diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml
index 2c4adcbc61..e8598c441d 100644
--- a/playbooks/groups/ipa.yml
+++ b/playbooks/groups/ipa.yml
@@ -25,6 +25,11 @@
   - ipa/client
   - rsyncd
   - sudo
+  # Set up for fedora-messaging
+  - role: rabbit/user
+    user_name: "ipa{{ env_suffix }}"
+    user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.ipa\..*
+    when: inventory_hostname.startswith('ipa01')
 
   pre_tasks:
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"
diff --git a/roles/ipa/server/handlers/main.yml b/roles/ipa/server/handlers/main.yml
index ea9a56ab8b..c361fc4347 100644
--- a/roles/ipa/server/handlers/main.yml
+++ b/roles/ipa/server/handlers/main.yml
@@ -1,3 +1,8 @@
 ---
 - name: Restart ipa
   ansible.builtin.command: ipactl restart
+
+- name: Restart journal-to-fedora-messaging
+  systemd:
+    name: journal-to-fedora-messaging
+    state: restarted
diff --git a/roles/ipa/server/tasks/journal2fedmsg.yml b/roles/ipa/server/tasks/journal2fedmsg.yml
new file mode 100644
index 0000000000..dd5c60a5fa
--- /dev/null
+++ b/roles/ipa/server/tasks/journal2fedmsg.yml
@@ -0,0 +1,80 @@
+- name: Install needed packages
+  ansible.builtin.package:
+    name: journal-to-fedora-messaging
+    state: present
+  tags:
+  - config
+  - ipa/server
+  - fedora-messaging
+
+- name: Create /etc/pki/fedora-messaging
+  ansible.builtin.file:
+    dest: /etc/pki/fedora-messaging
+    mode: "0775"
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - config
+  - ipa/server
+  - fedora-messaging
+
+- name: Deploy the fedora-messaging CA
+  ansible.builtin.copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    dest: /etc/pki/fedora-messaging/ca.crt
+    mode: "0644"
+    owner: root
+    group: root
+  tags:
+  - config
+  - ipa/server
+  - fedora-messaging
+
+- name: Deploy the fedora-messaging cert
+  ansible.builtin.copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/ipa{{env_suffix}}.crt"
+    dest: /etc/pki/fedora-messaging/ipa{{env_suffix}}.crt
+    mode: "0644"
+    owner: root
+    group: root
+  tags:
+  - config
+  - ipa/server
+  - fedora-messaging
+
+- name: Deploy the fedora-messaging key
+  ansible.builtin.copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/ipa{{env_suffix}}.key"
+    dest: /etc/pki/fedora-messaging/ipa{{env_suffix}}.key
+    mode: "0640"
+    owner: root
+    group: journal2fedmsg
+  tags:
+  - config
+  - ipa/server
+  - fedora-messaging
+
+- name: Install fedora-messaging config
+  ansible.builtin.template:
+    src: fedora-messaging.conf.j2
+    dest: /etc/fedora-messaging/config.toml
+    mode: "0644"
+    owner: root
+    group: journal2fedmsg
+  notify:
+  - Restart journal-to-fedora-messaging
+  tags:
+  - ipa/server
+  - config
+  - fedora-messaging
+
+- name: Enable journal-to-fedora-messaging
+  ansible.builtin.service:
+    name: journal-to-fedora-messaging
+    state: started
+    enabled: yes
+  tags:
+  - ipa/server
+  - config
+  - fedora-messaging
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index bc0fbc0f40..9e0b9d1ac2 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -690,6 +690,14 @@
 - name: Include script.yml
   ansible.builtin.import_tasks: scripts.yml
 
+- name: Include journal-to-fedora-messaging setup
+  ansible.builtin.import_tasks: journal2fedmsg.yml
+  when: env == 'staging'
+  tags:
+  - ipa/server
+  - config
+  - toddlers
+
 
 # User groups
 
diff --git a/roles/ipa/server/templates/fedora-messaging.conf.j2 b/roles/ipa/server/templates/fedora-messaging.conf.j2
new file mode 100644
index 0000000000..0f57582d7e
--- /dev/null
+++ b/roles/ipa/server/templates/fedora-messaging.conf.j2
@@ -0,0 +1,74 @@
+## Fedora Messaging configuration for journal-to-fedora-messaging
+
+# Broker address
+amqp_url = "amqps://ipa{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+passive_declares = true
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+
+# Authentication is TLS-based
+[tls]
+ca_cert = "/etc/pki/fedora-messaging/ca.crt"
+keyfile = "/etc/pki/fedora-messaging/ipa{{ env_suffix }}.key"
+certfile = "/etc/pki/fedora-messaging/ipa{{ env_suffix }}.crt"
+
+[consumer_config]
+
+    journalctl_command = ["journalctl"]
+
+    [[consumer_config.logs]]
+    schema = "journal.ipa.group_add_member.v1"
+    [consumer_config.logs.filters]
+    IPA_API_COMMAND = "group_add_member"
+
+    [[consumer_config.logs]]
+    schema = "journal.ipa.group_remove_member.v1"
+    [consumer_config.logs.filters]
+    IPA_API_COMMAND = "group_remove_member"
+
+
+[client_properties]
+app = "journal-to-fedora-messaging"
+app_url = "https://github.com/fedora-infra/journal-to-fedora-messaging"
+
+
+[log_config]
+version = 1
+disable_existing_loggers = true
+
+[log_config.formatters.simple]
+format = "[%(name)s %(levelname)s] %(message)s"
+
+[log_config.handlers.console]
+class = "logging.StreamHandler"
+formatter = "simple"
+stream = "ext://sys.stdout"
+
+[log_config.loggers.pika]
+level = "WARNING"
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.fedora_messaging]
+level = "INFO"
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.journal_to_fedora_messaging]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.root]
+level = "WARNING"
+handlers = ["console"]