ansible/roles/fedmsg/base/templates/ssl.py.j2

config = dict(
    sign_messages=True,
    validate_signatures=True,
    ssldir="/etc/pki/fedmsg",

    {% if env == 'staging' %}
    crl_location="https://stg.fedoraproject.org/fedmsg/crl.pem",
    {% else %}
    crl_location="https://fedoraproject.org/fedmsg/crl.pem",
    {% endif %}
    crl_cache="/var/run/fedmsg/crl.pem",
    crl_cache_expiry=86400,  # Daily

    certnames=dict([
    # This is the set of certs for this host, dynamically generated from the
    # ``fedmsg_certs`` host vars
    {% for cert in fedmsg_certs %}
    ("{{cert.get('alias', cert['service'])}}.{{inventory_hostname_short}}", "{{cert['service']}}-{{fedmsg_fqdn | default(ansible_fqdn)}}"),
    {% endfor %}
] + [
        # This is the beginning of the static list.  We should eventually remove
        # this.
        ("git.hosted03", "git-hosted03.vpn.fedoraproject.org"),
        ("git.hosted04", "git-hosted04.vpn.fedoraproject.org"),
        ("trac.hosted03", "trac-hosted03.vpn.fedoraproject.org"),
        ("trac.hosted04", "trac-hosted04.vpn.fedoraproject.org"),
        ("shell.hosted03", "shell-hosted03.vpn.fedoraproject.org"),
        ("shell.hosted04", "shell-hosted04.vpn.fedoraproject.org"),
    ] + [
        ("shell.anitya-frontend01", "shell-anitya-frontend01.vpn.fedoraproject.org"),
        ("anitya.anitya-frontend01", "anitya-anitya-frontend01.vpn.fedoraproject.org"),
        ("shell.anitya-backend01", "shell-anitya-backend01.vpn.fedoraproject.org"),
        ("anitya.anitya-backend01", "anitya-anitya-backend01.vpn.fedoraproject.org"),

        # FAF/retrace is on the qa network and talks to an inbound relay.
        ("shell.retrace01", "shell-retrace01.qa.fedoraproject.org"),
        ("shell.retrace02", "shell-retrace02.qa.fedoraproject.org"),
        ("faf.retrace01", "faf-retrace01.qa.fedoraproject.org"),
        ("faf.retrace02", "faf-retrace02.qa.fedoraproject.org"),

        # This is for the copr backend, which is a little different.  The
        # "cert-prefix" is just "copr", and is hardcoded in
        # backend/dispatcher.py.  The hostname is also a little different,
        # since it is an openstack node.  This might be a little fragile.  :/
        # See https://github.com/fedora-infra/fedmsg/issues/199 for the plan.
        ("copr.dhcp-client03", "copr-copr-be.cloud.fedoraproject.org"),
        ("copr.copr-be-i-00000407", "copr-copr-be.cloud.fedoraproject.org"),
        ("copr.copr-be", "copr-copr-be.cloud.fedoraproject.org"),

        # Jenkins, also being a cloud node, is weird.  Like copr.
        ("shell.jenkins-master-unknown", "shell-jenkins.fedorainfracloud.org"),
        ("jenkins.jenkins-master-unknown", "jenkins-jenkins.fedorainfracloud.org"),
    ]),
)
First stab at a fedmsg base and hub tasks 2013-06-07 20:01:23 +00:00			`config = dict(`
			`sign_messages=True,`
			`validate_signatures=True,`
			`ssldir="/etc/pki/fedmsg",`

Get the fedmsg crl directly from proxy01.stg in staging. 2014-05-27 19:31:01 +00:00			`{% if env == 'staging' %}`
Use the stg crl location for fedmsg in staging. 2015-01-13 20:51:35 +00:00			`crl_location="https://stg.fedoraproject.org/fedmsg/crl.pem",`
Get the fedmsg crl directly from proxy01.stg in staging. 2014-05-27 19:31:01 +00:00			`{% else %}`
First stab at a fedmsg base and hub tasks 2013-06-07 20:01:23 +00:00			`crl_location="https://fedoraproject.org/fedmsg/crl.pem",`
Get the fedmsg crl directly from proxy01.stg in staging. 2014-05-27 19:31:01 +00:00			`{% endif %}`
First stab at a fedmsg base and hub tasks 2013-06-07 20:01:23 +00:00			`crl_cache="/var/run/fedmsg/crl.pem",`
			`crl_cache_expiry=86400, # Daily`

