From a72e70f698729ea120e0cd3576bfa667a17848c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= <jkaluza@redhat.com>
Date: Tue, 22 Oct 2019 08:39:33 +0000
Subject: [PATCH] Copy ODCS rabbitmq certs to /etc/odcs

---
 roles/odcs/base/tasks/main.yml                | 36 +++++++++++++++++++
 .../odcs/base/templates/etc/odcs/config.py.j2 |  6 ++--
 2 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/roles/odcs/base/tasks/main.yml b/roles/odcs/base/tasks/main.yml
index 0f2d5b435c..885ed30eea 100644
--- a/roles/odcs/base/tasks/main.yml
+++ b/roles/odcs/base/tasks/main.yml
@@ -196,3 +196,39 @@
   - odcs
   - odcs/backend
 
+- name: copy the odcs rabbitmq crt.
+  copy:
+    src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt"
+    dest: /etc/odcs/odcs-private-queue.crt
+    owner: odcs
+    group: fedmsg
+    mode: 0640
+  tags:
+  - odcs
+  - odcs/backend
+  - odcs/frontend
+
+- name: copy the odcs rabbitmq key.
+  copy:
+    src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key"
+    dest: /etc/odcs/odcs-private-queue.key
+    owner: odcs
+    group: fedmsg
+    mode: 0640
+  tags:
+  - odcs
+  - odcs/backend
+  - odcs/frontend
+
+- name: copy the odcs rabbitmq CA cert.
+  copy:
+    src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+    dest: /etc/odcs/ca.crt
+    owner: odcs
+    group: fedmsg
+    mode: 0640
+  tags:
+  - odcs
+  - odcs/backend
+  - odcs/frontend
+
diff --git a/roles/odcs/base/templates/etc/odcs/config.py.j2 b/roles/odcs/base/templates/etc/odcs/config.py.j2
index 5cabf930f4..e324f1dc67 100644
--- a/roles/odcs/base/templates/etc/odcs/config.py.j2
+++ b/roles/odcs/base/templates/etc/odcs/config.py.j2
@@ -155,9 +155,9 @@ class ProdConfiguration(BaseConfiguration):
 
     CELERY_BROKER_URL = "amqps://odcs-private-queue{{ env_suffix }}@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/odcs"
     CELERY_CONFIG = {
-        'certfile': "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt",
-        'keyfile': "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key",
-        'ca_certs': "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt",
+        'certfile': "/etc/odcs/odcs-private-queue.crt",
+        'keyfile': "/etc/odcs/odcs-private-queue.key",
+        'ca_certs': "/etc/odcs/ca.crt",
     }
 
 {% if odcs_celery_router_config %}