Add logging role

This installs configuration and certificates to enable sending messages to the bus using fedora-messaging. Signed-off-by: Nils Philippsen <nils@redhat.com>
2026-03-20 03:57:02 +08:00 · 2021-07-23 12:29:13 +02:00
parent 15d5b3c80e
commit dc86a465e9
3 changed files with 79 additions and 0 deletions
--- a/roles/logging/tasks/main.yml
+++ b/roles/logging/tasks/main.yml
@@ -0,0 +1,60 @@
+---
+- name: Create /etc/pki/fedora-messaging
+  file:
+    dest: /etc/pki/fedora-messaging
+    mode: 0775
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - config
+  - logging
+  - fedora-messaging
+
+- name: Deploy the fedora-messaging CA
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt"
+    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
+    mode: 0644
+    owner: root
+    group: root
+  tags:
+  - config
+  - logging
+  - fedora-messaging
+
+- name: Deploy the fedora-messaging cert
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/issued/logging{{ env_suffix }}.crt"
+    dest: /etc/pki/fedora-messaging/logging.crt
+    mode: 0644
+    owner: root
+    group: root
+  tags:
+  - config
+  - logging
+  - fedora-messaging
+
+- name: Deploy the fedora-messaging key
+  copy:
+    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/private/logging{{ env_suffix }}.key"
+    dest: /etc/pki/fedora-messaging/logging.key
+    mode: 0600
+    owner: root
+    group: root
+  tags:
+  - config
+  - logging
+  - fedora-messaging
+
+- name: Install fedora-messaging config
+  template:
+    src: fedora-messaging.toml.j2
+    dest: /etc/fedora-messaging/config.toml
+    owner: root
+    group: root
+    mode: 0600
+  tags:
+  - config
+  - logging
+  - fedora-messaging
--- a/roles/logging/templates/fedora-messaging.toml.j2
+++ b/roles/logging/templates/fedora-messaging.toml.j2
@@ -0,0 +1,18 @@
+amqp_url = "amqps://logging{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+publish_exchange = "amq.topic"
+passive_declares = true
+
+[tls]
+ca_cert = "/etc/pki/fedora-messaging/rabbitmq-ca.crt"
+keyfile = "/etc/pki/fedora-messaging/logging.key"
+certfile = "/etc/pki/fedora-messaging/logging.crt"
+
+[client_properties]
+app = "logging"