Make roles out of sigul, and update configs

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-09-12 23:18:08 +00:00 · 2016-09-12 23:18:08 +00:00 · 08b2be4a61
commit 08b2be4a61
parent c38b06b439
13 changed files with 76 additions and 159 deletions
--- a/files/sign/bridge.conf.j2
+++ b/files/sign/bridge.conf.j2
@ -1,30 +0,0 @@
-# This is a configuration for the sigul bridge.
-
-[bridge]
-# Nickname of the bridge's certificate in the NSS database specified below
-bridge-cert-nickname: sign-bridge1 - Fedora Project
-# Port on which the bridge expects client connections
-client-listen-port: 44334
-# Port on which the bridge expects server connections
-server-listen-port: 44333
-# A Fedora account system group required for access to the signing server.  If
-# empty, no Fedora account check is done.
-required-fas-group: signers
-# User name and password for an account on the Fedora account system that can
-# be used to verify group memberships
-fas-user-name: {{ fedoraDummyUser }}
-fas-password: {{ fedoraDummyUserPassword }}
-
-[daemon]
-# The user to run as
-unix-user: sigul
-# The group to run as
-unix-group: sigul
-
-[nss]
-# Path to a directory containing a NSS database
-nss-dir: /var/lib/sigul
-# Password for accessing the NSS database.  If not specified, the bridge will
-# ask on startup
-# Currently no password is used
-nss-password:
--- a/files/sign/bridge.conf.secondary.j2
+++ b/files/sign/bridge.conf.secondary.j2
@ -1,45 +0,0 @@
-# This is a configuration for the sigul bridge.
-#
-[bridge]
-# Nickname of the bridge's certificate in the NSS database specified below
-bridge-cert-nickname: secondary-signer
-# Port on which the bridge expects client connections
-client-listen-port: 44334
-# Port on which the bridge expects server connections
-server-listen-port: 44333
-# A Fedora account system group required for access to the signing server.  If
-# empty, no Fedora account check is done.
-; required-fas-group:
-# User name and password for an account on the Fedora account system that can
-# be used to verify group memberships
-; fas-user-name:
-; fas-password:
-#
-[koji]
-# Config file used to connect to the Koji hub
-# ; koji-config: ~/.koji/config
-# # Recognized alternative instances
-koji-instances: ppc s390 arm sparc
-#
-# # Example configuration of alternative instances:
-# # koji-instances: ppc64 s390
-# # Configuration paths for alternative instances:
-koji-config-ppc: /etc/koji-ppc.conf
-koji-config-s390: /etc/koji-s390.conf
-koji-config-arm: /etc/koji-arm.conf
-koji-config-sparc: /etc/koji-sparc.conf
-#
-#
-[daemon]
-# The user to run as
-unix-user: sigul
-# The group to run as
-unix-group: sigul
-#
-[nss]
-# Path to a directory containing a NSS database
-nss-dir: /var/lib/sigul
-# Password for accessing the NSS database.  If not specified, the bridge will
-# ask on startup
-# Currently no password is used
-nss-password:
--- a/files/sign/builder-rpms.repo
+++ b/files/sign/builder-rpms.repo
@ -1,6 +0,0 @@
-[builder-rpms]
-name=Builder Packages from Fedora Infrastructure $releasever - $basearch
-baseurl=http://infrastructure.fedoraproject.org/repo/builder-rpms/$releasever/$basearch/
-enabled=1
-gpgcheck=1
-gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE
--- a/files/sign/koji-arm.conf
+++ b/files/sign/koji-arm.conf
@ -1,27 +0,0 @@
-[koji]
-
-;configuration for koji cli tool
-
-;url of XMLRPC server
-server = http://arm.koji.fedoraproject.org/kojihub
-
-;url of web interface
-weburl = http://arm.koji.fedoraproject.org/koji
-
-;url of package download site
-topurl = http://armpkgs.fedoraproject.org/
-
-;path to the koji top directory
-;topdir = /mnt/koji
-
-;configuration for SSL athentication
-
-;client certificate
-cert = ~/.fedora.cert
-
-;certificate of the CA that issued the client certificate
-ca = ~/.fedora-upload-ca.cert
-
-;certificate of the CA that issued the HTTP server certificate
-serverca = ~/.fedora-server-ca.cert
-
--- a/files/sign/koji-ppc.conf
+++ b/files/sign/koji-ppc.conf
@ -1,27 +0,0 @@
-[koji]
-
-;configuration for koji cli tool
-
-;url of XMLRPC server
-server = http://ppc.koji.fedoraproject.org/kojihub
-
-;url of web interface
-weburl = http://ppc.koji.fedoraproject.org/koji
-
-;url of package download site
-topurl = http://ppc.koji.fedoraproject.org/
-
-;path to the koji top directory
-;topdir = /mnt/koji
-
-;configuration for SSL athentication
-
-;client certificate
-cert = ~/.fedora.cert
-
-;certificate of the CA that issued the client certificate
-ca = ~/.fedora-upload-ca.cert
-
-;certificate of the CA that issued the HTTP server certificate
-serverca = ~/.fedora-server-ca.cert
-
--- a/files/sign/koji-s390.conf
+++ b/files/sign/koji-s390.conf
@ -1,27 +0,0 @@
-[koji]
-
-;configuration for koji cli tool
-
-;url of XMLRPC server
-server = http://s390.koji.fedoraproject.org/kojihub
-
-;url of web interface
-weburl = http://s390.koji.fedoraproject.org/koji
-
-;url of package download site
-topurl = http://s390pkgs.fedoraproject.org/
-
-;path to the koji top directory
-;topdir = /mnt/koji
-
-;configuration for SSL athentication
-
-;client certificate
-cert = ~/.fedora.cert
-
-;certificate of the CA that issued the client certificate
-ca = ~/.fedora-upload-ca.cert
-
-;certificate of the CA that issued the HTTP server certificate
-serverca = ~/.fedora-server-ca.cert
-
--- a/files/sign/server.conf.primary
+++ b/files/sign/server.conf.primary
@ -1,46 +0,0 @@
-# This is a configuration for the sigul server.
