNotPresent" (default $.Values.datatracker.image.imagePullPolicy $podValues.image.imagePullPolicy) }}
           env:
+            - name: "CELERY_BROKER_URL"
+              value: "amqp://guest:guest@rabbitmq:{{ default "5672" .Values.rabbitmq.service.port }}/"
             - name: "CONTAINER_ROLE"
               value: "beat"
             {{- if .Values.env }}
diff --git a/helm/templates/deployments/celery.yaml b/helm/templates/deployments/celery.yaml
index f1f043abbd..807d90009d 100644
--- a/helm/templates/deployments/celery.yaml
+++ b/helm/templates/deployments/celery.yaml
@@ -30,6 +30,8 @@ spec:
           image: "{{ default $.Values.datatracker.image.repository $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}"
           imagePullPolicy: {{ default "IfNotPresent" (default $.Values.datatracker.image.imagePullPolicy $podValues.image.imagePullPolicy) }}
           env:
+            - name: "CELERY_BROKER_URL"
+              value: "amqp://guest:guest@rabbitmq:{{ default "5672" .Values.rabbitmq.service.port }}/"
             - name: "CONTAINER_ROLE"
               value: "celery"
             {{- if .Values.env }}
diff --git a/helm/templates/services/rabbitmq.yaml b/helm/templates/services/rabbitmq.yaml
new file mode 100644
index 0000000000..a23c4eaef5
--- /dev/null
+++ b/helm/templates/services/rabbitmq.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rabbitmq
+  labels: {{- include "datatracker.labels" . | nindent 4 }}
+  {{- with .Values.rabbitmq.service.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  type: {{.Values.rabbitmq.service.type}}
+  clusterIP: None  # headless service
+  ports:
+    - port: {{ default "5672" .Values.rabbitmq.service.port}}
+      targetPort: amqp
+      protocol: TCP
+      name: amqp
+  selector: {{- include "datatracker.selectorLabels" . | nindent 4}}
diff --git a/helm/templates/deployments/rabbitmq.yaml b/helm/templates/statefulsets/rabbitmq.yaml
similarity index 96%
rename from helm/templates/deployments/rabbitmq.yaml
rename to helm/templates/statefulsets/rabbitmq.yaml
index a44a84a252..cad4f16502 100644
--- a/helm/templates/deployments/rabbitmq.yaml
+++ b/helm/templates/statefulsets/rabbitmq.yaml
@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: {{ include "datatracker.rabbitmq.fullname" . }}
   labels:
@@ -41,8 +41,8 @@ spec:
             {{- toYaml . | nindent 12 }}
     {{- end }}
           ports:
-            - name: http
-              containerPort: 8000
+            - name: amqp
+              containerPort: 5672
               protocol: TCP
           livenessProbe:
             {{- toYaml $podValues.livenessProbe | nindent 12 }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 68b9344c02..ed9245dd95 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -387,11 +387,11 @@ beat:
 # -------------------------------------------------------------
 
 rabbitmq:
-  name: rabbitmq
+  name: "rabbitmq"
   image:
-    repository: "ghcr.io/ietf-tools/datatracker-mq"
+    repository: "rabbitmq"
     pullPolicy: IfNotPresent
-    tag: "latest"
+    tag: "3.13"
 
   imagePullSecrets: []
   nameOverride: ""
@@ -433,7 +433,7 @@ rabbitmq:
 
   service:
     type: ClusterIP
-    port: 80
+    port: 5672
 
   serviceAccount:
     # Specifies whether a service account should be created

From db556897913d030b584c855a329687f7b56857e2 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Tue, 19 Mar 2024 10:32:04 +1000
Subject: [PATCH 2/2] ci: customize rabbitmq config

