infrastructure/ansible
2
0
Fork 0
Code Pull requests 7 Activity Actions

messaging-bridges: deploy the CA cert too

Browse source
This commit is contained in:
Aurélien Bompard 2018-10-04 15:45:47 +00:00
parent 2a1f1a6e19
commit 9095cedd90
3 changed files with 50 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
playbooks/openshift-apps/messaging-bridges.yml
View file

@ -26,6 +26,12 @@
secret_name: fedmsg-cert secret_name: fedmsg-cert
key: fedmsg-fedmsg-migration-tools.crt key: fedmsg-fedmsg-migration-tools.crt
privatefile: "fedmsg-certs/keys/fedmsg-migration-tools{{env_suffix}}.fedoraproject.org.crt" privatefile: "fedmsg-certs/keys/fedmsg-migration-tools{{env_suffix}}.fedoraproject.org.crt"
- role: openshift/secret-file
app: messaging-bridges
secret_name: rabbitmq-ca
key: rabbitmq-ca.crt
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
- role: openshift/secret-file - role: openshift/secret-file
app: messaging-bridges app: messaging-bridges
secret_name: rabbitmq-key secret_name: rabbitmq-key

42
roles/openshift-apps/messaging-bridges/files/deploymentconfig.yml
View file

@ -42,6 +42,9 @@ items:
- name: fedmsg-crt-volume - name: fedmsg-crt-volume
mountPath: /etc/pki/fedmsg/crt mountPath: /etc/pki/fedmsg/crt
readOnly: true readOnly: true
- name: rabbitmq-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: rabbitmq-key-volume - name: rabbitmq-key-volume
mountPath: /etc/pki/rabbitmq/key mountPath: /etc/pki/rabbitmq/key
readOnly: true readOnly: true
@ -73,6 +76,9 @@ items:
- name: fedmsg-crt-volume - name: fedmsg-crt-volume
secret: secret:
secretName: fedmsg-cert secretName: fedmsg-cert
- name: rabbitmq-ca-volume
secret:
secretName: rabbitmq-ca
- name: rabbitmq-key-volume - name: rabbitmq-key-volume
secret: secret:
secretName: rabbitmq-key secretName: rabbitmq-key
@ -128,6 +134,15 @@ items:
- name: fedmsg-config-volume - name: fedmsg-config-volume
mountPath: /etc/fedmsg.d/ mountPath: /etc/fedmsg.d/
readOnly: true readOnly: true
- name: rabbitmq-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: rabbitmq-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: rabbitmq-crt-volume
mountPath: /etc/pki/rabbitmq/crt
readOnly: true
#readinessProbe: #readinessProbe:
# timeoutSeconds: 1 # timeoutSeconds: 1
# initialDelaySeconds: 5 # initialDelaySeconds: 5
@ -147,6 +162,15 @@ items:
- name: fedmsg-config-volume - name: fedmsg-config-volume
configMap: configMap:
name: fedmsg-configmap name: fedmsg-configmap
- name: rabbitmq-ca-volume
secret:
secretName: rabbitmq-ca
- name: rabbitmq-key-volume
secret:
secretName: rabbitmq-key
- name: rabbitmq-crt-volume
secret:
secretName: rabbitmq-cert
triggers: triggers:
- type: ConfigChange - type: ConfigChange
@ -196,6 +220,15 @@ items:
- name: fedmsg-config-volume - name: fedmsg-config-volume
mountPath: /etc/fedmsg.d/ mountPath: /etc/fedmsg.d/
readOnly: true readOnly: true
- name: rabbitmq-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: rabbitmq-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: rabbitmq-crt-volume
mountPath: /etc/pki/rabbitmq/crt
readOnly: true
#readinessProbe: #readinessProbe:
# timeoutSeconds: 1 # timeoutSeconds: 1
# initialDelaySeconds: 5 # initialDelaySeconds: 5
@ -215,6 +248,15 @@ items:
- name: fedmsg-config-volume - name: fedmsg-config-volume
configMap: configMap:
name: fedmsg-configmap name: fedmsg-configmap
- name: rabbitmq-ca-volume
secret:
secretName: rabbitmq-ca
- name: rabbitmq-key-volume
secret:
secretName: rabbitmq-key
- name: rabbitmq-crt-volume
secret:
secretName: rabbitmq-cert
triggers: triggers:
- type: ConfigChange - type: ConfigChange

4
roles/openshift-apps/messaging-bridges/templates/configmap.yml
View file

@ -11,7 +11,7 @@ data:
publish_exchange = "amq.topic" publish_exchange = "amq.topic"
[tls] [tls]
ca_cert = "/etc/pki/tls/certs/ca-bundle.crt" ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt"
keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key" keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key"
certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt" certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt"
@ -52,7 +52,7 @@ data:
routing_keys = ["#"] routing_keys = ["#"]
[tls] [tls]
ca_cert = "/etc/pki/tls/certs/ca-bundle.crt" ca_cert = "/etc/pki/rabbitmq/ca/rabbitmq-ca.crt"
keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key" keyfile = "/etc/pki/rabbitmq/key/rabbitmq-fedmsg-migration-tools.key"
certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt" certfile = "/etc/pki/rabbitmq/crt/rabbitmq-fedmsg-migration-tools.crt"