diff --git a/playbooks/openshift-apps/messaging-bridges.yml b/playbooks/openshift-apps/messaging-bridges.yml index 43543fffd4..e4fe0962e7 100644 --- a/playbooks/openshift-apps/messaging-bridges.yml +++ b/playbooks/openshift-apps/messaging-bridges.yml @@ -26,6 +26,12 @@ secret_name: fedmsg-cert key: fedmsg-fedmsg-migration-tools.crt privatefile: "fedmsg-certs/keys/fedmsg-migration-tools{{env_suffix}}.fedoraproject.org.crt" + + - role: openshift/secret-file + app: messaging-bridges + secret_name: rabbitmq-ca + key: rabbitmq-ca.crt + privatefile: "rabbitmq/{{env}}/pki/ca.crt" - role: openshift/secret-file app: messaging-bridges secret_name: rabbitmq-key diff --git a/roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml b/roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml index c9b7ac1808..012367c5fe 100644 --- a/roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml +++ b/roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml @@ -42,6 +42,9 @@ items: - name: fedmsg-crt-volume mountPath: /etc/pki/fedmsg/crt readOnly: true + - name: rabbitmq-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true - name: rabbitmq-key-volume mountPath: /etc/pki/rabbitmq/key readOnly: true @@ -73,6 +76,9 @@ items: - name: fedmsg-crt-volume secret: secretName: fedmsg-cert + - name: rabbitmq-ca-volume + secret: + secretName: rabbitmq-ca - name: rabbitmq-key-volume secret: secretName: rabbitmq-key @@ -128,6 +134,15 @@ items: - name: fedmsg-config-volume mountPath: /etc/fedmsg.d/ readOnly: true + - name: rabbitmq-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: rabbitmq-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: rabbitmq-crt-volume + mountPath: /etc/pki/rabbitmq/crt + readOnly: true #readinessProbe: # timeoutSeconds: 1 # initialDelaySeconds: 5 @@ -147,6 +162,15 @@ items: - name: fedmsg-config-volume configMap: name: fedmsg-configmap + - name: rabbitmq-ca-volume + secret: + secretName: rabbitmq-ca + - name: rabbitmq-key-volume + secret: + secretName: rabbitmq-key + - name: rabbitmq-crt-volume + secret: + secretName: rabbitmq-cert triggers: - type: ConfigChange @@ -196,6 +220,15 @@ items: - name: fedmsg-config-volume mountPath: /etc/fedmsg.d/ readOnly: true + - name: rabbitmq-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: rabbitmq-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: rabbitmq-crt-volume + mountPath: /etc/pki/rabbitmq/crt + readOnly: true #readinessProbe: # timeoutSeconds: 1 # initialDelaySeconds: 5 @@ -215,6 +248,15 @@ items: - name: fedmsg-config-volume configMap: name: fedmsg-configmap + - name: rabbitmq-ca-volume + secret: + secretName: rabbitmq-ca + - name: rabbitmq-key-volume + secret: + secretName: rabbitmq-key + - name: rabbitmq-crt-volume + secret: + secretName: rabbitmq-cert triggers: - type: ConfigChange diff --git a/roles/openshift-apps/messaging-bridges/templates/configmap.yml b/roles/openshift-apps/messaging-bridges/templates/configmap.yml index 0e68087fc7..ba2e4d9a87 100644 --- a/roles/openshift-apps/messaging-bridges/templates/configmap.yml +++ b/roles/openshift-apps/messaging-bridges/templates/configmap.yml @@ -11,7 +11,7 @@ data: publish_exchange = "amq.topic" [tls] - ca_cert = "/etc/pki/tls/certs/ca-bundle.crt" + ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt" keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key" certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt" @@ -52,7 +52,7 @@ data: routing_keys = ["#"] [tls] - ca_cert = "/etc/pki/tls/certs/ca-bundle.crt" + ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt" keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key" certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt"