From dc86a465e9daa6a1e8245626e73b93bf4bca3cea Mon Sep 17 00:00:00 2001 From: Nils Philippsen Date: Jul 23 2021 11:06:23 +0000 Subject: Add logging role This installs configuration and certificates to enable sending messages to the bus using fedora-messaging. Signed-off-by: Nils Philippsen --- diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 39ec679..76ded5e 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -32,6 +32,7 @@ # Set up for fedora-messaging - role: rabbit/user username: "logging{{ env_suffix }}" + - logging pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/roles/logging/tasks/main.yml b/roles/logging/tasks/main.yml new file mode 100644 index 0000000..db2771d --- /dev/null +++ b/roles/logging/tasks/main.yml @@ -0,0 +1,60 @@ +--- +- name: Create /etc/pki/fedora-messaging + file: + dest: /etc/pki/fedora-messaging + mode: 0775 + owner: root + group: root + state: directory + tags: + - config + - logging + - fedora-messaging + +- name: Deploy the fedora-messaging CA + copy: + src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt" + dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt + mode: 0644 + owner: root + group: root + tags: + - config + - logging + - fedora-messaging + +- name: Deploy the fedora-messaging cert + copy: + src: "{{ private }}/files/rabbitmq/{{ env }}/pki/issued/logging{{ env_suffix }}.crt" + dest: /etc/pki/fedora-messaging/logging.crt + mode: 0644 + owner: root + group: root + tags: + - config + - logging + - fedora-messaging + +- name: Deploy the fedora-messaging key + copy: + src: "{{ private }}/files/rabbitmq/{{ env }}/pki/private/logging{{ env_suffix }}.key" + dest: /etc/pki/fedora-messaging/logging.key + mode: 0600 + owner: root + group: root + tags: + - config + - logging + - fedora-messaging + +- name: Install fedora-messaging config + template: + src: fedora-messaging.toml.j2 + dest: /etc/fedora-messaging/config.toml + owner: root + group: root + mode: 0600 + tags: + - config + - logging + - fedora-messaging diff --git a/roles/logging/templates/fedora-messaging.toml.j2 b/roles/logging/templates/fedora-messaging.toml.j2 new file mode 100644 index 0000000..66cd96e --- /dev/null +++ b/roles/logging/templates/fedora-messaging.toml.j2 @@ -0,0 +1,18 @@ +amqp_url = "amqps://logging{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +publish_exchange = "amq.topic" +passive_declares = true + +[tls] +ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt" +keyfile = "/etc/pki/fedora-messaging/logging.key" +certfile = "/etc/pki/fedora-messaging/logging.crt" + +[client_properties] +app = "logging"