Try declaring fedmsg certs automatically from our host vars. 2015-06-17 15:59:58 +00:00			`certnames=dict([`
			`# This is the set of certs for this host, dynamically generated from the`
			# ``fedmsg_certs`` host vars
			`{% for cert in fedmsg_certs %}`
Allow a fedmsg cert alias for mm-backend. 2015-07-06 14:53:44 +00:00			`("{{cert.get('alias', cert['service'])}}.{{inventory_hostname_short}}", "{{cert['service']}}-{{fedmsg_fqdn \| default(ansible_fqdn)}}"),`
Try declaring fedmsg certs automatically from our host vars. 2015-06-17 15:59:58 +00:00			`{% endfor %}`
Allow a fedmsg cert alias for mm-backend. 2015-07-06 14:53:44 +00:00			`] + [`
Try declaring fedmsg certs automatically from our host vars. 2015-06-17 15:59:58 +00:00			`# This is the beginning of the static list. We should eventually remove`
			`# this.`
Remove most of the static fedmsg cert declarations now that we can generate them from inventory vars. 2015-06-30 16:13:03 +00:00			`("git.hosted03", "git-hosted03.vpn.fedoraproject.org"),`
			`("git.hosted04", "git-hosted04.vpn.fedoraproject.org"),`
			`("trac.hosted03", "trac-hosted03.vpn.fedoraproject.org"),`
			`("trac.hosted04", "trac-hosted04.vpn.fedoraproject.org"),`
			`("shell.hosted03", "shell-hosted03.vpn.fedoraproject.org"),`
			`("shell.hosted04", "shell-hosted04.vpn.fedoraproject.org"),`
First stab at a fedmsg base and hub tasks 2013-06-07 20:01:23 +00:00			`] + [`
Rename the anitya fedmsg certs. 2015-06-12 23:10:42 +00:00			`("shell.anitya-frontend01", "shell-anitya-frontend01.vpn.fedoraproject.org"),`
			`("anitya.anitya-frontend01", "anitya-anitya-frontend01.vpn.fedoraproject.org"),`
			`("shell.anitya-backend01", "shell-anitya-backend01.vpn.fedoraproject.org"),`
			`("anitya.anitya-backend01", "anitya-anitya-backend01.vpn.fedoraproject.org"),`
Declare fedmsg certs for anitya. 2014-09-10 16:38:42 +00:00
Fedmsg config for retrace. 2015-04-28 12:43:59 +00:00			`# FAF/retrace is on the qa network and talks to an inbound relay.`
			`("shell.retrace01", "shell-retrace01.qa.fedoraproject.org"),`
			`("shell.retrace02", "shell-retrace02.qa.fedoraproject.org"),`
			`("faf.retrace01", "faf-retrace01.qa.fedoraproject.org"),`
			`("faf.retrace02", "faf-retrace02.qa.fedoraproject.org"),`

Use correct cert-prefix and hostname for copr-be fedmsg cert declaration. 2013-11-08 14:58:28 +00:00			`# This is for the copr backend, which is a little different. The`
			`# "cert-prefix" is just "copr", and is hardcoded in`
			`# backend/dispatcher.py. The hostname is also a little different,`
			`# since it is an openstack node. This might be a little fragile. :/`
Add link to upstream ticket in a comment. 2013-11-08 18:59:52 +00:00			`# See https://github.com/fedora-infra/fedmsg/issues/199 for the plan.`
Add new copr-be hostname. 2014-06-25 20:03:36 +00:00			`("copr.dhcp-client03", "copr-copr-be.cloud.fedoraproject.org"),`
Use correct cert-prefix and hostname for copr-be fedmsg cert declaration. 2013-11-08 14:58:28 +00:00			`("copr.copr-be-i-00000407", "copr-copr-be.cloud.fedoraproject.org"),`
Fix copr fedmsg cert name. 2014-01-29 21:16:33 +00:00			`("copr.copr-be", "copr-copr-be.cloud.fedoraproject.org"),`
Base fedmsg setup for jenkins. 2014-07-10 18:41:14 +00:00
			`# Jenkins, also being a cloud node, is weird. Like copr.`
Adjust jenkins fedmsg config 2015-08-26 16:38:54 +00:00			`("shell.jenkins-master-unknown", "shell-jenkins.fedorainfracloud.org"),`
			`("jenkins.jenkins-master-unknown", "jenkins-jenkins.fedorainfracloud.org"),`
First stab at a fedmsg base and hub tasks 2013-06-07 20:01:23 +00:00			`]),`
			`)`