-
-[server]
-# Host name of the publically acessible bridge to clients
-bridge-hostname: sign-bridge1
-# Port on which the bridge expects server connections
-bridge-port: 44333
-# Maximum accepted size of payload stored on disk
-max-file-payload-size: 2073741824
-# Maximum accepted size of payload stored in server's memory
-max-memory-payload-size: 1048576
-# Nickname of the server's certificate in the NSS database specified below
-server-cert-nickname: sign-vault1 - Fedora Project
-
-[database]
-# Path to a directory containing a SQLite database
-;database-path: /var/lib/sigul
-
-[gnupg]
-# Path to a directory containing GPG configuration and keyrings
-gnupg-home: /var/lib/sigul/gnupg
-# Default primary key type for newly created keys
-gnupg-key-type: RSA
-# Default primary key length for newly created keys
-gnupg-key-length: 4096
-# Default subkey type for newly created keys, empty for no subkey
-gnupg-subkey-type:
-# Default subkey length for newly created keys if gnupg-subkey-type is not empty
-; gnupg-subkey-length: 2048
-# Default key usage flags for newly created keys
-gnupg-key-usage: encrypt, sign
-# Length of key passphrases used for newsly created keys
-passphrase-length: 64
-
-[daemon]
-# The user to run as
-unix-user: sigul
-# The group to run as
-unix-group: sigul
-
-[nss]
-# Path to a directory containing a NSS database
-nss-dir: /var/lib/sigul
-# Password for accessing the NSS database.  If not specified, the server will
-# ask on startup
-; nss-password is not specified by default
--- a/files/sign/server.conf.secondary
+++ b/files/sign/server.conf.secondary
@ -1,51 +0,0 @@
-# This is a configuration for the sigul server.
-
-# FIXME: remove my data
-
-[server]
-# Host name of the publically acessible bridge to clients
-bridge-hostname: secondary-signer
-# Port on which the bridge expects server connections
-; bridge-port: 44333
-# Maximum accepted size of payload stored on disk
-max-file-payload-size: 2073741824
-# Maximum accepted size of payload stored in server's memory
-max-memory-payload-size: 1048576
-# Nickname of the server's certificate in the NSS database specified below
-server-cert-nickname: secondary-signer-server
-
-signing-timeout: 4000
-
-[database]
-# Path to a SQLite database
-; database-path: /var/lib/sigul/server.conf
-
-[gnupg]
-# Path to a directory containing GPG configuration and keyrings
-gnupg-home: /var/lib/sigul/gnupg
-# Default primary key type for newly created keys
-gnupg-key-type: RSA
-# Default primary key length for newly created keys
-gnupg-key-length: 4096
-# Default subkey type for newly created keys, empty for no subkey
-#gnupg-subkey-type: ELG-E
-# Default subkey length for newly created keys if gnupg-subkey-type is not empty
-# gnupg-subkey-length: 4096
-# Default key usage flags for newly created keys
-gnupg-key-usage: encrypt, sign
-# Length of key passphrases used for newsly created keys
-; passphrase-length: 64
-
-[daemon]
-# The user to run as
-unix-user: sigul
-# The group to run as
-unix-group: sigul
-
-[nss]
-# Path to a directory containing a NSS database
-nss-dir: /var/lib/sigul
-# Password for accessing the NSS database.  If not specified, the server will
-# ask on startup
-; nss-password is not specified by default
-