Use the combined RabbitMQ CA cert in the clients

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-10 12:42:58 +02:00 · 2025-04-10 12:42:58 +02:00 · d884a0f8ba
commit d884a0f8ba
parent 9d6f7c0f6f
44 changed files with 47 additions and 47 deletions
--- a/playbooks/openshift-apps/badges.yml
+++ b/playbooks/openshift-apps/badges.yml
@ -146,7 +146,7 @@
      secret_file_app: badges
      secret_file_secret_name: fedora-messaging-ca
      secret_file_key: cacert.pem
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
    - role: openshift/secret-file
      secret_file_app: badges
      secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@ -83,7 +83,7 @@
    secret_file_app: bodhi
    secret_file_secret_name: bodhi-fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: bodhi
    secret_file_secret_name: bodhi-fedora-messaging-crt
--- a/playbooks/openshift-apps/bugzilla2fedmsg.yml
+++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml
@ -29,7 +29,7 @@
    secret_file_app: bugzilla2fedmsg
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/secret-file
    secret_file_app: bugzilla2fedmsg
--- a/playbooks/openshift-apps/cloud-image-uploader.yml
+++ b/playbooks/openshift-apps/cloud-image-uploader.yml
@ -92,7 +92,7 @@
    secret_file_app: cloud-image-uploader
    secret_file_secret_name: cloud-image-uploader-fedora-messaging-ca
    secret_file_key: cloud-image-uploader.ca
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/secret-file
    secret_file_app: cloud-image-uploader
--- a/playbooks/openshift-apps/coreos-ostree-importer.yml
+++ b/playbooks/openshift-apps/coreos-ostree-importer.yml
@ -59,7 +59,7 @@
    secret_file_app: coreos-ostree-importer
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: "{{ fedora_messaging_ca_file }}"
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: coreos-ostree-importer
    secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/datanommer.yml
+++ b/playbooks/openshift-apps/datanommer.yml
@ -51,7 +51,7 @@
    secret_file_app: datanommer
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: datanommer
    secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/discourse2fedmsg.yml
+++ b/playbooks/openshift-apps/discourse2fedmsg.yml
@ -28,7 +28,7 @@
    secret_file_app: discourse2fedmsg
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: discourse2fedmsg
    secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/elections.yml
+++ b/playbooks/openshift-apps/elections.yml
@ -83,7 +83,7 @@
    secret_file_app: elections
    secret_file_secret_name: elections-fedora-messaging-ca
    secret_file_key: elections.ca
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/object
    object_app: elections
--- a/playbooks/openshift-apps/fedocal.yml
+++ b/playbooks/openshift-apps/fedocal.yml
@ -46,7 +46,7 @@
    secret_file_app: fedocal
    secret_file_secret_name: fedocal-fedora-messaging-ca
    secret_file_key: fedocal.ca
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/object
    object_app: fedocal
--- a/playbooks/openshift-apps/fmn.yml
+++ b/playbooks/openshift-apps/fmn.yml
@ -187,7 +187,7 @@
      secret_file_app: fmn
      secret_file_secret_name: fedora-messaging-ca
      secret_file_key: cacert.pem
