Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

bodhi: Move messaging TLS files to /etc/pki/fedora-messaging.

Browse source 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
This commit is contained in:
Randy Barlow 2019-05-14 20:07:29 +00:00
parent ed9a8e985e
commit 85ca40276f
3 changed files with 21 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

17
roles/bodhi2/backend/tasks/main.yml
View file

@ -439,11 +439,22 @@
tags: tags:
- bodhi - bodhi
# The when statement should be dropped when we deploy Bodhi 4.0.0 to production.
- name: Create /etc/pki/fedora-messaging
file:
dest: /etc/pki/fedora-messaging
mode: 0775
owner: root
group: root
state: directory
tags:
- bodhi
# The when staging should be dropped when we deploy Bodhi 4.0.0 to production. # The when staging should be dropped when we deploy Bodhi 4.0.0 to production.
- name: Deploy the fedora-messaging CA - name: Deploy the fedora-messaging CA
copy: copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: /etc/fedora-messaging/cacert.pem dest: /etc/pki/fedora-messaging/cacert.pem
mode: 0644 mode: 0644
owner: apache owner: apache
group: apache group: apache
@ -455,7 +466,7 @@
- name: Deploy the fedora-messaging cert - name: Deploy the fedora-messaging cert
copy: copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt" src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
dest: /etc/fedora-messaging/bodhi-cert.pem dest: /etc/pki/fedora-messaging/bodhi-cert.pem
mode: 0644 mode: 0644
owner: apache owner: apache
group: apache group: apache
@ -467,7 +478,7 @@
- name: Deploy the fedora-messaging key - name: Deploy the fedora-messaging key
copy: copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key" src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
dest: /etc/fedora-messaging/bodhi-key.pem dest: /etc/pki/fedora-messaging/bodhi-key.pem
mode: 0600 mode: 0600
owner: apache owner: apache
group: apache group: apache

6
roles/bodhi2/base/templates/fedora-messaging.toml.j2
View file

@ -18,9 +18,9 @@ callback = "bodhi.server.consumers:messaging_callback"
[tls] [tls]
ca_cert = "/etc/fedora-messaging/cacert.pem" ca_cert = "/etc/pki/fedora-messaging/cacert.pem"
keyfile = "/etc/fedora-messaging/bodhi-key.pem" keyfile = "/etc/pki/fedora-messaging/bodhi-key.pem"
certfile = "/etc/fedora-messaging/bodhi-cert.pem" certfile = "/etc/pki/fedora-messaging/bodhi-cert.pem"
[client_properties] [client_properties]

8
roles/openshift-apps/bodhi/templates/deploymentconfig.yml
View file

@ -63,18 +63,18 @@ items:
{% else %} {% else %}
- name: fedora-messaging-config-volume - name: fedora-messaging-config-volume
mountPath: /etc/fedora-messaging mountPath: /etc/fedora-messaging
readOnly: false readOnly: true
subPath: fedora-messaging subPath: fedora-messaging
- name: fedora-messaging-ca-volume - name: fedora-messaging-ca-volume
mountPath: /etc/fedora-messaging/cacert.pem mountPath: /etc/pki/fedora-messaging/cacert.pem
subPath: cacert.pem subPath: cacert.pem
readOnly: true readOnly: true
- name: fedora-messaging-crt-volume - name: fedora-messaging-crt-volume
mountPath: /etc/fedora-messaging/bodhi-cert.pem mountPath: /etc/pki/fedora-messaging/bodhi-cert.pem
subPath: bodhi-cert.pem subPath: bodhi-cert.pem
readOnly: true readOnly: true
- name: fedora-messaging-key-volume - name: fedora-messaging-key-volume
mountPath: /etc/fedora-messaging/bodhi-key.pem mountPath: /etc/pki/fedora-messaging/bodhi-key.pem
subPath: bodhi-key.pem subPath: bodhi-key.pem
readOnly: true readOnly: true
{% endif %} {% endif %}