[mailman3] Add fedora-messaging certificates

It seems that I forgot to actually create the certificates for new mailman fedora archiver. Let's fix that. Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2024-07-01 17:30:11 +02:00 · 2024-07-01 17:30:11 +02:00 · 319bc2204a
commit 319bc2204a
parent 171527dd94
2 changed files with 59 additions and 3 deletions
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@ -56,9 +56,65 @@
  tags:
    - config
    - mailman
    - fedora-messaging
  notify:
    - restart mailman3
 - name: Create folder where we'll place the certs
  ansible.builtin.file:
    path: /etc/pki/rabbitmq/mailman/
    owner: root
    group: root
    mode: 0755
    state: directory
  tags:
    - mailman
    - fedora-messaging
 - name: Deploy mailman/rabbitmq certificate
  ansible.builtin.copy:
    src: {{ item.src }}
    dest: "/etc/pki/rabbitmq/mailman/{{ item.dest }}"
    owner: root
    group: root
    mode: {{ item.mode }}
  when: env == 'staging'
  with_items:
    - src: "{{private}}/files/rabbitmq/staging/pki/issued/mailman3-fedmsg-plugin.stg.crt"
      dest: mailman3-fedmsg-plugin.crt
      mode: "444"
    - src: "{{private}}/files/rabbitmq/staging/pki/private/mailman3-fedmsg-plugin.stg.key"
      dest: mailman3-fedmsg-plugin.key
      mode: "440"
    - src: "{{private}}/files/rabbitmq/staging/pki/ca.crt"
      dest: mailman3-fedmsg-plugin.ca
      mode: "444"
  tags:
  - mailman
  - fedora-messaging
 - name: Deploy mailman/rabbitmq certificate
  ansible.builtin.copy:
    src: {{ item.src }}
    dest: "/etc/pki/rabbitmq/mailman/{{ item.dest }}"
    owner: root
    group: root
    mode: {{ item.mode }}
  when: env != 'staging'
  with_items:
    - src: "{{private}}/files/rabbitmq/production/pki/issued/mailman3-fedmsg-plugin.crt"
      dest: mailman3-fedmsg-plugin.crt
      mode: "444"
    - src: "{{private}}/files/rabbitmq/production/pki/private/mailman3-fedmsg-plugin.key"
      dest: mailman3-fedmsg-plugin.key
      mode: "440"
    - src: "{{private}}/files/rabbitmq/production/pki/ca.crt"
      dest: mailman3-fedmsg-plugin.ca
      mode: "444"
  tags:
  - mailman
  - fedora-messaging
 #
 # Logging
 #
--- a/roles/mailman3/templates/fedmsg-plugin.toml.j2
+++ b/roles/mailman3/templates/fedmsg-plugin.toml.j2
@ -5,9 +5,9 @@ publish_exchange = "amq.topic"
 topic_prefix = ""
 [tls]
-ca_cert = "/etc/fedora-messaging/cacert.pem"
+ca_cert = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.ca"
-keyfile = "/etc/fedora-messaging/mailman3-key.pem"
+keyfile = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.key"
-certfile = "/etc/fedora-messaging/mailman3-cert.pem"
+certfile = "/etc/pki/rabbitmq/mailman/mailman3-fedmsg-plugin.crt"
 [client_properties]
 app = "Mailman3"