set fedora-messaging certs for ursabot
Just doing this for staging right now, to check it works as expected Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
parent
35bb0977fb
commit
6b43caff64
3 changed files with 92 additions and 1 deletions
|
@ -3,7 +3,7 @@ Description=ursabot irc bot
|
||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Environment=FEDORA_MESSAGING_CONF=/etc/fedora-messaging/fedora.stg.toml
|
Environment=FEDORA_MESSAGING_CONF=/etc/fedora-messaging/ursabot.toml
|
||||||
Environment=KRB5_CLIENT_KTNAME=/etc/krb5.ursabot_value02.stg.iad2.fedoraproject.org.keytab
|
Environment=KRB5_CLIENT_KTNAME=/etc/krb5.ursabot_value02.stg.iad2.fedoraproject.org.keytab
|
||||||
Type=simple
|
Type=simple
|
||||||
User=daemon
|
User=daemon
|
||||||
|
|
|
@ -86,6 +86,60 @@
|
||||||
- meetbot
|
- meetbot
|
||||||
- supybot
|
- supybot
|
||||||
|
|
||||||
|
- name: Deploy the fedora-messaging CA (stg)
|
||||||
|
copy:
|
||||||
|
src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
|
||||||
|
dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
|
||||||
|
mode: 0644
|
||||||
|
owner: daemon
|
||||||
|
group: daemon
|
||||||
|
when:
|
||||||
|
- env == "staging"
|
||||||
|
- inventory_hostname.startswith('value02')
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Deploy the fedora-messaging cert (stg)
|
||||||
|
copy:
|
||||||
|
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/{{ botname }}.crt"
|
||||||
|
dest: /etc/pki/fedora-messaging/{{ botname }}.crt
|
||||||
|
mode: 0644
|
||||||
|
owner: daemon
|
||||||
|
group: daemon
|
||||||
|
when:
|
||||||
|
- env == "staging"
|
||||||
|
- inventory_hostname.startswith('value02')
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Deploy the fedora-messaging key (stg)
|
||||||
|
copy:
|
||||||
|
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/{{ botname }}.key"
|
||||||
|
dest: /etc/pki/fedora-messaging/{{ botname }}.key
|
||||||
|
mode: 0600
|
||||||
|
owner: daemon
|
||||||
|
group: daemon
|
||||||
|
when:
|
||||||
|
- env == "staging"
|
||||||
|
- inventory_hostname.startswith('value02')
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Install fedora-messaging config (stg)
|
||||||
|
template:
|
||||||
|
src: fedora-messaging.toml.j2
|
||||||
|
dest: /etc/fedora-messaging/{{ botname }}.toml
|
||||||
|
owner: daemon
|
||||||
|
group: daemon
|
||||||
|
mode: 0600
|
||||||
|
when:
|
||||||
|
- env == "staging"
|
||||||
|
- inventory_hostname.startswith('value02')
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: setup zodbot systemd service file (prod)
|
- name: setup zodbot systemd service file (prod)
|
||||||
copy: src=zodbot.service dest=/etc/systemd/system/zodbot.service
|
copy: src=zodbot.service dest=/etc/systemd/system/zodbot.service
|
||||||
when: env == "production"
|
when: env == "production"
|
||||||
|
|
37
roles/supybot/templates/fedora-messaging.toml.j2
Normal file
37
roles/supybot/templates/fedora-messaging.toml.j2
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
amqp_url = "amqps://{{ botname }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
|
||||||
|
|
||||||
|
# Just check if the queue exist, don't try to create it (the server does not allow it).
|
||||||
|
passive_declares = true
|
||||||
|
|
||||||
|
# The topic_prefix configuration value will add a prefix to the topics of every sent message.
|
||||||
|
# This is used for migrating from fedmsg, and should not be used afterwards.
|
||||||
|
{% if env == "staging" %}
|
||||||
|
topic_prefix = "org.fedoraproject.stg"
|
||||||
|
{% else %}
|
||||||
|
topic_prefix = "org.fedoraproject.prod"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[tls]
|
||||||
|
ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt"
|
||||||
|
keyfile = "/etc/pki/fedora-messaging/{{ botname }}.key"
|
||||||
|
certfile = "/etc/pki/fedora-messaging/{{ botname }}.crt"
|
||||||
|
|
||||||
|
[client_properties]
|
||||||
|
app = "{{ botname }}"
|
||||||
|
|
||||||
|
[log_config]
|
||||||
|
version = 1
|
||||||
|
disable_existing_loggers = true
|
||||||
|
[log_config.formatters.simple]
|
||||||
|
format = "[%(levelname)s %(name)s] %(message)s"
|
||||||
|
[log_config.handlers.console]
|
||||||
|
class = "logging.StreamHandler"
|
||||||
|
formatter = "simple"
|
||||||
|
stream = "ext://sys.stdout"
|
||||||
|
[log_config.loggers.fedora_messaging]
|
||||||
|
level = "INFO"
|
||||||
|
propagate = false
|
||||||
|
handlers = ["console"]
|
||||||
|
[log_config.root]
|
||||||
|
level = "WARNING"
|
||||||
|
handlers = ["console"]
|
Loading…
Add table
Add a link
Reference in a new issue