Batcave: add support for fedora-messaging

Install the certificates needed to connect to fedora-messaging Install a configuration file applications can use to send messages to the message bus using fedora-messaging. Create the batcave user in rabbitmq Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2020-05-15 14:50:04 +02:00 · 2020-05-15 14:50:04 +02:00 · a21b274209
commit a21b274209
parent 0290f57cfb
3 changed files with 72 additions and 0 deletions
--- a/playbooks/groups/batcave.yml
+++ b/playbooks/groups/batcave.yml
@ -38,6 +38,9 @@
  - role: rabbit/user
    username: "mirror_pagure_ansible{{ env_suffix }}"
    when: datacenter != 'iad2'
+  - role: rabbit/user
+    username: "batcave{{ env_suffix }}"
+    when: datacenter != 'iad2'
  - role: rabbit/queue
    username: "mirror_pagure_ansible{{ env_suffix }}"
    queue_name: "mirror_pagure_ansible{{ env_suffix }}"
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@ -52,6 +52,7 @@
  - easy-rsa                  # For easy copying into ansible-private for certs.
  - dnf                       # To get dnf reposync
  - dnf-plugins-core          # To get dnf reposync
+  - fedora-messaging          # To send/receive messages on the amqp bus
  tags:
  - batcave
  - config
@ -80,6 +81,7 @@
  - easy-rsa                  # For easy copying into ansible-private for certs.
  - dnf                       # To get dnf reposync
  - dnf-plugins-core          # To get dnf reposync
+  - fedora-messaging          # To send/receive messages on the amqp bus
  tags:
  - batcave
  - config
@ -167,6 +169,50 @@
  - batcave
  - config

+#
+# fedora-messaging configuration file for the applications sending messages from
+# batcave
+#
+
+- name: install the fedora-messaging configuration file
+  template: src=batcave-messaging.toml dest=/etc/fedora-messaging/batcave-messaging.toml
+  tags:
+  - batcave
+  - config
+  - fedora-messaging
+
+- name: create folder where we'll place the certs
+  file: path=/etc/pki/rabbitmq/ owner=root group=root mode=0755 state=directory
+  tags:
+  - batcave
+  - config
+  - fedora-messaging
+
+- name: install the rabbitmq certificates for batcave
+  copy: src={{ item.src }}
+      dest=/etc/pki/rabbitmq/{{ item.dest }}
+      owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
+  with_items:
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/issued/batcave{{ env_suffix }}.crt"
+    dest: batcave.crt
+    owner: root
+    group: root
+    mode: "444"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/private/batcave{{ env_suffix }}.key"
+    dest: batcave.key
+    owner: root
+    group: root
+    mode: "440"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt"
+    dest: batcave.ca
+    owner: root
+    group: root
+    mode: "444"
+  tags:
+  - batcave
+  - config
+  - fedora-messaging
+
 #
 # Scripts
 #
--- a/roles/batcave/templates/batcave-messaging.toml
+++ b/roles/batcave/templates/batcave-messaging.toml
@ -0,0 +1,23 @@
+# A sample configuration for fedora-messaging. This file is in the TOML format.
+# For complete details on all configuration options, see the documentation.
+# https://fedora-messaging.readthedocs.io/en/stable/configuration.html
+
+# Broker address
+amqp_url = "amqps://batcave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/batcave.ca"
+keyfile = "/etc/pki/rabbitmq/batcave.key"
+certfile = "/etc/pki/rabbitmq/batcave.crt"
+
+[client_properties]
+app = "batcave"
+