set fedora-messaging certs for ursabot

Just doing this for staging right now, to check it works as expected

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2021-08-23 19:35:38 +10:00
parent 35bb0977fb
commit 6b43caff64
3 changed files with 92 additions and 1 deletions

View file

@ -3,7 +3,7 @@ Description=ursabot irc bot
After=network.target
[Service]
Environment=FEDORA_MESSAGING_CONF=/etc/fedora-messaging/fedora.stg.toml
Environment=FEDORA_MESSAGING_CONF=/etc/fedora-messaging/ursabot.toml
Environment=KRB5_CLIENT_KTNAME=/etc/krb5.ursabot_value02.stg.iad2.fedoraproject.org.keytab
Type=simple
User=daemon

View file

@ -86,6 +86,60 @@
- meetbot
- supybot
- name: Deploy the fedora-messaging CA (stg)
copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
mode: 0644
owner: daemon
group: daemon
when:
- env == "staging"
- inventory_hostname.startswith('value02')
tags:
- config
- name: Deploy the fedora-messaging cert (stg)
copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/{{ botname }}.crt"
dest: /etc/pki/fedora-messaging/{{ botname }}.crt
mode: 0644
owner: daemon
group: daemon
when:
- env == "staging"
- inventory_hostname.startswith('value02')
tags:
- config
- name: Deploy the fedora-messaging key (stg)
copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/{{ botname }}.key"
dest: /etc/pki/fedora-messaging/{{ botname }}.key
mode: 0600
owner: daemon
group: daemon
when:
- env == "staging"
- inventory_hostname.startswith('value02')
tags:
- config
- name: Install fedora-messaging config (stg)
template:
src: fedora-messaging.toml.j2
dest: /etc/fedora-messaging/{{ botname }}.toml
owner: daemon
group: daemon
mode: 0600
when:
- env == "staging"
- inventory_hostname.startswith('value02')
tags:
- config
- name: setup zodbot systemd service file (prod)
copy: src=zodbot.service dest=/etc/systemd/system/zodbot.service
when: env == "production"

View file

@ -0,0 +1,37 @@
amqp_url = "amqps://{{ botname }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
# Just check if the queue exist, don't try to create it (the server does not allow it).
passive_declares = true
# The topic_prefix configuration value will add a prefix to the topics of every sent message.
# This is used for migrating from fedmsg, and should not be used afterwards.
{% if env == "staging" %}
topic_prefix = "org.fedoraproject.stg"
{% else %}
topic_prefix = "org.fedoraproject.prod"
{% endif %}
[tls]
ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt"
keyfile = "/etc/pki/fedora-messaging/{{ botname }}.key"
certfile = "/etc/pki/fedora-messaging/{{ botname }}.crt"
[client_properties]
app = "{{ botname }}"
[log_config]
version = 1
disable_existing_loggers = true
[log_config.formatters.simple]
format = "[%(levelname)s %(name)s] %(message)s"
[log_config.handlers.console]
class = "logging.StreamHandler"
formatter = "simple"
stream = "ext://sys.stdout"
[log_config.loggers.fedora_messaging]
level = "INFO"
propagate = false
handlers = ["console"]
[log_config.root]
level = "WARNING"
handlers = ["console"]