From 134f77da5b2c3b44d91afcaa0690f9e2e24cace7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Tue, 7 May 2024 17:35:33 +0200
Subject: [PATCH] Add a cron job to expose the rabbitmq certs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/batcave/files/make-rabbitmq-certs-public.sh | 13 +++++++++++++
 roles/batcave/tasks/main.yml                      | 11 +++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/batcave/files/make-rabbitmq-certs-public.sh

diff --git a/roles/batcave/files/make-rabbitmq-certs-public.sh b/roles/batcave/files/make-rabbitmq-certs-public.sh
new file mode 100644
index 0000000000..a6e61b2e72
--- /dev/null
+++ b/roles/batcave/files/make-rabbitmq-certs-public.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+BASE_SRC_DIR=/srv/private/ansible/files/rabbitmq
+BASE_DEST_DIR=/var/cache/rabbitmq-certs
+
+set -e
+
+for env in staging production; do
+        dest_dir=${BASE_DEST_DIR}/${env}
+        mkdir -p ${dest_dir}
+        cp -a ${BASE_SRC_DIR}/${env}/pki/issued/*.crt ${dest_dir}/
+        chmod 644 ${dest_dir}/*.crt
+done
diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index 30d9f725f3..18cdc396fa 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -88,6 +88,17 @@
   - batcave
   - config
   when: inventory_hostname.startswith('batcave01')
+
+- name: setup cron to expose the rabbitmq certs
+  copy:
+    src: make-rabbitmq-certs-public.sh
+    dest: /etc/cron.daily/make-rabbitmq-certs-public
+    mode: 0755
+  tags:
+  - batcave
+  - config
+  when: inventory_hostname.startswith('batcave01')
+
 #
 # Set selinux booleans we need
 #