Use the rabbitmq certs

2018-10-04 15:19:59 +00:00 · 2018-10-04 15:19:59 +00:00 · bf895f0aa6
commit bf895f0aa6
parent 1d4dd97959
3 changed files with 30 additions and 8 deletions
--- a/playbooks/openshift-apps/messaging-bridges.yml
+++ b/playbooks/openshift-apps/messaging-bridges.yml
@ -26,6 +26,16 @@
    secret_name: fedmsg-cert
    key: fedmsg-fedmsg-migration-tools.crt
    privatefile: "fedmsg-certs/keys/fedmsg-migration-tools{{env_suffix}}.fedoraproject.org.crt"
+  - role: openshift/secret-file
+    app: messaging-bridges
+    secret_name: rabbitmq-key
+    key: rabbitmq-fedmsg-migration-tools.key
+    privatefile: "rabbitmq/{{env}}/pki/private/messaging-bridge{{env_suffix}}.fedoraproject.org.crt"
+  - role: openshift/secret-file
+    app: messaging-bridges
+    secret_name: rabbitmq-cert
+    key: rabbitmq-fedmsg-migration-tools.crt
+    privatefile: "rabbitmq/{{env}}/pki/issued/messaging-bridge{{env_suffix}}.fedoraproject.org.crt"

  - role: openshift/object
    app: messaging-bridges
--- a/roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml
+++ b/roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml
@ -42,6 +42,12 @@ items:
            - name: fedmsg-crt-volume
              mountPath: /etc/pki/fedmsg/crt
              readOnly: true
+            - name: rabbitmq-key-volume
+              mountPath: /etc/pki/rabbitmq/key
+              readOnly: true
+            - name: rabbitmq-crt-volume
+              mountPath: /etc/pki/rabbitmq/crt
+              readOnly: true
          #readinessProbe:
          #  timeoutSeconds: 1
          #  initialDelaySeconds: 5
@ -67,6 +73,12 @@ items:
          - name: fedmsg-crt-volume
            secret:
              secretName: fedmsg-cert
+          - name: rabbitmq-key-volume
+            secret:
+              secretName: rabbitmq-key
+          - name: rabbitmq-crt-volume
+            secret:
+              secretName: rabbitmq-cert

    triggers:
    - type: ConfigChange
--- a/roles/openshift-apps/messaging-bridges/templates/configmap.yml
+++ b/roles/openshift-apps/messaging-bridges/templates/configmap.yml
@ -10,10 +10,10 @@ data:
    amqp_url = "amqp://rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
    publish_exchange = "amq.topic"
    
-    #[tls]
-    #ca_cert = "/etc/pki/tls/certs/ca-bundle.crt"
-    #keyfile = "/my/client/key.pem"
-    #certfile = "/my/client/cert.pem"
+    [tls]
+    ca_cert = "/etc/pki/tls/certs/ca-bundle.crt"
+    keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key"
+    certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt"
    
    [client_properties]
    app = "fedmsg-migration-tools"
@ -51,10 +51,10 @@ data:
    exchange = "amq.topic"
    routing_keys = ["#"]
    
-    #[tls]
-    #ca_cert = "/etc/pki/tls/certs/ca-bundle.crt"
-    #keyfile = "/my/client/key.pem"
-    #certfile = "/my/client/cert.pem"
+    [tls]
+    ca_cert = "/etc/pki/tls/certs/ca-bundle.crt"
+    keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key"
+    certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt"
    
    [client_properties]
    app = "AMQP to ZMQ"