[mailman3] Add fedora-messaging certificates

It seems that I forgot to actually create the certificates for new mailman fedora archiver. Let's fix that. Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2024-07-01 17:30:11 +02:00 · 2024-07-01 17:30:11 +02:00 · 319bc2204a
commit 319bc2204a
parent 171527dd94
2 changed files with 59 additions and 3 deletions
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@ -56,9 +56,65 @@
  tags:
    - config
    - mailman
+    - fedora-messaging
  notify:
    - restart mailman3

+- name: Create folder where we'll place the certs
+  ansible.builtin.file:
+    path: /etc/pki/rabbitmq/mailman/
+    owner: root
+    group: root
+    mode: 0755
+    state: directory
+  tags:
+    - mailman
+    - fedora-messaging
+
+- name: Deploy mailman/rabbitmq certificate
+  ansible.builtin.copy:
+    src: {{ item.src }}
+    dest: "/etc/pki/rabbitmq/mailman/{{ item.dest }}"
+    owner: root
+    group: root
+    mode: {{ item.mode }}
+  when: env == 'staging'
+  with_items:
+    - src: "{{private}}/files/rabbitmq/staging/pki/issued/mailman3-fedmsg-plugin.stg.crt"
+      dest: mailman3-fedmsg-plugin.crt
+      mode: "444"
+    - src: "{{private}}/files/rabbitmq/staging/pki/private/mailman3-fedmsg-plugin.stg.key"
+      dest: mailman3-fedmsg-plugin.key
+      mode: "440"
+    - src: "{{private}}/files/rabbitmq/staging/pki/ca.crt"
+      dest: mailman3-fedmsg-plugin.ca
+      mode: "444"
+  tags:
+  - mailman
+  - fedora-messaging
+
+- name: Deploy mailman/rabbitmq certificate
+  ansible.builtin.copy:
+    src: {{ item.src }}
+    dest: "/etc/pki/rabbitmq/mailman/{{ item.dest }}"
+    owner: root
+    group: root
+    mode: {{ item.mode }}
+  when: env != 'staging'
+  with_items:
+    - src: "{{private}}/files/rabbitmq/production/pki/issued/mailman3-fedmsg-plugin.crt"
+      dest: mailman3-fedmsg-plugin.crt
+      mode: "444"
+    - src: "{{private}}/files/rabbitmq/production/pki/private/mailman3-fedmsg-plugin.key"
+      dest: mailman3-fedmsg-plugin.key
+      mode: "440"
+    - src: "{{private}}/files/rabbitmq/production/pki/ca.crt"
+      dest: mailman3-fedmsg-plugin.ca
+      mode: "444"
+  tags:
+  - mailman
+  - fedora-messaging
+
 #
 # Logging
 #
--- a/roles/mailman3/templates/fedmsg-plugin.toml.j2
+++ b/roles/mailman3/templates/fedmsg-plugin.toml.j2
@ -5,9 +5,9 @@ publish_exchange = "amq.topic"
 topic_prefix = ""

 [tls]
-ca_cert = "/etc/fedora-messaging/cacert.pem"
-keyfile = "/etc/fedora-messaging/mailman3-key.pem"
-certfile = "/etc/fedora-messaging/mailman3-cert.pem"
+ca_cert = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.ca"
+keyfile = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.key"
+certfile = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.crt"

 [client_properties]
 app = "Mailman3"