distgit: Deploy fedora-messaging conf and certs.
Signed-off-by: James Antill <james@and.org>
This commit is contained in:
James Antill
parent
1b67cfcf3b
commit
2a76cdf5a9
2 changed files with 47 additions and 27 deletions
23
roles/distgit/files/git-hooks-messaging.toml
Normal file
23
roles/distgit/files/git-hooks-messaging.toml
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
# A sample configuration for fedora-messaging. This file is in the TOML format.
|
||||||
|
# For complete details on all configuration options, see the documentation.
|
||||||
|
# https://fedora-messaging.readthedocs.io/en/stable/configuration.html
|
||||||
|
|
||||||
|
# Broker address
|
||||||
|
amqp_url = "amqps://git-hooks:@rabbitmq.fedoraproject.org/%2Fpubsub"
|
||||||
|
|
||||||
|
# The topic_prefix configuration value will add a prefix to the topics of every sent message.
|
||||||
|
# This is used for migrating from fedmsg, and should not be used afterwards.
|
||||||
|
topic_prefix = "org.fedoraproject.prod"
|
||||||
|
|
||||||
|
[tls]
|
||||||
|
ca_cert = "/etc/pki/rabbitmq/git-hooks.ca"
|
||||||
|
keyfile = "/etc/pki/rabbitmq/git-hooks.key"
|
||||||
|
certfile = "/etc/pki/rabbitmq/git-hooks.crt"
|
||||||
|
|
||||||
|
[client_properties]
|
||||||
|
app = "git-hooks"
|
||||||
|
|
||||||
|
[consumer_config]
|
||||||
|
excluded_paths = ["/requests/"]
|
||||||
|
with_namespace = true
|
||||||
|
url_template = "https://src.fedoraproject.org/{namespace}/{repo}/c/{rev}?branch={branch}"
|
||||||
|
|
@ -134,38 +134,35 @@
|
||||||
- config
|
- config
|
||||||
- distgit
|
- distgit
|
||||||
|
|
||||||
- name: Make sure apache can access the fedora-messaging ca
|
- name: Dploy the Fedora messaging config. file for uploads
|
||||||
acl:
|
ansible.builtin.copy: src=git-hooks-messaging.toml dest=/etc/fedora-messaging/git-hooks-messaging.toml
|
||||||
path: /etc/pki/rabbitmq/git-hooks.ca
|
|
||||||
entity: apache
|
|
||||||
etype: group
|
|
||||||
permissions: r
|
|
||||||
state: present
|
|
||||||
tags:
|
tags:
|
||||||
|
- config
|
||||||
- distgit
|
- distgit
|
||||||
when: inventory_hostname.startswith('batcave')
|
|
||||||
|
|
||||||
- name: Make sure apache can access the fedora-messaging crt
|
- name: Deploy the Fedora messaging certificate
|
||||||
acl:
|
ansible.builtin.copy: src={{ item.src }}
|
||||||
path: /etc/pki/rabbitmq/git-hooks.crt
|
dest=/etc/pki/rabbitmq/{{ item.dest }}
|
||||||
entity: apache
|
owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
|
||||||
etype: group
|
with_items:
|
||||||
permissions: r
|
- src: "{{private}}/files/rabbitmq/production/pki/issued/git-hooks.crt"
|
||||||
state: present
|
dest: git-hooks.crt
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "444"
|
||||||
|
- src: "{{private}}/files/rabbitmq/production/pki/private/git-hooks.key"
|
||||||
|
dest: git-hooks.key
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "440"
|
||||||
|
- src: "{{private}}/files/rabbitmq/production/pki/reqs/git-hooks.req"
|
||||||
|
dest: git-hooks.ca
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "444"
|
||||||
tags:
|
tags:
|
||||||
- distgit
|
- distgit
|
||||||
when: inventory_hostname.startswith('batcave')
|
- fedora-messaging
|
||||||
|
|
||||||
- name: Make sure apache can access the fedora-messaging key
|
|
||||||
acl:
|
|
||||||
path: /etc/pki/rabbitmq/git-hooks.key
|
|
||||||
entity: apache
|
|
||||||
etype: group
|
|
||||||
permissions: r
|
|
||||||
state: present
|
|
||||||
tags:
|
|
||||||
- distgit
|
|
||||||
when: inventory_hostname.startswith('batcave')
|
|
||||||
|
|
||||||
- name: Create the distgit root directory (/srv/git)
|
- name: Create the distgit root directory (/srv/git)
|
||||||
ansible.builtin.file: dest=/srv/git state=directory mode=0755
|
ansible.builtin.file: dest=/srv/git state=directory mode=0755
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue