Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Switch over to use only the dynamically generated fedmsg policy.

Browse source
This commit is contained in:
Ralph Bean 2015-06-12 20:43:52 +00:00
parent 9b6cf8eb4a
commit 18b88b0ea1
1 changed files with 0 additions and 205 deletions
Download patch file Download diff file Expand all files Collapse all files

205
roles/fedmsg/base/templates/policy.py.j2
View file

@ -1,21 +1,3 @@
{% if env == 'staging' %}
suffix = "stg.phx2.fedoraproject.org"
bodhi_hosts = [
"bodhi01.stg.phx2.fedoraproject.org",
]
topic_prefix = "org.fedoraproject.stg."
{% else %}
suffix = "phx2.fedoraproject.org"
# TODO -- think about using the ansible group for this.
bodhi_hosts = [
"bodhi01.phx2.fedoraproject.org",
"bodhi02.phx2.fedoraproject.org",
]
topic_prefix = "org.fedoraproject.prod."
{% endif %}
vpn_suffix = "vpn.fedoraproject.org"
config = dict(
routing_policy={
# The gist here is that only messages signed by the
@ -32,192 +14,7 @@ config = dict(
# therefore, any message bearing that topic and *any* certificate signed
# by our CA may pass validation.
#
topic_prefix + "bodhi.update.request.stable": [
"bodhi-%s" % bodhi_hosts[i-1]
for i in range(1, len(bodhi_hosts) + 1)
],
topic_prefix + "bodhi.update.request.testing": [
"bodhi-%s" % bodhi_hosts[i-1]
for i in range(1, len(bodhi_hosts) + 1)
],
topic_prefix + "bodhi.update.request.unpush": [
"bodhi-%s" % bodhi_hosts[i-1]
for i in range(1, len(bodhi_hosts) + 1)
],
topic_prefix + "bodhi.update.comment": [
"bodhi-%s" % bodhi_hosts[i-1]
for i in range(1, len(bodhi_hosts) + 1)
],
topic_prefix + "bodhi.buildroot_override.tag": [
"bodhi-%s" % bodhi_hosts[i-1]
for i in range(1, len(bodhi_hosts) + 1)
],
topic_prefix + "bodhi.buildroot_override.untag": [
"bodhi-%s" % bodhi_hosts[i-1]
for i in range(1, len(bodhi_hosts) + 1)
],
topic_prefix + "bodhi.mashtask.mashing": [
"bodhi-releng04.%s" % suffix,
"bodhi-relepel01.%s" % suffix,
],
topic_prefix + "bodhi.mashtask.complete": [
"bodhi-releng04.%s" % suffix,
"bodhi-relepel01.%s" % suffix,
],
# This comes from our hook in configs/system/fedora-updates-push
topic_prefix + "bodhi.updates.fedora.sync": [
"ftpsync-releng04.%s" % suffix,
],
# Similarly, this is frome configs/system/fedora-epel-push
topic_prefix + "bodhi.updates.epel.sync": [
"ftpsync-relepel01.%s" % suffix,
],
# Compose (rel-eng) messages (use the bodhi certs)
topic_prefix + "compose.rawhide.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.rawhide.complete": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.rawhide.mash.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.rawhide.mash.complete": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.rawhide.rsync.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.rawhide.rsync.complete": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.complete": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.pungify.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.pungify.complete": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.mash.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.mash.complete": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.rsync.start": [
"bodhi-releng03.%s" % suffix,
],
topic_prefix + "compose.branched.rsync.complete": [
"bodhi-releng03.%s" % suffix,
],
#FAS messages
topic_prefix + "fas.user.create": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.user.update": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.group.edit": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.group.update": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.group.create": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.role.update": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.group.member.remove": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.group.member.sponsor": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
topic_prefix + "fas.group.member.apply": [
"fas-fas0%i.%s" % (i, suffix) for i in range(1, 4)
],
# Git/SCM messages
topic_prefix + "git.receive": [
"scm-pkgs01.%s" % suffix,
],
topic_prefix + "git.lookaside.new": [
"lookaside-pkgs01.%s" % suffix,
],
# Tagger messages
topic_prefix + "fedoratagger.tag.update": [
"fedoratagger-tagger0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "fedoratagger.tag.create": [
"fedoratagger-tagger0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "fedoratagger.user.rank.update": [
"fedoratagger-tagger0%i.%s" % (i, suffix) for i in range(1, 3)
],
# Mediawiki messages
topic_prefix + "wiki.article.edit": [
"mediawiki-wiki0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "wiki.upload.complete": [
"mediawiki-wiki0%i.%s" % (i, suffix) for i in range(1, 3)
],
# Pkgdb messages
topic_prefix + "pkgdb.acl.update": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.acl.request.toggle": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.acl.user.remove": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.owner.update": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.package.new": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.package.update": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.package.retire": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
topic_prefix + "pkgdb.critpath.update": [
"pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3)
],
# Planet/venus
topic_prefix + "planet.post.new": [
"planet-people03.vpn.fedoraproject.org",
],
# Supybot/meetbot
topic_prefix + "meetbot.meeting.start": [
"supybot-value01.%s" % suffix,
],
# When implemented, only @spot and @mattdm can use this one
topic_prefix + "announce.announcement": [
"announce-lockbox01.phx2.fedoraproject.org",
],
{% if env == 'staging' %}
# ** policy dynamically generated from inventory vars
# See ansible/filter_plugins/fedmsg.py for this inversion filter.
{% for topic, certs in groups | invert_fedmsg_policy(hostvars, env) %}
@ -227,7 +24,5 @@ config = dict(
{% endfor %}
],
{% endfor %}
{% endif %}
},
)