Deploy the FM keys before using them

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2022-06-09 13:15:01 +02:00 · 2022-06-09 13:15:01 +02:00 · 52134e8e00
commit 52134e8e00
parent e882eca30b
1 changed files with 40 additions and 40 deletions
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@ -299,6 +299,46 @@
  - config
  - bodhi

+- name: Create /etc/pki/fedora-messaging
+  file:
+    dest: /etc/pki/fedora-messaging
+    mode: 0775
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - bodhi
+
+- name: Deploy the fedora-messaging CA
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    dest: /etc/pki/fedora-messaging/cacert.pem
+    mode: 0644
+    owner: apache
+    group: apache
+  tags:
+  - bodhi
+
+- name: Deploy the fedora-messaging cert
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
+    dest: /etc/pki/fedora-messaging/bodhi-cert.pem
+    mode: 0644
+    owner: apache
+    group: apache
+  tags:
+  - bodhi
+
+- name: Deploy the fedora-messaging key
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
+    dest: /etc/pki/fedora-messaging/bodhi-key.pem
+    mode: 0600
+    owner: apache
+    group: apache
+  tags:
+  - bodhi
+
 - name: Let the ftpsync user also read the fedora-messaging config
  command: /usr/bin/setfacl -m user:ftpsync:rx /etc/fedora-messaging/config.toml
  tags:
@ -358,46 +398,6 @@
  tags:
  - bodhi

- name: Create /etc/pki/fedora-messaging
-  file:
-    dest: /etc/pki/fedora-messaging
-    mode: 0775
-    owner: root
-    group: root
-    state: directory
-  tags:
-  - bodhi
-
- name: Deploy the fedora-messaging CA
-  copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
-    dest: /etc/pki/fedora-messaging/cacert.pem
-    mode: 0644
-    owner: apache
-    group: apache
-  tags:
-  - bodhi
-
- name: Deploy the fedora-messaging cert
-  copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
-    dest: /etc/pki/fedora-messaging/bodhi-cert.pem
-    mode: 0644
-    owner: apache
-    group: apache
-  tags:
-  - bodhi
-
- name: Deploy the fedora-messaging key
-  copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
-    dest: /etc/pki/fedora-messaging/bodhi-key.pem
-    mode: 0600
-    owner: apache
-    group: apache
-  tags:
-  - bodhi
-
 - name: ensure fedora-messaging and celery are enabled and started on the backend
  service:
    name: "{{ item }}"