bodhi: Move messaging TLS files to /etc/pki/fedora-messaging.

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
2019-05-14 20:07:29 +00:00 · 2019-05-14 20:07:29 +00:00 · 85ca40276f
commit 85ca40276f
parent ed9a8e985e
3 changed files with 21 additions and 10 deletions
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@ -439,11 +439,22 @@
  tags:
  - bodhi

+# The when statement should be dropped when we deploy Bodhi 4.0.0 to production.
+- name: Create /etc/pki/fedora-messaging
+  file:
+    dest: /etc/pki/fedora-messaging
+    mode: 0775
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - bodhi
+
 # The when staging should be dropped when we deploy Bodhi 4.0.0 to production.
 - name: Deploy the fedora-messaging CA
  copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
-    dest: /etc/fedora-messaging/cacert.pem
+    dest: /etc/pki/fedora-messaging/cacert.pem
    mode: 0644
    owner: apache
    group: apache
@ -455,7 +466,7 @@
 - name: Deploy the fedora-messaging cert
  copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
-    dest: /etc/fedora-messaging/bodhi-cert.pem
+    dest: /etc/pki/fedora-messaging/bodhi-cert.pem
    mode: 0644
    owner: apache
    group: apache
@ -467,7 +478,7 @@
 - name: Deploy the fedora-messaging key
  copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
-    dest: /etc/fedora-messaging/bodhi-key.pem
+    dest: /etc/pki/fedora-messaging/bodhi-key.pem
    mode: 0600
    owner: apache
    group: apache
--- a/roles/bodhi2/base/templates/fedora-messaging.toml.j2
+++ b/roles/bodhi2/base/templates/fedora-messaging.toml.j2
@ -18,9 +18,9 @@ callback = "bodhi.server.consumers:messaging_callback"


 [tls]
-ca_cert = "/etc/fedora-messaging/cacert.pem"
-keyfile = "/etc/fedora-messaging/bodhi-key.pem"
-certfile = "/etc/fedora-messaging/bodhi-cert.pem"
+ca_cert = "/etc/pki/fedora-messaging/cacert.pem"
+keyfile = "/etc/pki/fedora-messaging/bodhi-key.pem"
+certfile = "/etc/pki/fedora-messaging/bodhi-cert.pem"


 [client_properties]
--- a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
@ -63,18 +63,18 @@ items:
 {% else %}
          - name: fedora-messaging-config-volume
            mountPath: /etc/fedora-messaging
-            readOnly: false
+            readOnly: true
            subPath: fedora-messaging
          - name: fedora-messaging-ca-volume
-            mountPath: /etc/fedora-messaging/cacert.pem
+            mountPath: /etc/pki/fedora-messaging/cacert.pem
            subPath: cacert.pem
            readOnly: true
          - name: fedora-messaging-crt-volume
-            mountPath: /etc/fedora-messaging/bodhi-cert.pem
+            mountPath: /etc/pki/fedora-messaging/bodhi-cert.pem
            subPath: bodhi-cert.pem
            readOnly: true
          - name: fedora-messaging-key-volume
-            mountPath: /etc/fedora-messaging/bodhi-key.pem
+            mountPath: /etc/pki/fedora-messaging/bodhi-key.pem
            subPath: bodhi-key.pem
            readOnly: true
 {% endif %}