From d884a0f8babc95bfb3458a2d4422376da439e205 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Thu, 10 Apr 2025 12:42:58 +0200 Subject: [PATCH] Use the combined RabbitMQ CA cert in the clients MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- playbooks/openshift-apps/badges.yml | 2 +- playbooks/openshift-apps/bodhi.yml | 2 +- playbooks/openshift-apps/bugzilla2fedmsg.yml | 2 +- playbooks/openshift-apps/cloud-image-uploader.yml | 2 +- playbooks/openshift-apps/coreos-ostree-importer.yml | 2 +- playbooks/openshift-apps/datanommer.yml | 2 +- playbooks/openshift-apps/discourse2fedmsg.yml | 2 +- playbooks/openshift-apps/elections.yml | 2 +- playbooks/openshift-apps/fedocal.yml | 2 +- playbooks/openshift-apps/fmn.yml | 2 +- playbooks/openshift-apps/greenwave.yml | 2 +- playbooks/openshift-apps/kerneltest.yml | 2 +- playbooks/openshift-apps/maubot.yml | 2 +- playbooks/openshift-apps/mdapi.yml | 2 +- playbooks/openshift-apps/mirrormanager.yml | 2 +- playbooks/openshift-apps/noggin-centos.yml | 2 +- playbooks/openshift-apps/noggin.yml | 2 +- playbooks/openshift-apps/openscanhub.yml | 2 +- playbooks/openshift-apps/planet.yml | 2 +- playbooks/openshift-apps/poddlers.yml | 2 +- playbooks/openshift-apps/release-monitoring.yml | 2 +- playbooks/openshift-apps/resultsdb-ci-listener.yml | 2 +- playbooks/openshift-apps/resultsdb.yml | 2 +- playbooks/openshift-apps/the-new-hotness.yml | 2 +- playbooks/openshift-apps/waiverdb.yml | 2 +- playbooks/openshift-apps/webhook2fedmsg.yml | 2 +- roles/abrt/faf-pre/tasks/main.yml | 2 +- roles/batcave/tasks/main.yml | 2 +- roles/bodhi2/backend/tasks/main.yml | 2 +- roles/distgit/pagure/tasks/main.yml | 2 +- roles/ipa/server/tasks/journal2fedmsg.yml | 2 +- roles/koji_hub/tasks/main.yml | 4 ++-- roles/logging/tasks/main.yml | 2 +- roles/mailman3/tasks/main.yml | 4 ++-- roles/mediawiki/tasks/main.yml | 2 +- roles/messaging/base/tasks/main.yml | 2 +- roles/mirror_pagure_ansible/tasks/main.yml | 2 +- roles/openshift-apps/koschei/templates/admin-config.yml | 2 +- roles/openshift-apps/koschei/templates/backend-config.yml | 2 +- roles/pagure/tasks/main.yml | 4 ++-- roles/planet/tasks/main.yml | 2 +- roles/releng/tasks/main.yml | 2 +- roles/robosignatory/tasks/main.yml | 2 +- roles/supybot/tasks/main.yml | 2 +- 44 files changed, 47 insertions(+), 47 deletions(-) diff --git a/playbooks/openshift-apps/badges.yml b/playbooks/openshift-apps/badges.yml index de32c2bf0f..f537e8d14f 100644 --- a/playbooks/openshift-apps/badges.yml +++ b/playbooks/openshift-apps/badges.yml @@ -146,7 +146,7 @@ secret_file_app: badges secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: badges secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml index 72af86871c..0465964280 100644 --- a/playbooks/openshift-apps/bodhi.yml +++ b/playbooks/openshift-apps/bodhi.yml @@ -83,7 +83,7 @@ secret_file_app: bodhi secret_file_secret_name: bodhi-fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: bodhi secret_file_secret_name: bodhi-fedora-messaging-crt diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml index de27bb5f51..d1b832df66 100644 --- a/playbooks/openshift-apps/bugzilla2fedmsg.yml +++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml @@ -29,7 +29,7 @@ secret_file_app: bugzilla2fedmsg secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: bugzilla2fedmsg diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml index ddd3588abd..e48dae868f 100644 --- a/playbooks/openshift-apps/cloud-image-uploader.yml +++ b/playbooks/openshift-apps/cloud-image-uploader.yml @@ -92,7 +92,7 @@ secret_file_app: cloud-image-uploader secret_file_secret_name: cloud-image-uploader-fedora-messaging-ca secret_file_key: cloud-image-uploader.