planet: add fedora-messaging certs, user and config

The venus package was changed to use fedora-messaging, but we need to now install certs, make a rabbitmq user and add a config for it to use. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2020-08-30 10:46:24 -07:00 · 2020-08-30 10:46:24 -07:00 · 9e1301c417
commit 9e1301c417
parent a8b9a38ec0
3 changed files with 75 additions and 1 deletions
--- a/playbooks/groups/people.yml
+++ b/playbooks/groups/people.yml
@ -72,8 +72,9 @@
  - clamav
  - planet
  - { role: letsencrypt, site_name: 'fedoraplanet.org' }
-  - fedmsg/base
  - git/server
+  - role: rabbit/user
+    username: "planet{{ env_suffix }}"

  - role: apache

--- a/roles/planet/tasks/main.yml
+++ b/roles/planet/tasks/main.yml
@ -289,3 +289,58 @@
  copy: src=sub-planets/quality/base_config dest=/etc/planet/quality/base_config mode=0644 owner=root group=root
  tags:
    - planet_server
+
+- name: Create /etc/pki/fedora-messaging
+  file:
+    dest: /etc/pki/fedora-messaging
+    mode: 0775
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - config
+  - planet_server
+
+- name: Deploy the fedora-messaging CA
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
+    mode: 0644
+    owner: root
+    group: root
+  tags:
+  - config
+  - planet_server
+
+- name: Deploy the fedora-messaging cert
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/planet{{env_suffix}}.crt"
+    dest: /etc/pki/fedora-messaging/planet.crt
+    mode: 0644
+    owner: planet-user
+    group: planet-user
+  tags:
+  - config
+  - planet_server
+
+- name: Deploy the fedora-messaging key
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/planet{{env_suffix}}.key"
+    dest: /etc/pki/fedora-messaging/planet.key
+    mode: 0600
+    owner: planet-user
+    group: planet-user
+  tags:
+  - config
+  - planet_server
+
+- name: Install fedora-messaging config
+  template:
+    src: fedora-messaging.toml.j2
+    dest: /etc/fedora-messaging/config.toml
+    owner: planet-user
+    group: planet-user
+    mode: 0600
+  tags:
+  - config
+  - planet_server
--- a/roles/planet/templates/fedora-messaging.toml.j2
+++ b/roles/planet/templates/fedora-messaging.toml.j2
@ -0,0 +1,18 @@
+amqp_url = "amqps://pungi{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+publish_exchange = "amq.topic"
+passive_declares = true
+
+[tls]
+ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt"
+keyfile = "/etc/pki/fedora-messaging/planet.key"
+certfile = "/etc/pki/fedora-messaging/planet.crt"
+
+[client_properties]
+app = "planet"