From 85ca40276f6f2cd7f4e2f152693b96db865ff265 Mon Sep 17 00:00:00 2001 From: Randy Barlow Date: Tue, 14 May 2019 20:07:29 +0000 Subject: [PATCH] bodhi: Move messaging TLS files to /etc/pki/fedora-messaging. Signed-off-by: Randy Barlow --- roles/bodhi2/backend/tasks/main.yml | 17 ++++++++++++++--- .../base/templates/fedora-messaging.toml.j2 | 6 +++--- .../bodhi/templates/deploymentconfig.yml | 8 ++++---- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index 318addea01..b340240aa3 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -439,11 +439,22 @@ tags: - bodhi +# The when statement should be dropped when we deploy Bodhi 4.0.0 to production. +- name: Create /etc/pki/fedora-messaging + file: + dest: /etc/pki/fedora-messaging + mode: 0775 + owner: root + group: root + state: directory + tags: + - bodhi + # The when staging should be dropped when we deploy Bodhi 4.0.0 to production. - name: Deploy the fedora-messaging CA copy: src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" - dest: /etc/fedora-messaging/cacert.pem + dest: /etc/pki/fedora-messaging/cacert.pem mode: 0644 owner: apache group: apache @@ -455,7 +466,7 @@ - name: Deploy the fedora-messaging cert copy: src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt" - dest: /etc/fedora-messaging/bodhi-cert.pem + dest: /etc/pki/fedora-messaging/bodhi-cert.pem mode: 0644 owner: apache group: apache @@ -467,7 +478,7 @@ - name: Deploy the fedora-messaging key copy: src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key" - dest: /etc/fedora-messaging/bodhi-key.pem + dest: /etc/pki/fedora-messaging/bodhi-key.pem mode: 0600 owner: apache group: apache diff --git a/roles/bodhi2/base/templates/fedora-messaging.toml.j2 b/roles/bodhi2/base/templates/fedora-messaging.toml.j2 index 10623686c6..7c1c78cf46 100644 --- a/roles/bodhi2/base/templates/fedora-messaging.toml.j2 +++ b/roles/bodhi2/base/templates/fedora-messaging.toml.j2 @@ -18,9 +18,9 @@ callback = "bodhi.server.consumers:messaging_callback" [tls] -ca_cert = "/etc/fedora-messaging/cacert.pem" -keyfile = "/etc/fedora-messaging/bodhi-key.pem" -certfile = "/etc/fedora-messaging/bodhi-cert.pem" +ca_cert = "/etc/pki/fedora-messaging/cacert.pem" +keyfile = "/etc/pki/fedora-messaging/bodhi-key.pem" +certfile = "/etc/pki/fedora-messaging/bodhi-cert.pem" [client_properties] diff --git a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml index bc9381308f..7d5c3e7eb3 100644 --- a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml +++ b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml @@ -63,18 +63,18 @@ items: {% else %} - name: fedora-messaging-config-volume mountPath: /etc/fedora-messaging - readOnly: false + readOnly: true subPath: fedora-messaging - name: fedora-messaging-ca-volume - mountPath: /etc/fedora-messaging/cacert.pem + mountPath: /etc/pki/fedora-messaging/cacert.pem subPath: cacert.pem readOnly: true - name: fedora-messaging-crt-volume - mountPath: /etc/fedora-messaging/bodhi-cert.pem + mountPath: /etc/pki/fedora-messaging/bodhi-cert.pem subPath: bodhi-cert.pem readOnly: true - name: fedora-messaging-key-volume - mountPath: /etc/fedora-messaging/bodhi-key.pem + mountPath: /etc/pki/fedora-messaging/bodhi-key.pem subPath: bodhi-key.pem readOnly: true {% endif %}