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: cloud-image-uploader diff --git a/playbooks/openshift-apps/coreos-ostree-importer.yml b/playbooks/openshift-apps/coreos-ostree-importer.yml index 9173c2f9bd..cab6b8e959 100644 --- a/playbooks/openshift-apps/coreos-ostree-importer.yml +++ b/playbooks/openshift-apps/coreos-ostree-importer.yml @@ -59,7 +59,7 @@ secret_file_app: coreos-ostree-importer secret_file_secret_name: fedora-messaging-ca secret_file_key: "{{ fedora_messaging_ca_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: coreos-ostree-importer secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/datanommer.yml b/playbooks/openshift-apps/datanommer.yml index 0017904a64..693a381df8 100644 --- a/playbooks/openshift-apps/datanommer.yml +++ b/playbooks/openshift-apps/datanommer.yml @@ -51,7 +51,7 @@ secret_file_app: datanommer secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: datanommer secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/discourse2fedmsg.yml b/playbooks/openshift-apps/discourse2fedmsg.yml index 6a7c46e99d..c2c60a1ca6 100644 --- a/playbooks/openshift-apps/discourse2fedmsg.yml +++ b/playbooks/openshift-apps/discourse2fedmsg.yml @@ -28,7 +28,7 @@ secret_file_app: discourse2fedmsg secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: discourse2fedmsg secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/elections.yml b/playbooks/openshift-apps/elections.yml index b34c7b9211..1c5b14e9ee 100644 --- a/playbooks/openshift-apps/elections.yml +++ b/playbooks/openshift-apps/elections.yml @@ -83,7 +83,7 @@ secret_file_app: elections secret_file_secret_name: elections-fedora-messaging-ca secret_file_key: elections.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/object object_app: elections diff --git a/playbooks/openshift-apps/fedocal.yml b/playbooks/openshift-apps/fedocal.yml index f262189a4f..240d37ccca 100644 --- a/playbooks/openshift-apps/fedocal.yml +++ b/playbooks/openshift-apps/fedocal.yml @@ -46,7 +46,7 @@ secret_file_app: fedocal secret_file_secret_name: fedocal-fedora-messaging-ca secret_file_key: fedocal.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/object object_app: fedocal diff --git a/playbooks/openshift-apps/fmn.yml b/playbooks/openshift-apps/fmn.yml index a6819f295d..8ada26e242 100644 --- a/playbooks/openshift-apps/fmn.yml +++ b/playbooks/openshift-apps/fmn.yml @@ -187,7 +187,7 @@ secret_file_app: fmn secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: fmn secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml index 74981fe17f..7461f9530a 100644 --- a/playbooks/openshift-apps/greenwave.yml +++ b/playbooks/openshift-apps/greenwave.yml @@ -49,7 +49,7 @@ secret_file_app: greenwave secret_file_secret_name: greenwave-fedora-messaging-ca secret_file_key: greenwave.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/object object_app: greenwave diff --git a/playbooks/openshift-apps/kerneltest.yml b/playbooks/openshift-apps/kerneltest.yml index 9d1668cc8b..f0ffbfcae1 100644 --- a/playbooks/openshift-apps/kerneltest.yml +++ b/playbooks/openshift-apps/kerneltest.yml @@ -56,7 +56,7 @@ secret_file_app: kerneltest secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: kerneltest secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml index d94279ae58..003d71c5f7 100644 --- a/playbooks/openshift-apps/maubot.yml +++ b/playbooks/openshift-apps/maubot.yml @@ -88,7 +88,7 @@ secret_file_app: maubot secret_file_secret_name: maubot-fedora-messaging-ca secret_file_key: maubot.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/start-build start_build_app: maubot diff --git a/playbooks/openshift-apps/mdapi.yml b/playbooks/openshift-apps/mdapi.yml index 1bbaf43ee7..b0902cd9e5 100644 --- a/playbooks/openshift-apps/mdapi.yml +++ b/playbooks/openshift-apps/mdapi.yml @@ -57,7 +57,7 @@ secret_file_app: mdapi secret_file_secret_name: mdapi-fedora-messaging-ca secret_file_key: mdapi.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/object object_app: mdapi diff --git a/playbooks/openshift-apps/mirrormanager.yml b/playbooks/openshift-apps/mirrormanager.yml index 21e5900e68..54781e6e71 100644 --- a/playbooks/openshift-apps/mirrormanager.yml +++ b/playbooks/openshift-apps/mirrormanager.yml @@ -118,7 +118,7 @@ secret_file_app: mirrormanager secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: mirrormanager secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/noggin-centos.yml b/playbooks/openshift-apps/noggin-centos.yml index 76d1b34ead..4c1314007e 100644 --- a/playbooks/openshift-apps/noggin-centos.yml +++ b/playbooks/openshift-apps/noggin-centos.yml @@ -41,7 +41,7 @@ secret_file_app: noggin-centos secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: noggin-centos secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/noggin.yml b/playbooks/openshift-apps/noggin.yml