#7710 [fedora-messaging] Generate keypair for retrace.fedoraproject.org
Closed: Fixed 4 months ago by kevin. Opened 4 months ago by mkutlak.

We (retrace.fedoraproject.org) seem to be missing a necessary certificate/key to connect to the rabbitmq /pubsub to publish fedora-messaging messages to faf queue.

Can someone create a pair for us?

So we can add them [tls] section in /etc/fedora-messaging/config.toml.


So, to be clear:

  • You need/want only production certs, not staging

  • The service is actually 'faf' so, we should name the cert 'faf' (In fedmsg we named certs for sending machine, but with fedora-messaging we are doing a cert per service)

Metadata Update from @kevin:
- Issue assigned to kevin
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: authentication

4 months ago

You need/want only production certs, not staging

Yes, production certs only.

The service is actually 'faf' so, we should name the cert 'faf' (In fedmsg we named certs for sending machine, but with fedora-messaging we are doing a cert per service)

Yes, the service should be called 'faf'.

@mkutlak Any news here?

Is there anything that I should do?

Done. The cert can be referred from ansible with:

"{{private}}/files/rabbitmq/{{env}}/pki/issued/faf.crt"
"{{private}}/files/rabbitmq/{{env}}/pki/private/faf.key"
"{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"

Let us know if you need anything else.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 months ago

Login to comment on this ticket.

Metadata