git/hooks: install the fedora-messaging certs and config file

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2020-05-20 11:20:57 +02:00 · 2020-05-20 11:20:57 +02:00 · 633866fdff
commit 633866fdff
parent 7ee8003ba9
2 changed files with 64 additions and 0 deletions
--- a/roles/git/hooks/tasks/main.yml
+++ b/roles/git/hooks/tasks/main.yml
@ -15,6 +15,47 @@
  - git/hooks
  - packages

+- name: install the fedora-messaging configuration file
+  template: src=git-hooks-messaging.toml dest=/etc/fedora-messaging/git-hooks-messaging.toml
+  tags:
+  - batcave
+  - config
+  - fedora-messaging
+
+- name: create folder where we'll place the certs
+  file: path=/etc/pki/rabbitmq/ owner=root group=root mode=0755 state=directory
+  tags:
+  - git
+  - git/hooks
+  - config
+  - fedora-messaging
+
+- name: install the rabbitmq certificates for batcave
+  copy: src={{ item.src }}
+      dest=/etc/pki/rabbitmq/{{ item.dest }}
+      owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
+  with_items:
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/issued/batcave{{ env_suffix }}.crt"
+    dest: git-hooks.crt
+    owner: root
+    group: root
+    mode: "444"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/private/batcave{{ env_suffix }}.key"
+    dest: git-hooks.key
+    owner: root
+    group: root
+    mode: "440"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt"
+    dest: git-hooks.ca
+    owner: root
+    group: root
+    mode: "444"
+  tags:
+  - git
+  - git/hooks
+  - config
+  - fedora-messaging
+
 - name: install the git hooks
  copy: src={{item}} dest=/usr/share/git-core/ mode=0755
  with_items:
--- a/roles/git/hooks/templates/git-hooks-messaging.toml
+++ b/roles/git/hooks/templates/git-hooks-messaging.toml
@ -0,0 +1,23 @@
+# A sample configuration for fedora-messaging. This file is in the TOML format.
+# For complete details on all configuration options, see the documentation.
+# https://fedora-messaging.readthedocs.io/en/stable/configuration.html
+
+# Broker address
+amqp_url = "amqps://batcave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/git-hooks.ca"
+keyfile = "/etc/pki/rabbitmq/git-hooks.key"
+certfile = "/etc/pki/rabbitmq/git-hooks.crt"
+
+[client_properties]
+app = "git-hooks"
+