index 869c0eca5f..54b84bb6dc 100644 --- a/playbooks/openshift-apps/noggin.yml +++ b/playbooks/openshift-apps/noggin.yml @@ -41,7 +41,7 @@ secret_file_app: noggin secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: noggin secret_file_secret_name: fedora-messaging-crt diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml index 0c09a6ebdd..41007c08e6 100644 --- a/playbooks/openshift-apps/openscanhub.yml +++ b/playbooks/openshift-apps/openscanhub.yml @@ -151,7 +151,7 @@ secret_file_app: openscanhub secret_file_secret_name: openscanhub-fedora-messaging-ca secret_file_key: fedora-messaging-openscanhub-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: openscanhub secret_file_secret_name: openscanhub-fedora-messaging-key diff --git a/playbooks/openshift-apps/planet.yml b/playbooks/openshift-apps/planet.yml index d91061b371..25cc9509b6 100644 --- a/playbooks/openshift-apps/planet.yml +++ b/playbooks/openshift-apps/planet.yml @@ -86,7 +86,7 @@ secret_file_app: planet secret_file_secret_name: planet-fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: planet diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml index 3488e0f3d1..f99eef7103 100644 --- a/playbooks/openshift-apps/poddlers.yml +++ b/playbooks/openshift-apps/poddlers.yml @@ -83,7 +83,7 @@ secret_file_app: poddlers secret_file_secret_name: toddlers-fedora-messaging-ca secret_file_key: toddlers.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/object object_app: poddlers diff --git a/playbooks/openshift-apps/release-monitoring.yml b/playbooks/openshift-apps/release-monitoring.yml index 0e834b913a..ed52cacda3 100644 --- a/playbooks/openshift-apps/release-monitoring.yml +++ b/playbooks/openshift-apps/release-monitoring.yml @@ -23,7 +23,7 @@ secret_file_app: release-monitoring secret_file_secret_name: release-monitoring-fedora-messaging-ca secret_file_key: fedora-messaging-release-monitoring-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: release-monitoring secret_file_secret_name: release-monitoring-fedora-messaging-key diff --git a/playbooks/openshift-apps/resultsdb-ci-listener.yml b/playbooks/openshift-apps/resultsdb-ci-listener.yml index 2853752b60..3ee5c5ba36 100644 --- a/playbooks/openshift-apps/resultsdb-ci-listener.yml +++ b/playbooks/openshift-apps/resultsdb-ci-listener.yml @@ -58,7 +58,7 @@ secret_file_app: resultsdb-ci-listener secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-ca secret_file_key: resultsdb-ci-listener.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/imagestream imagestream_app: resultsdb-ci-listener diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml index d042ba3d4f..e6a5bbce0d 100644 --- a/playbooks/openshift-apps/resultsdb.yml +++ b/playbooks/openshift-apps/resultsdb.yml @@ -71,7 +71,7 @@ secret_file_app: resultsdb secret_file_secret_name: resultsdb-fedora-messaging-ca secret_file_key: resultsdb.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" # backend objects - role: openshift/object diff --git a/playbooks/openshift-apps/the-new-hotness.yml b/playbooks/openshift-apps/the-new-hotness.yml index 5859985fbc..5cbef45b8c 100644 --- a/playbooks/openshift-apps/the-new-hotness.yml +++ b/playbooks/openshift-apps/the-new-hotness.yml @@ -49,7 +49,7 @@ secret_file_app: the-new-hotness secret_file_secret_name: the-new-hotness-fedora-messaging-ca secret_file_key: fedora-messaging-the-new-hotness-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: the-new-hotness diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml index 547f9dcc6c..ef95e34350 100644 --- a/playbooks/openshift-apps/waiverdb.yml +++ b/playbooks/openshift-apps/waiverdb.yml @@ -78,7 +78,7 @@ secret_file_app: waiverdb secret_file_secret_name: waiverdb-fedora-messaging-ca secret_file_key: waiverdb.ca - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/object object_app: waiverdb diff --git a/playbooks/openshift-apps/webhook2fedmsg.yml b/playbooks/openshift-apps/webhook2fedmsg.yml index f61e23d7df..14729176de 100644 --- a/playbooks/openshift-apps/webhook2fedmsg.yml +++ b/playbooks/openshift-apps/webhook2fedmsg.yml @@ -53,7 +53,7 @@ secret_file_app: webhook2fedmsg secret_file_secret_name: fedora-messaging-ca secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt" + secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - role: openshift/secret-file secret_file_app: webhook2fedmsg secret_file_secret_name: fedora-messaging-crt diff --git a/roles/abrt/faf-pre/tasks/main.yml b/roles/abrt/faf-pre/tasks/main.yml index d3a63a0f50..8c2c585196 100644 --- a/roles/abrt/faf-pre/tasks/main.yml +++ b/roles/abrt/faf-pre/tasks/main.yml @@ -25,7 +25,7 @@ dest=/etc/fedora-messaging/faf/{{ item.dest }} owner={{ item.owner }} group=root mode={{ item.mode }} loop: - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt", + - { src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt", dest: "ca.crt", owner: faf, mode: "0644" diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index a4ade0e1cf..d185349685 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -150,7 +150,7 @@ owner: root group: root mode: "440" - - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/{{ env }}/ca-combined.crt" dest: batcave.ca owner: root group: root diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index c3a1dea6b4..b979fd4b5f 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -341,7 +341,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt" dest: /etc/pki/fedora-messaging/cacert.pem mode: "0644" owner: apache diff --git a/roles/distgit/pagure/tasks/main.yml b/roles/distgit/pagure/tasks/main.yml index 3b5078285e..da4d01f4a8 100644 --- a/roles/distgit/pagure/tasks/main.yml +++ b/roles/distgit/pagure/tasks/main.yml @@ -323,7 +323,7 @@ owner: pagure group: packager mode: "440" - - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt" dest: src.fp.o.ca owner: pagure group: packager diff --git a/roles/ipa/server/tasks/journal2fedmsg.yml b/roles/ipa/server/tasks/journal2fedmsg.yml index 0d577ae342..8f52c03dae 100644 --- a/roles/ipa/server/tasks/journal2fedmsg.yml +++ b/roles/ipa/server/tasks/journal2fedmsg.yml @@ -21,7 +21,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt" dest: /etc/pki/fedora-messaging/ca.crt mode: "0644" owner: root diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index be08590841..cee669a720 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -137,7 +137,7 @@ dest: koji.key owner: apache mode: "600" - - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt" dest: koji.ca owner: apache mode: "0644" @@ -160,7 +160,7 @@ dest: koji.key owner: apache mode: "600" - - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt" dest: koji.ca owner: apache mode: "0644" diff --git a/roles/logging/tasks/main.yml b/roles/logging/tasks/main.yml index 3cee5a96e7..a6c72da019 100644 --- a/roles/logging/tasks/main.yml +++ b/roles/logging/tasks/main.yml @@ -13,7 +13,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt" dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt mode: "0644" owner: root diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml index 121c5b18ba..6655ee2949 100644 --- a/roles/mailman3/tasks/main.yml +++ b/roles/mailman3/tasks/main.yml @@ -87,7 +87,7 @@ - src: "{{ private }}/files/rabbitmq/staging/pki/private/mailman.stg.key" dest: mailman.key mode: "440" - - src: "{{ private }}/files/rabbitmq/staging/pki/ca.crt" + - src: "{{ private }}/files/rabbitmq/staging/ca-combined.crt" dest: mailman.ca mode: "444" tags: @@ -109,7 +109,7 @@ - src: "{{ private }}/files/rabbitmq/production/pki/private/mailman.key" dest: mailman.key mode: "440" - - src: "{{ private }}/files/rabbitmq/production/pki/ca.crt" + - src: "{{ private }}/files/rabbitmq/production/ca-combined.crt" dest: mailman.ca mode: "444" tags: diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 6cbf7904f5..2c85940111 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -86,7 +86,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt" dest: /etc/pki/fedora-messaging/cacert.pem mode: "0644" owner: root diff --git a/roles/messaging/base/tasks/main.yml b/roles/messaging/base/tasks/main.yml index 9e682413e7..ad42a90ba6 100644 --- a/roles/messaging/base/tasks/main.yml +++ b/roles/messaging/base/tasks/main.yml @@ -36,7 +36,7 @@ - fedora-messaging - name: "Copy fedora messaging ca.crt for readers" - ansible.builtin.copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt + ansible.builtin.copy: src={{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt dest=/etc/pki/rabbitmq/{{ item.username }}/ca.crt owner={{ item.username }} group=root mode=0644 with_items: "{{ messaging.certificates }}" diff --git a/roles/mirror_pagure_ansible/tasks/main.yml b/roles/mirror_pagure_ansible/tasks/main.yml index c2215b0c44..3b8a774501 100644 --- a/roles/mirror_pagure_ansible/tasks/main.yml +++ b/roles/mirror_pagure_ansible/tasks/main.yml @@ -57,7 +57,7 @@ owner: mirror_pagure_ansible group: mirror_pagure_ansible mode: "0600" - - src: "{{private}}/files/rabbitmq/production/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/production/ca-combined.crt" dest: cacert.pem owner: mirror_pagure_ansible group: mirror_pagure_ansible diff --git a/roles/openshift-apps/koschei/templates/admin-config.yml b/roles/openshift-apps/koschei/templates/admin-config.yml index 02e1849b58..de37ff1926 100644 --- a/roles/openshift-apps/koschei/templates/admin-config.yml +++ b/roles/openshift-apps/koschei/templates/admin-config.yml @@ -14,7 +14,7 @@ stringData: {{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }} data: rabbitmq-ca.crt: | - {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/ca.crt', rstrip=False) | b64encode | indent }} + {{ lookup('file', private + '/files/rabbitmq/' + env + '/ca-combined.crt', rstrip=False) | b64encode | indent }} rabbitmq-client.crt: | {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/issued/' + app + env_suffix + '.crt', rstrip=False) | b64encode | indent }} rabbitmq-client.key: | diff --git a/roles/openshift-apps/koschei/templates/backend-config.yml b/roles/openshift-apps/koschei/templates/backend-config.yml index 6d6f240cec..830e974a32 100644 --- a/roles/openshift-apps/koschei/templates/backend-config.yml +++ b/roles/openshift-apps/koschei/templates/backend-config.yml @@ -14,7 +14,7 @@ stringData: {{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }} data: rabbitmq-ca.crt: | - {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/ca.crt', rstrip=False) | b64encode | indent }} + {{ lookup('file', private + '/files/rabbitmq/' + env + '/ca-combined.crt', rstrip=False) | b64encode | indent }} rabbitmq-client.crt: | {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/issued/' + app + env_suffix + '.crt', rstrip=False) | b64encode | indent }} rabbitmq-client.key: | diff --git a/roles/pagure/tasks/main.yml b/roles/pagure/tasks/main.yml index 20cafba44f..540343cb78 100644 --- a/roles/pagure/tasks/main.yml +++ b/roles/pagure/tasks/main.yml @@ -308,7 +308,7 @@ owner: git group: root mode: "440" - - src: "{{private}}/files/rabbitmq/staging/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/staging/ca-combined.crt" dest: pagure.ca owner: git group: root @@ -333,7 +333,7 @@ owner: git group: root mode: "440" - - src: "{{private}}/files/rabbitmq/production/pki/ca.crt" + - src: "{{private}}/files/rabbitmq/production/ca-combined.crt" dest: pagure.ca owner: git group: root diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml index 7bcc3ae481..3cb0440a9b 100644 --- a/roles/planet/tasks/main.yml +++ b/roles/planet/tasks/main.yml @@ -303,7 +303,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt" dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt mode: "0644" owner: root diff --git a/roles/releng/tasks/main.yml b/roles/releng/tasks/main.yml index fa1bff8437..d76ba036a2 100644 --- a/roles/releng/tasks/main.yml +++ b/roles/releng/tasks/main.yml @@ -376,7 +376,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt" dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt mode: "644" owner: apache diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml index 5fb142fed9..73a425302f 100644 --- a/roles/robosignatory/tasks/main.yml +++ b/roles/robosignatory/tasks/main.yml @@ -117,7 +117,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt" dest: /etc/pki/fedora-messaging/cacert.pem mode: "0644" owner: root diff --git a/roles/supybot/tasks/main.yml b/roles/supybot/tasks/main.yml index 3c51322c55..e4211bd889 100644 --- a/roles/supybot/tasks/main.yml +++ b/roles/supybot/tasks/main.yml @@ -116,7 +116,7 @@ - name: Deploy the fedora-messaging CA ansible.builtin.copy: - src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" + src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt" dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt mode: "0644" owner: daemon