From a21b274209937f62799c0cc109ffc1faa9967860 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Fri, 15 May 2020 14:50:04 +0200 Subject: [PATCH] Batcave: add support for fedora-messaging Install the certificates needed to connect to fedora-messaging Install a configuration file applications can use to send messages to the message bus using fedora-messaging. Create the batcave user in rabbitmq Signed-off-by: Pierre-Yves Chibon --- playbooks/groups/batcave.yml | 3 ++ roles/batcave/tasks/main.yml | 46 +++++++++++++++++++ .../batcave/templates/batcave-messaging.toml | 23 ++++++++++ 3 files changed, 72 insertions(+) create mode 100644 roles/batcave/templates/batcave-messaging.toml diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 6ab9209032..cbe528ae11 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -38,6 +38,9 @@ - role: rabbit/user username: "mirror_pagure_ansible{{ env_suffix }}" when: datacenter != 'iad2' + - role: rabbit/user + username: "batcave{{ env_suffix }}" + when: datacenter != 'iad2' - role: rabbit/queue username: "mirror_pagure_ansible{{ env_suffix }}" queue_name: "mirror_pagure_ansible{{ env_suffix }}" diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index 823176c22f..e79c0e692e 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -52,6 +52,7 @@ - easy-rsa # For easy copying into ansible-private for certs. - dnf # To get dnf reposync - dnf-plugins-core # To get dnf reposync + - fedora-messaging # To send/receive messages on the amqp bus tags: - batcave - config @@ -80,6 +81,7 @@ - easy-rsa # For easy copying into ansible-private for certs. - dnf # To get dnf reposync - dnf-plugins-core # To get dnf reposync + - fedora-messaging # To send/receive messages on the amqp bus tags: - batcave - config @@ -167,6 +169,50 @@ - batcave - config +# +# fedora-messaging configuration file for the applications sending messages from +# batcave +# + +- name: install the fedora-messaging configuration file + template: src=batcave-messaging.toml dest=/etc/fedora-messaging/batcave-messaging.toml + tags: + - batcave + - config + - fedora-messaging + +- name: create folder where we'll place the certs + file: path=/etc/pki/rabbitmq/ owner=root group=root mode=0755 state=directory + tags: + - batcave + - config + - fedora-messaging + +- name: install the rabbitmq certificates for batcave + copy: src={{ item.src }} + dest=/etc/pki/rabbitmq/{{ item.dest }} + owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }} + with_items: + - src: "{{private}}/files/rabbitmq/{{ env }}/pki/issued/batcave{{ env_suffix }}.crt" + dest: batcave.crt + owner: root + group: root + mode: "444" + - src: "{{private}}/files/rabbitmq/{{ env }}/pki/private/batcave{{ env_suffix }}.key" + dest: batcave.key + owner: root + group: root + mode: "440" + - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt" + dest: batcave.ca + owner: root + group: root + mode: "444" + tags: + - batcave + - config + - fedora-messaging + # # Scripts # diff --git a/roles/batcave/templates/batcave-messaging.toml b/roles/batcave/templates/batcave-messaging.toml new file mode 100644 index 0000000000..4dfc9c32af --- /dev/null +++ b/roles/batcave/templates/batcave-messaging.toml @@ -0,0 +1,23 @@ +# A sample configuration for fedora-messaging. This file is in the TOML format. +# For complete details on all configuration options, see the documentation. +# https://fedora-messaging.readthedocs.io/en/stable/configuration.html + +# Broker address +amqp_url = "amqps://batcave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +# The topic_prefix configuration value will add a prefix to the topics of every sent message. +# This is used for migrating from fedmsg, and should not be used afterwards. +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +[tls] +ca_cert = "/etc/pki/rabbitmq/batcave.ca" +keyfile = "/etc/pki/rabbitmq/batcave.key" +certfile = "/etc/pki/rabbitmq/batcave.crt" + +[client_properties] +app = "batcave" +