Deploy the new RabbitMQ CA in staging

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-10 11:44:40 +02:00 · 2025-04-10 11:44:40 +02:00 · 4c52d4603b
commit 4c52d4603b
parent 648bba0dfb
1 changed files with 48 additions and 0 deletions
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@ -35,6 +35,54 @@
  tags:
  - rabbitmq_cluster
  - config
+  when: "env == 'production'"
+
+- name: Create CA certs directory
+  ansible.builtin.file:
+    path: /etc/rabbitmq/cacerts/
+    owner: root
+    group: root
+    mode: 0755
+    state: directory
+  tags:
+  - rabbitmq_cluster
+  - config
+
+- name: Deploy CA certificate
+  ansible.builtin.copy:
+    src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+    dest: /etc/rabbitmq/cacerts/ca.crt
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - rabbitmq_cluster
+  - config
+  when: "env == 'staging'"
+
+- name: Deploy CA certificate
+  ansible.builtin.copy:
+    src: "{{private}}/files/rabbitmq/{{env}}.old-2025-04/pki/ca.crt"
+    dest: /etc/rabbitmq/cacerts/ca.old.crt
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - rabbitmq_cluster
+  - config
+  when: "env == 'staging'"
+
+- name: Build combined CA cert
+  ansible.builtin.assemble:
+    src: /etc/rabbitmq/cacerts/
+    dest: /etc/rabbitmq/ca.crt
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - rabbitmq_cluster
+  - config
+  when: "env == 'staging'"

 - name: Create node cert directory
  ansible.builtin.file: path=/etc/rabbitmq/nodecert/ owner=root group=root mode=0755 state=directory