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
    - role: openshift/secret-file
      secret_file_app: fmn
      secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/greenwave.yml
+++ b/playbooks/openshift-apps/greenwave.yml
@ -49,7 +49,7 @@
    secret_file_app: greenwave
    secret_file_secret_name: greenwave-fedora-messaging-ca
    secret_file_key: greenwave.ca
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/object
    object_app: greenwave
--- a/playbooks/openshift-apps/kerneltest.yml
+++ b/playbooks/openshift-apps/kerneltest.yml
@ -56,7 +56,7 @@
    secret_file_app: kerneltest
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: kerneltest
    secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/maubot.yml
+++ b/playbooks/openshift-apps/maubot.yml
@ -88,7 +88,7 @@
    secret_file_app: maubot
    secret_file_secret_name: maubot-fedora-messaging-ca
    secret_file_key: maubot.ca
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/start-build
    start_build_app: maubot
--- a/playbooks/openshift-apps/mdapi.yml
+++ b/playbooks/openshift-apps/mdapi.yml
@ -57,7 +57,7 @@
    secret_file_app: mdapi
    secret_file_secret_name: mdapi-fedora-messaging-ca
    secret_file_key: mdapi.ca
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/object
    object_app: mdapi
--- a/playbooks/openshift-apps/mirrormanager.yml
+++ b/playbooks/openshift-apps/mirrormanager.yml
@ -118,7 +118,7 @@
      secret_file_app: mirrormanager
      secret_file_secret_name: fedora-messaging-ca
      secret_file_key: cacert.pem
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
    - role: openshift/secret-file
      secret_file_app: mirrormanager
      secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/noggin-centos.yml
+++ b/playbooks/openshift-apps/noggin-centos.yml
@ -41,7 +41,7 @@
    secret_file_app: noggin-centos
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: noggin-centos
    secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/noggin.yml
+++ b/playbooks/openshift-apps/noggin.yml
@ -41,7 +41,7 @@
    secret_file_app: noggin
    secret_file_secret_name: fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: noggin
    secret_file_secret_name: fedora-messaging-crt
--- a/playbooks/openshift-apps/openscanhub.yml
+++ b/playbooks/openshift-apps/openscanhub.yml
@ -151,7 +151,7 @@
    secret_file_app: openscanhub
    secret_file_secret_name: openscanhub-fedora-messaging-ca
    secret_file_key: fedora-messaging-openscanhub-ca.crt
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: openscanhub
    secret_file_secret_name: openscanhub-fedora-messaging-key
--- a/playbooks/openshift-apps/planet.yml
+++ b/playbooks/openshift-apps/planet.yml
@ -86,7 +86,7 @@
    secret_file_app: planet
    secret_file_secret_name: planet-fedora-messaging-ca
    secret_file_key: cacert.pem
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/secret-file
    secret_file_app: planet
--- a/playbooks/openshift-apps/poddlers.yml
+++ b/playbooks/openshift-apps/poddlers.yml
@ -83,7 +83,7 @@
      secret_file_app: poddlers
      secret_file_secret_name: toddlers-fedora-messaging-ca
      secret_file_key: toddlers.ca
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

