per #fedora-admin chat: <praiskup> can anyone answer whether copr-fe-dev has fedmsg certificate generated in /srv/private, and if how it is named? <mizdebsk> praiskup, i can only see copr-be prod certs
Even though we now try to migrate to fedora-messaging, I'd like to be able to test that the transition works fine on the fedmsg<->amqp proxies on staging first.
I'm not able to check that, but if that box doesn't have fedora-messaging keys yet, It would be nice to have those as well (including copr-be (prod) as well). edit: fedora-messaging is fine (as long as it is OK to use copr certificates both on frontend/backend.
copr-be
copr
Metadata Update from @mizdebsk: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: authentication
Yeah, do you still need/want fedmsg certs here? fedmsg certs are per host, but fedora-messaging uses the model of per service (with prod and stg seperate).
Let us know what you need at this point...
yes, I'd like to have fedmsg certs there for devel as well, at least for some temporary testing
ok. I have created a 'copr-be-dev.stg' cert for the staging bus. You can refer to it from ansible with:
"{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt" "{{ private }}/files/rabbitmq/{{env}}/pki/issued/copr-be-devi{{env_suffix}}.crt" "{{ private }}/files/rabbitmq/{{env}}/pki/private/copr-be-dev{{env_suffix}}.key"
Let us know if you need anything further.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Thank you!
Login to comment on this ticket.