From 319bc2204af8d021fd99df90fd7c02a07906cbb3 Mon Sep 17 00:00:00 2001 From: Michal Konecny Date: Mon, 1 Jul 2024 17:30:11 +0200 Subject: [PATCH] [mailman3] Add fedora-messaging certificates It seems that I forgot to actually create the certificates for new mailman fedora archiver. Let's fix that. Signed-off-by: Michal Konecny --- roles/mailman3/tasks/main.yml | 56 +++++++++++++++++++ .../mailman3/templates/fedmsg-plugin.toml.j2 | 6 +- 2 files changed, 59 insertions(+), 3 deletions(-) diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml index 9668771d5a..2330deb17e 100644 --- a/roles/mailman3/tasks/main.yml +++ b/roles/mailman3/tasks/main.yml @@ -56,9 +56,65 @@ tags: - config - mailman + - fedora-messaging notify: - restart mailman3 +- name: Create folder where we'll place the certs + ansible.builtin.file: + path: /etc/pki/rabbitmq/mailman/ + owner: root + group: root + mode: 0755 + state: directory + tags: + - mailman + - fedora-messaging + +- name: Deploy mailman/rabbitmq certificate + ansible.builtin.copy: + src: {{ item.src }} + dest: "/etc/pki/rabbitmq/mailman/{{ item.dest }}" + owner: root + group: root + mode: {{ item.mode }} + when: env == 'staging' + with_items: + - src: "{{private}}/files/rabbitmq/staging/pki/issued/mailman3-fedmsg-plugin.stg.crt" + dest: mailman3-fedmsg-plugin.crt + mode: "444" + - src: "{{private}}/files/rabbitmq/staging/pki/private/mailman3-fedmsg-plugin.stg.key" + dest: mailman3-fedmsg-plugin.key + mode: "440" + - src: "{{private}}/files/rabbitmq/staging/pki/ca.crt" + dest: mailman3-fedmsg-plugin.ca + mode: "444" + tags: + - mailman + - fedora-messaging + +- name: Deploy mailman/rabbitmq certificate + ansible.builtin.copy: + src: {{ item.src }} + dest: "/etc/pki/rabbitmq/mailman/{{ item.dest }}" + owner: root + group: root + mode: {{ item.mode }} + when: env != 'staging' + with_items: + - src: "{{private}}/files/rabbitmq/production/pki/issued/mailman3-fedmsg-plugin.crt" + dest: mailman3-fedmsg-plugin.crt + mode: "444" + - src: "{{private}}/files/rabbitmq/production/pki/private/mailman3-fedmsg-plugin.key" + dest: mailman3-fedmsg-plugin.key + mode: "440" + - src: "{{private}}/files/rabbitmq/production/pki/ca.crt" + dest: mailman3-fedmsg-plugin.ca + mode: "444" + tags: + - mailman + - fedora-messaging + # # Logging # diff --git a/roles/mailman3/templates/fedmsg-plugin.toml.j2 b/roles/mailman3/templates/fedmsg-plugin.toml.j2 index d1a781b07b..af1c6d59a0 100644 --- a/roles/mailman3/templates/fedmsg-plugin.toml.j2 +++ b/roles/mailman3/templates/fedmsg-plugin.toml.j2 @@ -5,9 +5,9 @@ publish_exchange = "amq.topic" topic_prefix = "" [tls] -ca_cert = "/etc/fedora-messaging/cacert.pem" -keyfile = "/etc/fedora-messaging/mailman3-key.pem" -certfile = "/etc/fedora-messaging/mailman3-cert.pem" +ca_cert = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.ca" +keyfile = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.key" +certfile = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.crt" [client_properties] app = "Mailman3"