    - role: openshift/object
      object_app: poddlers
--- a/playbooks/openshift-apps/release-monitoring.yml
+++ b/playbooks/openshift-apps/release-monitoring.yml
@ -23,7 +23,7 @@
    secret_file_app: release-monitoring
    secret_file_secret_name: release-monitoring-fedora-messaging-ca
    secret_file_key: fedora-messaging-release-monitoring-ca.crt
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
  - role: openshift/secret-file
    secret_file_app: release-monitoring
    secret_file_secret_name: release-monitoring-fedora-messaging-key
--- a/playbooks/openshift-apps/resultsdb-ci-listener.yml
+++ b/playbooks/openshift-apps/resultsdb-ci-listener.yml
@ -58,7 +58,7 @@
      secret_file_app: resultsdb-ci-listener
      secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-ca
      secret_file_key: resultsdb-ci-listener.ca
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

    - role: openshift/imagestream
      imagestream_app: resultsdb-ci-listener
--- a/playbooks/openshift-apps/resultsdb.yml
+++ b/playbooks/openshift-apps/resultsdb.yml
@ -71,7 +71,7 @@
      secret_file_app: resultsdb
      secret_file_secret_name: resultsdb-fedora-messaging-ca
      secret_file_key: resultsdb.ca
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

    # backend objects
    - role: openshift/object
--- a/playbooks/openshift-apps/the-new-hotness.yml
+++ b/playbooks/openshift-apps/the-new-hotness.yml
@ -49,7 +49,7 @@
    secret_file_app: the-new-hotness
    secret_file_secret_name: the-new-hotness-fedora-messaging-ca
    secret_file_key: fedora-messaging-the-new-hotness-ca.crt
-    secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/secret-file
    secret_file_app: the-new-hotness
--- a/playbooks/openshift-apps/waiverdb.yml
+++ b/playbooks/openshift-apps/waiverdb.yml
@ -78,7 +78,7 @@
      secret_file_app: waiverdb
      secret_file_secret_name: waiverdb-fedora-messaging-ca
      secret_file_key: waiverdb.ca
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

    - role: openshift/object
      object_app: waiverdb
--- a/playbooks/openshift-apps/webhook2fedmsg.yml
+++ b/playbooks/openshift-apps/webhook2fedmsg.yml
@ -53,7 +53,7 @@
      secret_file_app: webhook2fedmsg
      secret_file_secret_name: fedora-messaging-ca
      secret_file_key: cacert.pem
-      secret_file_privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+      secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"
    - role: openshift/secret-file
      secret_file_app: webhook2fedmsg
      secret_file_secret_name: fedora-messaging-crt
--- a/roles/abrt/faf-pre/tasks/main.yml
+++ b/roles/abrt/faf-pre/tasks/main.yml
@ -25,7 +25,7 @@
        dest=/etc/fedora-messaging/faf/{{ item.dest }}
        owner={{ item.owner }} group=root mode={{ item.mode }}
  loop:
-    - { src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt",
+    - { src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt",
        dest: "ca.crt",
        owner: faf,
        mode: "0644"
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@ -150,7 +150,7 @@
    owner: root
    group: root
    mode: "440"
-  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/ca-combined.crt"
    dest: batcave.ca
    owner: root
    group: root
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@ -341,7 +341,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/cacert.pem
    mode: "0644"
    owner: apache
--- a/roles/distgit/pagure/tasks/main.yml
+++ b/roles/distgit/pagure/tasks/main.yml
@ -323,7 +323,7 @@
      owner: pagure
      group: packager
      mode: "440"
-    - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+    - src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt"
      dest: src.fp.o.ca
      owner: pagure
      group: packager
--- a/roles/ipa/server/tasks/journal2fedmsg.yml
+++ b/roles/ipa/server/tasks/journal2fedmsg.yml
@ -21,7 +21,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/ca.crt
    mode: "0644"
    owner: root
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@ -137,7 +137,7 @@
      dest: koji.key
      owner: apache
      mode: "600"
-    - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+    - src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt"
      dest: koji.ca
      owner: apache
      mode: "0644"
@ -160,7 +160,7 @@
      dest: koji.key
      owner: apache
      mode: "600"
-    - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+    - src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt"
      dest: koji.ca
      owner: apache
      mode: "0644"
--- a/roles/logging/tasks/main.yml
+++ b/roles/logging/tasks/main.yml
@ -13,7 +13,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
    mode: "0644"
    owner: root
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@ -87,7 +87,7 @@
    - src: "{{ private }}/files/rabbitmq/staging/pki/private/mailman.stg.key"
      dest: mailman.key
      mode: "440"
-    - src: "{{ private }}/files/rabbitmq/staging/pki/ca.crt"
+    - src: "{{ private }}/files/rabbitmq/staging/ca-combined.crt"
      dest: mailman.ca
      mode: "444"
  tags:
@ -109,7 +109,7 @@
    - src: "{{ private }}/files/rabbitmq/production/pki/private/mailman.key"
      dest: mailman.key
      mode: "440"
-    - src: "{{ private }}/files/rabbitmq/production/pki/ca.crt"
+    - src: "{{ private }}/files/rabbitmq/production/ca-combined.crt"
      dest: mailman.ca
      mode: "444"
  tags:
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@ -86,7 +86,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/cacert.pem
    mode: "0644"
    owner: root
--- a/roles/messaging/base/tasks/main.yml
+++ b/roles/messaging/base/tasks/main.yml
@ -36,7 +36,7 @@
  - fedora-messaging

