rabbitmq_cluster: Add client cert and key for federation
This commit is contained in:
Jeremy Cline
parent
a8c60a6d82
commit
059f52d479
1 changed files with 24 additions and 2 deletions
|
|
@ -249,6 +249,28 @@
|
||||||
- rabbitmq_cluster
|
- rabbitmq_cluster
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
- name: create pubsub_federation cert directory
|
||||||
|
file: path=/etc/rabbitmq/pubsub_federation/ owner=root group=root mode=0755 state=directory
|
||||||
|
tags:
|
||||||
|
- rabbitmq_cluster
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: deploy pubsub_federation certificate
|
||||||
|
copy: src="{{private}}/files/rabbitmq/{{env}}/pki/issued/pubsub_federation.crt"
|
||||||
|
dest=/etc/rabbitmq/pubsub_federation/client_cert.pem
|
||||||
|
owner=root group=root mode=0644
|
||||||
|
tags:
|
||||||
|
- rabbitmq_cluster
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: deploy node private key
|
||||||
|
copy: src="{{private}}/files/rabbitmq/{{env}}/pki/private/pubsub_federation.key"
|
||||||
|
dest=/etc/rabbitmq/pubsub_federation/client_key.pem
|
||||||
|
owner=rabbitmq group=rabbitmq mode=0600
|
||||||
|
tags:
|
||||||
|
- rabbitmq_cluster
|
||||||
|
- config
|
||||||
|
|
||||||
# This is the connection from our public vhost to the private pubsub vhost.
|
# This is the connection from our public vhost to the private pubsub vhost.
|
||||||
# Note that at present they live on the same cluster, but they don't need to.
|
# Note that at present they live on the same cluster, but they don't need to.
|
||||||
#
|
#
|
||||||
|
|
@ -262,7 +284,7 @@
|
||||||
rabbitmq_parameter:
|
rabbitmq_parameter:
|
||||||
component: "federation-upstream"
|
component: "federation-upstream"
|
||||||
name: "pubsub-to-public_pubsub"
|
name: "pubsub-to-public_pubsub"
|
||||||
value: '{"uri": "amqps://pubsub_federation:@rabbitmq01.stg.phx2.fedoraproject.org/%2Fpubsub?cacertfile=%2Fetc%2Fpki%2Frabbitmq%2Fca%2Frabbitmq-ca.crt&certfile=%2Fetc%2Fpki%2Frabbitmq%2Fcrt%2Frabbitmq-pubsub_federation.crt&keyfile=%2Fetc%2Fpki%2Frabbitmq%2Fkey%2Frabbitmq-pubsub_federation.key&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external", "ack-mode": "on-confirm"}'
|
value: '{"uri": "amqps://pubsub_federation:@rabbitmq01.stg.phx2.fedoraproject.org/%2Fpubsub?cacertfile=%2Fetc%2Frabbitmq%2Fca.crt&certfile=%2Fetc%2Frabbitmq%2Fpubsub_federation%2Fclient_cert.pem&keyfile=%2Fetc%2Frabbitmq%2Fpubsub_federation%2Fclient_key.pem&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external", "ack-mode": "on-confirm"}'
|
||||||
state: present
|
state: present
|
||||||
vhost: /public_pubsub
|
vhost: /public_pubsub
|
||||||
|
|
||||||
|
|
@ -273,7 +295,7 @@
|
||||||
rabbitmq_parameter:
|
rabbitmq_parameter:
|
||||||
component: "federation-upstream"
|
component: "federation-upstream"
|
||||||
name: "pubsub-to-public_pubsub"
|
name: "pubsub-to-public_pubsub"
|
||||||
value: '{"uri": "amqps://pubsub_federation:@rabbitmq01.phx2.fedoraproject.org/%2Fpubsub?cacertfile=%2Fetc%2Fpki%2Frabbitmq%2Fca%2Frabbitmq-ca.crt&certfile=%2Fetc%2Fpki%2Frabbitmq%2Fcrt%2Frabbitmq-pubsub_federation.crt&keyfile=%2Fetc%2Fpki%2Frabbitmq%2Fkey%2Frabbitmq-pubsub_federation.key&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external", "ack-mode": "on-confirm"}'
|
value: '{"uri": "amqps://pubsub_federation:@rabbitmq01.phx2.fedoraproject.org/%2Fpubsub?cacertfile=%2Fetc%2Frabbitmq%2Fca.crt&certfile=%2Fetc%2Frabbitmq%2Fpubsub_federation%2Fclient_cert.pem&keyfile=%2Fetc%2Frabbitmq%2Fpubsub_federation%2Fclient_key.pem&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external", "ack-mode": "on-confirm"}'
|
||||||
state: present
|
state: present
|
||||||
vhost: /public_pubsub
|
vhost: /public_pubsub
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue