#7948 please generate the fedmsg/fedora-messaging keys for copr-be-dev
Closed: Fixed 7 months ago by kevin. Opened 8 months ago by praiskup.

per #fedora-admin chat:
<praiskup> can anyone answer whether copr-fe-dev has fedmsg certificate generated in /srv/private, and if how it is named?
<mizdebsk> praiskup, i can only see copr-be prod certs

Even though we now try to migrate to fedora-messaging, I'd like to be able to test that the transition works fine on the fedmsg<->amqp proxies on staging first.

I'm not able to check that, but if that box doesn't have fedora-messaging keys yet, It would be nice to have those as well (including copr-be (prod) as well). edit: fedora-messaging is fine (as long as it is OK to use copr certificates both on frontend/backend.

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: authentication

8 months ago

Yeah, do you still need/want fedmsg certs here? fedmsg certs are per host, but fedora-messaging uses the model of per service (with prod and stg seperate).

Let us know what you need at this point...

yes, I'd like to have fedmsg certs there for devel as well, at least for some temporary testing

ok. I have created a 'copr-be-dev.stg' cert for the staging bus. You can refer to it from ansible with:

"{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
"{{ private }}/files/rabbitmq/{{env}}/pki/issued/copr-be-devi{{env_suffix}}.crt"
"{{ private }}/files/rabbitmq/{{env}}/pki/private/copr-be-dev{{env_suffix}}.key"

Let us know if you need anything further.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 months ago

Login to comment on this ticket.