 - name: "Copy fedora messaging ca.crt for readers"
-  ansible.builtin.copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt
+  ansible.builtin.copy: src={{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt
        dest=/etc/pki/rabbitmq/{{ item.username }}/ca.crt
        owner={{ item.username }} group=root mode=0644
  with_items: "{{ messaging.certificates }}"
--- a/roles/mirror_pagure_ansible/tasks/main.yml
+++ b/roles/mirror_pagure_ansible/tasks/main.yml
@ -57,7 +57,7 @@
      owner: mirror_pagure_ansible
      group: mirror_pagure_ansible
      mode: "0600"
-    - src: "{{private}}/files/rabbitmq/production/pki/ca.crt"
+    - src: "{{private}}/files/rabbitmq/production/ca-combined.crt"
      dest: cacert.pem
      owner: mirror_pagure_ansible
      group: mirror_pagure_ansible
--- a/roles/openshift-apps/koschei/templates/admin-config.yml
+++ b/roles/openshift-apps/koschei/templates/admin-config.yml
@ -14,7 +14,7 @@ stringData:
    {{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }}
 data:
  rabbitmq-ca.crt: |
-    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/ca.crt', rstrip=False) | b64encode | indent }}
+    {{ lookup('file', private + '/files/rabbitmq/' + env + '/ca-combined.crt', rstrip=False) | b64encode | indent }}
  rabbitmq-client.crt: |
    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/issued/' + app + env_suffix + '.crt', rstrip=False) | b64encode | indent }}
  rabbitmq-client.key: |
--- a/roles/openshift-apps/koschei/templates/backend-config.yml
+++ b/roles/openshift-apps/koschei/templates/backend-config.yml
@ -14,7 +14,7 @@ stringData:
    {{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }}
 data:
  rabbitmq-ca.crt: |
-    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/ca.crt', rstrip=False) | b64encode | indent }}
+    {{ lookup('file', private + '/files/rabbitmq/' + env + '/ca-combined.crt', rstrip=False) | b64encode | indent }}
  rabbitmq-client.crt: |
    {{ lookup('file', private + '/files/rabbitmq/' + env + '/pki/issued/' + app + env_suffix + '.crt', rstrip=False) | b64encode | indent }}
  rabbitmq-client.key: |
--- a/roles/pagure/tasks/main.yml
+++ b/roles/pagure/tasks/main.yml
@ -308,7 +308,7 @@
      owner: git
      group: root
      mode: "440"
-    - src: "{{private}}/files/rabbitmq/staging/pki/ca.crt"
+    - src: "{{private}}/files/rabbitmq/staging/ca-combined.crt"
      dest: pagure.ca
      owner: git
      group: root
@ -333,7 +333,7 @@
      owner: git
      group: root
      mode: "440"
-    - src: "{{private}}/files/rabbitmq/production/pki/ca.crt"
+    - src: "{{private}}/files/rabbitmq/production/ca-combined.crt"
      dest: pagure.ca
      owner: git
      group: root
--- a/roles/planet/tasks/main.yml
+++ b/roles/planet/tasks/main.yml
@ -303,7 +303,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
    mode: "0644"
    owner: root
--- a/roles/releng/tasks/main.yml
+++ b/roles/releng/tasks/main.yml
@ -376,7 +376,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
    mode: "644"
    owner: apache
--- a/roles/robosignatory/tasks/main.yml
+++ b/roles/robosignatory/tasks/main.yml
@ -117,7 +117,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/cacert.pem
    mode: "0644"
    owner: root
--- a/roles/supybot/tasks/main.yml
+++ b/roles/supybot/tasks/main.yml
@ -116,7 +116,7 @@

 - name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
+    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
    mode: "0644"
    owner: daemon