---
 helm/templates/configmap.yaml          | 56 ++++++++++++++++++++++++++
 helm/templates/deployments/beat.yaml   |  2 -
 helm/templates/deployments/celery.yaml |  2 -
 helm/values.yaml                       | 10 ++++-
 4 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
index 904efe8622..89983b5f07 100644
--- a/helm/templates/configmap.yaml
+++ b/helm/templates/configmap.yaml
@@ -5,3 +5,59 @@ metadata:
 data:
   settings_local.py: |-
     {{- .Files.Get "settings_local.py" | indent 4 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rabbitmq-configmap
+data:
+  definitions.json: |-
+    {
+      "permissions": [
+        {
+          "configure": ".*",
+          "read": ".*",
+          "user": "datatracker",
+          "vhost": "dt",
+          "write": ".*"
+        }
+      ],
+      "users": [
+        {
+          "hashing_algorithm": "rabbit_password_hashing_sha256",
+          "limits": {},
+          "name": "datatracker",
+          "password_hash": "HJxcItcpXtBN+R/CH7dUelfKBOvdUs3AWo82SBw2yLMSguzb",
+          "tags": []
+        }
+      ],
+      "vhosts": [
+        {
+          "limits": [],
+          "metadata": {
+            "description": "",
+            "tags": []
+          },
+          "name": "dt"
+        }
+      ]
+    }
+  rabbitmq.conf: |-
+    # prevent guest from logging in over tcp
+    loopback_users.guest = true
+    
+    # load saved definitions
+    load_definitions = /etc/rabbitmq/definitions.json
+    
+    # Ensure that enough disk is available to flush to disk. To do this, need to limit the
+    # memory available to the container to something reasonable. See
+    # https://www.rabbitmq.com/production-checklist.html#monitoring-and-resource-usage
+    # for recommendations.
+    
+    # 1-1.5 times the memory available to the container is adequate for disk limit
+    disk_free_limit.absolute = 6000MB
+    
+    # This should be ~40% of the memory available to the container. Use an
+    # absolute number because relative will be proprtional to the full machine
+    # memory.
+    vm_memory_high_watermark.absolute = 1600MB
diff --git a/helm/templates/deployments/beat.yaml b/helm/templates/deployments/beat.yaml
index 083f8e7cc9..6f7409fb9c 100644
--- a/helm/templates/deployments/beat.yaml
+++ b/helm/templates/deployments/beat.yaml
@@ -30,8 +30,6 @@ spec:
           image: "{{ default $.Values.datatracker.image.repository $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}"
           imagePullPolicy: {{ default "IfNotPresent" (default $.Values.datatracker.image.imagePullPolicy $podValues.image.imagePullPolicy) }}
           env:
-            - name: "CELERY_BROKER_URL"
-              value: "amqp://guest:guest@rabbitmq:{{ default "5672" .Values.rabbitmq.service.port }}/"
             - name: "CONTAINER_ROLE"
               value: "beat"
             {{- if .Values.env }}
diff --git a/helm/templates/deployments/celery.yaml b/helm/templates/deployments/celery.yaml
index 807d90009d..f1f043abbd 100644
--- a/helm/templates/deployments/celery.yaml
+++ b/helm/templates/deployments/celery.yaml
@@ -30,8 +30,6 @@ spec:
           image: "{{ default $.Values.datatracker.image.repository $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}"
           imagePullPolicy: {{ default "IfNotPresent" (default $.Values.datatracker.image.imagePullPolicy $podValues.image.imagePullPolicy) }}
           env:
-            - name: "CELERY_BROKER_URL"
-              value: "amqp://guest:guest@rabbitmq:{{ default "5672" .Values.rabbitmq.service.port }}/"
             - name: "CONTAINER_ROLE"
               value: "celery"
             {{- if .Values.env }}
diff --git a/helm/values.yaml b/helm/values.yaml
index ed9245dd95..dc5c24f065 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -456,14 +456,19 @@ rabbitmq:
       command: ["rabbitmq-diagnostics", "-q", "ping"]
 
   # Additional volumes on the output Deployment definition.
-  volumes: []
+  volumes:
+    - name: "rabbitmq-config"
+      configMap:
+        name: "rabbitmq-configmap"
     # - name: foo
     #   secret:
     #     secretName: mysecret
     #     optional: false
   
     # Additional volumeMounts on the output Deployment definition.
-  volumeMounts: []
+  volumeMounts:
+    - name: "rabbitmq-config"
+      mountPath: "/etc/rabbitmq"
     # - name: foo
     #   mountPath: "/etc/foo"
     #   readOnly: true
@@ -557,3 +562,4 @@ env:
   DBUSER: "django"
   DBPASS: "RkTkDPFnKpko"
   DJANGO_SECRET_KEY: "PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHk"
+  CELERY_BROKER_URL: "amqp://datatracker:frog@rabbitmq/dt"