From 4d1bcd18025cafc1a6061874d8db7ccd2fa52de0 Mon Sep 17 00:00:00 2001
From: Martin Kutlak <mkutlak@redhat.com>
Date: Thu, 25 Apr 2019 10:58:54 +0200
Subject: [PATCH] Deploy f-messaging certs for faf

Signed-off-by: Martin Kutlak <mkutlak@redhat.com>
---
 roles/abrt/faf/tasks/config.yml               | 24 +++++++++++++++++++
 .../etc-fedora-messaging-config.toml.j2       |  5 ++++
 2 files changed, 29 insertions(+)

diff --git a/roles/abrt/faf/tasks/config.yml b/roles/abrt/faf/tasks/config.yml
index 49aa38c77f..f352156dae 100644
--- a/roles/abrt/faf/tasks/config.yml
+++ b/roles/abrt/faf/tasks/config.yml
@@ -8,6 +8,30 @@
 - name: create the config folder for fedora-messaging
   file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory
 
+- name: create folders where we place certs for fedora-messaging
+  file: path=/etc/fedora-messaging/faf owner=root group=root mode=0755 state=directory
+
+- name: install certs for fedora-messaging
+  copy: src={{ item.src }}
+        dest=/etc/fedora-messaging/faf/{{ item.dest }}
+        owner={{ item.owner }} group=root mode={{ item.mode }}
+  loop:
+    - { src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt",
+        dest: "ca.crt",
+        owner: faf,
+        mode: 0644
+      }
+    - { src: "{{private}}/files/rabbitmq/{{env}}/pki/private/faf.key",
+        dest: "faf.key",
+        owner: faf,
+        mode: "600"
+      }
+    - { src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/faf.crt",
+        dest: "faf.crt",
+        owner: faf,
+        mode: 0644
+      }
+
 - name: provide configuration for fedora-messaging
   template: src=etc-fedora-messaging-config.toml.j2
             dest=/etc/fedora-messaging/config.toml
diff --git a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 b/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2
index f8d2e921c2..68c8f0016f 100644
--- a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2
+++ b/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2
@@ -15,5 +15,10 @@ passive_declares = true
       topic_prefix = "org.fedoraproject.prod"
 {% endif %}
 
+[tls]
+ca_cert = "/etc/fedora-messaging/faf/ca.crt"
+keyfile = "/etc/fedora-messaging/faf/faf.key"
+certfile = "/etc/fedora-messaging/faf/faf.crt"
+
 [client_properties]
 app = "FAF"